VIRUS GRAVE [Résolu]

Réponse 1 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

On va s'occuper de Vundo.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt

valerie67 Messages postés 257 Statut Membre 5

bonsoir,
ComboFix 08-10-19.04 - valerie 2008-10-21 19:43:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1007 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\valerie\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\WINDOWS\epgb.exe
C:\WINDOWS\grfxbanonlm.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\byXPJBTk.dll
C:\WINDOWS\system32\cxpvgf.dll
C:\WINDOWS\system32\gjunpegs.ini
C:\WINDOWS\system32\hgGVnkkJ.dll
C:\WINDOWS\system32\hmopvnfh.dll
C:\WINDOWS\system32\khfFXpPh.dll
C:\WINDOWS\system32\kulhje.dll
C:\WINDOWS\system32\mgrrfpqu.ini
C:\WINDOWS\system32\mndfrary.dll
C:\WINDOWS\system32\MnnWDJjl.ini
C:\WINDOWS\system32\MnnWDJjl.ini2
C:\WINDOWS\system32\oyoxvuqv.dll
C:\WINDOWS\system32\sDJTwyxx.ini
C:\WINDOWS\system32\sDJTwyxx.ini2
C:\WINDOWS\system32\umbjwv.dll
C:\WINDOWS\system32\vquvxoyo.ini
C:\WINDOWS\system32\vtUkjgdc.dll
C:\WINDOWS\system32\wkhfguxk.dll
C:\WINDOWS\system32\xxywTJDs.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-21 14:46 . 2008-10-21 14:48 <REP> d-------- C:\Program Files\ma-config.com
2008-10-21 14:46 . 2008-10-21 14:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-10-21 07:24 . 2008-10-21 10:37 916 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-20 20:07 . 2008-10-20 20:35 210 --a------ C:\WINDOWS\wininit.ini
2008-10-20 19:09 . 2008-10-20 23:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-20 12:14 . 2008-10-20 12:52 <REP> d-------- C:\Documents and Settings\valerie\Application Data\Winamp
2008-10-20 10:23 . 2006-11-11 05:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-10-20 10:20 . 2008-10-20 10:20 <REP> d-------- C:\Documents and Settings\valerie\Application Data\HP
2008-10-20 10:18 . 2006-05-05 06:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-10-20 10:18 . 2006-05-05 06:18 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-10-20 10:18 . 2006-05-05 06:18 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-10-20 10:18 . 2006-03-28 17:55 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-10-20 10:18 . 2006-03-28 17:55 55,808 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-10-20 10:18 . 2006-05-05 06:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-10-20 10:15 . 2008-10-20 10:15 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-10-20 09:05 . 2008-10-20 09:06 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-10-20 09:03 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-10-20 08:09 . 2008-10-20 08:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
2008-10-20 08:08 . 2008-10-20 08:08 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-10-20 08:08 . 2007-05-02 12:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-20 08:08 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-10-20 08:08 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-20 08:08 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-20 08:08 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-20 08:07 . 2007-05-02 10:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-10-20 08:07 . 2007-05-02 11:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-10-20 08:07 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-20 08:07 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-20 08:07 . 2007-05-02 11:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-10-20 08:07 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-20 08:07 . 2008-04-13 20:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-20 08:01 . 2008-10-21 17:26 <REP> d-------- C:\Documents and Settings\valerie\Application Data\HPAppData
2008-10-20 08:01 . 2008-10-20 08:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HPSSUPPLY
2008-10-20 08:00 . 2008-10-20 08:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Product Assistant
2008-10-20 08:00 . 2008-10-20 08:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-10-20 07:57 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-20 07:57 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-20 07:56 . 2008-10-20 14:55 162,994 --a------ C:\WINDOWS\hpoins21.dat
2008-10-20 07:56 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-10-20 07:24 . 2008-10-20 07:43 <REP> d-------- C:\Documents and Settings\valerie\Contacts
2008-10-20 07:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-20 07:20 . 2008-10-20 07:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-10-20 07:12 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-20 00:00 . 2008-04-13 20:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-10-19 23:59 . 2008-04-14 04:34 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-10-19 23:59 . 2008-04-14 04:34 129,536 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-10-19 23:59 . 2008-04-14 04:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-19 23:58 . 2008-04-14 03:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-19 23:58 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-19 23:57 . 2008-04-14 04:33 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-19 23:57 . 2008-04-14 04:03 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-10-19 23:55 . 2008-10-20 07:27 877,168 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-19 23:55 . 2008-10-19 22:16 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-10-19 23:54 . 2008-10-19 22:12 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-10-19 23:54 . 2008-10-19 23:54 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-10-19 23:54 . 2008-10-20 08:00 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-10-19 23:54 . 2008-10-19 22:13 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-10-19 23:54 . 2008-10-20 12:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-10-19 23:53 . 2008-10-19 22:24 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-10-19 23:53 . 2008-10-19 22:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-10-19 23:51 . 2008-10-19 22:18 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-10-19 23:46 . 2008-10-19 23:46 <REP> d-------- C:\Documents and Settings\valerie\Application Data\vlc
2008-10-19 23:27 . 2008-10-19 23:27 <REP> d-------- C:\Documents and Settings\valerie\Application Data\MSNInstaller
2008-10-19 23:26 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-19 23:26 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-19 23:26 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-19 23:26 . 2008-08-14 12:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-19 23:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-19 23:10 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-19 23:10 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-19 22:39 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-19 22:37 . 2008-10-03 19:12 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-19 22:37 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-19 22:37 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-19 22:37 . 2008-08-26 10:11 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-19 22:37 . 2008-08-26 10:11 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-19 22:37 . 2008-08-26 10:11 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-19 22:37 . 2008-08-26 10:11 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-19 22:37 . 2008-08-26 10:11 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-19 22:37 . 2008-08-25 10:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-19 22:25 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\valerie\Voisinage réseau
2008-10-19 22:25 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\valerie\Voisinage d'impression
2008-10-19 22:25 . 2008-10-19 22:12 <REP> d--h----- C:\Documents and Settings\valerie\Modèles
2008-10-19 22:25 . 2008-10-21 14:46 <REP> dr------- C:\Documents and Settings\valerie\Mes documents
2008-10-19 22:25 . 2008-10-19 23:54 <REP> dr------- C:\Documents and Settings\valerie\Menu Démarrer
2008-10-19 22:25 . 2008-10-20 06:32 <REP> d-------- C:\Documents and Settings\valerie\Favoris
2008-10-19 22:25 . 2008-10-21 19:33 <REP> d-------- C:\Documents and Settings\valerie\Bureau
2008-10-19 22:25 . 2008-10-21 13:38 <REP> d-------- C:\Documents and Settings\valerie
2008-10-19 22:24 . 2008-10-19 22:24 13,588 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-19 22:21 . 2008-10-19 22:21 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT
2008-10-19 22:20 . 2008-10-19 22:20 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT
2008-10-19 22:20 . 2008-10-19 22:20 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-10-19 22:17 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-19 22:16 . 2008-10-20 12:16 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-10-19 22:16 . 2008-10-19 22:16 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-19 22:16 . 2008-10-19 22:16 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-19 22:16 . 2008-10-19 23:18 3,121 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-10-19 22:16 . 2008-10-19 22:16 0 --a------ C:\WINDOWS\control.ini
2008-10-19 22:15 . 2008-10-20 12:15 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-19 22:15 . 2008-10-19 22:15 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-10-19 22:15 . 2008-10-19 22:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-19 22:13 . 2008-04-14 04:33 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2008-10-19 22:13 . 2008-04-14 04:33 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2008-10-19 22:13 . 2008-04-14 04:33 194,560 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-10-19 22:13 . 2008-04-14 04:33 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2008-10-19 22:13 . 2008-04-14 04:33 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2008-10-19 22:13 . 2008-04-14 04:33 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2008-10-19 22:13 . 2008-10-19 22:13 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-10-19 22:13 . 2008-04-14 04:34 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2008-10-19 22:13 . 2008-10-19 22:13 37 --a------ C:\WINDOWS\vbaddin.ini
2008-10-19 22:13 . 2008-10-19 22:13 36 --a------ C:\WINDOWS\vb.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 11:37 --------- d-----w C:\Program Files\CCleaner
2008-10-21 10:19 --------- d-----w C:\Program Files\fullanimes.free.fr
2008-10-20 17:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-20 10:39 --------- d-----w C:\Program Files\Winamp
2008-10-20 09:31 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-10-20 08:17 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-10-20 05:27 --------- d-----w C:\Program Files\Windows Live
2008-10-06 14:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-01 13:38 --------- d-----w C:\Program Files\World of Warcraft
2008-09-10 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 16:02 --------- d-----w C:\Program Files\Electronic Arts
2008-06-27 15:37 720,497,870 ----a-w C:\Program Files\fly_for_fun_client_complet_-_acte_2_l_aube_des_heros_francais_41629.exe
2007-02-28 12:24 926,571 ----a-w C:\Program Files\pap_lettre.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{de44fda9-805d-413c-8322-65a08f7c99b9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{de44fda9-805d-413c-8322-65a08f7c99b9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de44fda9-805d-413c-8322-65a08f7c99b9}]
2008-09-15 06:47 1784856 --a------ C:\Program Files\fullanimes.free.fr\tbful0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{de44fda9-805d-413c-8322-65a08f7c99b9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DE44FDA9-805D-413C-8322-65A08F7C99B9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{de44fda9-805d-413c-8322-65a08f7c99b9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-20 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-13 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-30 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-02 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=umbjwv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2416D744-7052-4EAA-BD61-0A977C75A75E} - C:\WINDOWS\system32\xxywTJDs.dll
BHO-{62d92fba-be2b-48b9-b9f4-b604d593009f} - C:\WINDOWS\system32\umbjwv.dll
BHO-{A54E6E01-88D4-4F38-9EFF-7DA7CDAD2C2D} - C:\WINDOWS\system32\byXPJBTk.dll
BHO-{C0F6A063-3DBA-4091-8D90-32A96A11C457} - (no file)
BHO-{D0957FD3-497E-4B96-906F-DF689DD2CAE8} - C:\WINDOWS\system32\ljJDWnnM.dll
HKCU-Run-LogitechSetup - D:\Setup\Setup.exe
HKCU-Run-ccleaner - C:\Program Files\CCleaner\ccleaner.exe
HKLM-Run-b4ba709e - C:\WINDOWS\system32\oyoxvuqv.dll
ShellExecuteHooks-{A54E6E01-88D4-4F38-9EFF-7DA7CDAD2C2D} - C:\WINDOWS\system32\byXPJBTk.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 19:48:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 19:52:20 - La machine a redémarré [valerie]
ComboFix-quarantined-files.txt 2008-10-21 17:52:16

Avant-CF: 98,989,056,000 octets libres
Après-CF: 98,961,469,440 octets libres

279 --- E O F --- 2008-10-20 08:32:46

valerie67 Messages postés 257 Statut Membre 5

bonsoir,
ComboFix 08-10-19.04 - valerie 2008-10-21 19:43:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1007 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\valerie\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\WINDOWS\epgb.exe
C:\WINDOWS\grfxbanonlm.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\byXPJBTk.dll
C:\WINDOWS\system32\cxpvgf.dll
C:\WINDOWS\system32\gjunpegs.ini
C:\WINDOWS\system32\hgGVnkkJ.dll
C:\WINDOWS\system32\hmopvnfh.dll
C:\WINDOWS\system32\khfFXpPh.dll
C:\WINDOWS\system32\kulhje.dll
C:\WINDOWS\system32\mgrrfpqu.ini
C:\WINDOWS\system32\mndfrary.dll
C:\WINDOWS\system32\MnnWDJjl.ini
C:\WINDOWS\system32\MnnWDJjl.ini2
C:\WINDOWS\system32\oyoxvuqv.dll
C:\WINDOWS\system32\sDJTwyxx.ini
C:\WINDOWS\system32\sDJTwyxx.ini2
C:\WINDOWS\system32\umbjwv.dll
C:\WINDOWS\system32\vquvxoyo.ini
C:\WINDOWS\system32\vtUkjgdc.dll
C:\WINDOWS\system32\wkhfguxk.dll
C:\WINDOWS\system32\xxywTJDs.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-21 14:46 . 2008-10-21 14:48 <REP> d-------- C:\Program Files\ma-config.com
2008-10-21 14:46 . 2008-10-21 14:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-10-21 07:24 . 2008-10-21 10:37 916 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-20 20:07 . 2008-10-20 20:35 210 --a------ C:\WINDOWS\wininit.ini
2008-10-20 19:09 . 2008-10-20 23:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-20 12:14 . 2008-10-20 12:52 <REP> d-------- C:\Documents and Settings\valerie\Application Data\Winamp
2008-10-20 10:23 . 2006-11-11 05:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-10-20 10:20 . 2008-10-20 10:20 <REP> d-------- C:\Documents and Settings\valerie\Application Data\HP
2008-10-20 10:18 . 2006-05-05 06:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-10-20 10:18 . 2006-05-05 06:18 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-10-20 10:18 . 2006-05-05 06:18 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-10-20 10:18 . 2006-03-28 17:55 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-10-20 10:18 . 2006-03-28 17:55 55,808 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-10-20 10:18 . 2006-05-05 06:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-10-20 10:15 . 2008-10-20 10:15 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-10-20 09:05 . 2008-10-20 09:06 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-10-20 09:03 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-10-20 08:09 . 2008-10-20 08:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
2008-10-20 08:08 . 2008-10-20 08:08 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-10-20 08:08 . 2007-05-02 12:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-20 08:08 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-10-20 08:08 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-20 08:08 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-20 08:08 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-20 08:07 . 2007-05-02 10:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-10-20 08:07 . 2007-05-02 11:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-10-20 08:07 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-20 08:07 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-20 08:07 . 2007-05-02 11:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-10-20 08:07 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-20 08:07 . 2008-04-13 20:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-20 08:01 . 2008-10-21 17:26 <REP> d-------- C:\Documents and Settings\valerie\Application Data\HPAppData
2008-10-20 08:01 . 2008-10-20 08:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HPSSUPPLY
2008-10-20 08:00 . 2008-10-20 08:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Product Assistant
2008-10-20 08:00 . 2008-10-20 08:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-10-20 07:57 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-20 07:57 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-20 07:56 . 2008-10-20 14:55 162,994 --a------ C:\WINDOWS\hpoins21.dat
2008-10-20 07:56 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-10-20 07:24 . 2008-10-20 07:43 <REP> d-------- C:\Documents and Settings\valerie\Contacts
2008-10-20 07:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-20 07:20 . 2008-10-20 07:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-10-20 07:12 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-20 00:00 . 2008-04-13 20:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-10-19 23:59 . 2008-04-14 04:34 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-10-19 23:59 . 2008-04-14 04:34 129,536 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-10-19 23:59 . 2008-04-14 04:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-19 23:58 . 2008-04-14 03:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-19 23:58 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-19 23:57 . 2008-04-14 04:33 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-19 23:57 . 2008-04-14 04:03 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-10-19 23:55 . 2008-10-20 07:27 877,168 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-19 23:55 . 2008-10-19 22:16 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-10-19 23:54 . 2008-10-19 22:12 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-10-19 23:54 . 2008-10-19 23:54 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-10-19 23:54 . 2008-10-20 08:00 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-10-19 23:54 . 2008-10-19 22:13 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-10-19 23:54 . 2008-10-20 12:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-10-19 23:53 . 2008-10-19 22:24 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-10-19 23:53 . 2008-10-19 22:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-10-19 23:51 . 2008-10-19 22:18 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-10-19 23:46 . 2008-10-19 23:46 <REP> d-------- C:\Documents and Settings\valerie\Application Data\vlc
2008-10-19 23:27 . 2008-10-19 23:27 <REP> d-------- C:\Documents and Settings\valerie\Application Data\MSNInstaller
2008-10-19 23:26 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-19 23:26 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-19 23:26 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-19 23:26 . 2008-08-14 12:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-19 23:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-19 23:10 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-19 23:10 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-19 22:39 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-19 22:37 . 2008-10-03 19:12 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-19 22:37 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-19 22:37 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-19 22:37 . 2008-08-26 10:11 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-19 22:37 . 2008-08-26 10:11 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-19 22:37 . 2008-08-26 10:11 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-19 22:37 . 2008-08-26 10:11 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-19 22:37 . 2008-08-26 10:11 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-19 22:37 . 2008-08-25 10:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-19 22:25 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\valerie\Voisinage réseau
2008-10-19 22:25 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\valerie\Voisinage d'impression
2008-10-19 22:25 . 2008-10-19 22:12 <REP> d--h----- C:\Documents and Settings\valerie\Modèles
2008-10-19 22:25 . 2008-10-21 14:46 <REP> dr------- C:\Documents and Settings\valerie\Mes documents
2008-10-19 22:25 . 2008-10-19 23:54 <REP> dr------- C:\Documents and Settings\valerie\Menu Démarrer
2008-10-19 22:25 . 2008-10-20 06:32 <REP> d-------- C:\Documents and Settings\valerie\Favoris
2008-10-19 22:25 . 2008-10-21 19:33 <REP> d-------- C:\Documents and Settings\valerie\Bureau
2008-10-19 22:25 . 2008-10-21 13:38 <REP> d-------- C:\Documents and Settings\valerie
2008-10-19 22:24 . 2008-10-19 22:24 13,588 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-19 22:21 . 2008-10-19 22:21 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT
2008-10-19 22:20 . 2008-10-19 22:20 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT
2008-10-19 22:20 . 2008-10-19 22:20 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-10-19 22:17 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-19 22:16 . 2008-10-20 12:16 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-10-19 22:16 . 2008-10-19 22:16 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-19 22:16 . 2008-10-19 22:16 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-19 22:16 . 2008-10-19 23:18 3,121 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-10-19 22:16 . 2008-10-19 22:16 0 --a------ C:\WINDOWS\control.ini
2008-10-19 22:15 . 2008-10-20 12:15 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-19 22:15 . 2008-10-19 22:15 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-10-19 22:15 . 2008-10-19 22:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-19 22:13 . 2008-04-14 04:33 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2008-10-19 22:13 . 2008-04-14 04:33 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2008-10-19 22:13 . 2008-04-14 04:33 194,560 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-10-19 22:13 . 2008-04-14 04:33 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2008-10-19 22:13 . 2008-04-14 04:33 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2008-10-19 22:13 . 2008-04-14 04:33 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2008-10-19 22:13 . 2008-10-19 22:13 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-10-19 22:13 . 2008-04-14 04:34 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2008-10-19 22:13 . 2008-10-19 22:13 37 --a------ C:\WINDOWS\vbaddin.ini
2008-10-19 22:13 . 2008-10-19 22:13 36 --a------ C:\WINDOWS\vb.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 11:37 --------- d-----w C:\Program Files\CCleaner
2008-10-21 10:19 --------- d-----w C:\Program Files\fullanimes.free.fr
2008-10-20 17:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-20 10:39 --------- d-----w C:\Program Files\Winamp
2008-10-20 09:31 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-10-20 08:17 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-10-20 05:27 --------- d-----w C:\Program Files\Windows Live
2008-10-06 14:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-01 13:38 --------- d-----w C:\Program Files\World of Warcraft
2008-09-10 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 16:02 --------- d-----w C:\Program Files\Electronic Arts
2008-06-27 15:37 720,497,870 ----a-w C:\Program Files\fly_for_fun_client_complet_-_acte_2_l_aube_des_heros_francais_41629.exe
2007-02-28 12:24 926,571 ----a-w C:\Program Files\pap_lettre.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{de44fda9-805d-413c-8322-65a08f7c99b9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{de44fda9-805d-413c-8322-65a08f7c99b9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de44fda9-805d-413c-8322-65a08f7c99b9}]
2008-09-15 06:47 1784856 --a------ C:\Program Files\fullanimes.free.fr\tbful0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{de44fda9-805d-413c-8322-65a08f7c99b9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DE44FDA9-805D-413C-8322-65A08F7C99B9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{de44fda9-805d-413c-8322-65a08f7c99b9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-20 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-13 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-30 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-02 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=umbjwv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2416D744-7052-4EAA-BD61-0A977C75A75E} - C:\WINDOWS\system32\xxywTJDs.dll
BHO-{62d92fba-be2b-48b9-b9f4-b604d593009f} - C:\WINDOWS\system32\umbjwv.dll
BHO-{A54E6E01-88D4-4F38-9EFF-7DA7CDAD2C2D} - C:\WINDOWS\system32\byXPJBTk.dll
BHO-{C0F6A063-3DBA-4091-8D90-32A96A11C457} - (no file)
BHO-{D0957FD3-497E-4B96-906F-DF689DD2CAE8} - C:\WINDOWS\system32\ljJDWnnM.dll
HKCU-Run-LogitechSetup - D:\Setup\Setup.exe
HKCU-Run-ccleaner - C:\Program Files\CCleaner\ccleaner.exe
HKLM-Run-b4ba709e - C:\WINDOWS\system32\oyoxvuqv.dll
ShellExecuteHooks-{A54E6E01-88D4-4F38-9EFF-7DA7CDAD2C2D} - C:\WINDOWS\system32\byXPJBTk.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 19:48:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 19:52:20 - La machine a redémarré [valerie]
ComboFix-quarantined-files.txt 2008-10-21 17:52:16

Avant-CF: 98,989,056,000 octets libres
Après-CF: 98,961,469,440 octets libres

279 --- E O F --- 2008-10-20 08:32:46

valerie67 Messages postés 257 Statut Membre 5

bonsoir,
ComboFix 08-10-19.04 - valerie 2008-10-21 19:43:25.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1007 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\valerie\Bureau\ComboFix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\ContextTool
C:\Program Files\ContextTool\ContextHelper.dat
C:\WINDOWS\epgb.exe
C:\WINDOWS\grfxbanonlm.dll
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\byXPJBTk.dll
C:\WINDOWS\system32\cxpvgf.dll
C:\WINDOWS\system32\gjunpegs.ini
C:\WINDOWS\system32\hgGVnkkJ.dll
C:\WINDOWS\system32\hmopvnfh.dll
C:\WINDOWS\system32\khfFXpPh.dll
C:\WINDOWS\system32\kulhje.dll
C:\WINDOWS\system32\mgrrfpqu.ini
C:\WINDOWS\system32\mndfrary.dll
C:\WINDOWS\system32\MnnWDJjl.ini
C:\WINDOWS\system32\MnnWDJjl.ini2
C:\WINDOWS\system32\oyoxvuqv.dll
C:\WINDOWS\system32\sDJTwyxx.ini
C:\WINDOWS\system32\sDJTwyxx.ini2
C:\WINDOWS\system32\umbjwv.dll
C:\WINDOWS\system32\vquvxoyo.ini
C:\WINDOWS\system32\vtUkjgdc.dll
C:\WINDOWS\system32\wkhfguxk.dll
C:\WINDOWS\system32\xxywTJDs.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-21 14:46 . 2008-10-21 14:48 <REP> d-------- C:\Program Files\ma-config.com
2008-10-21 14:46 . 2008-10-21 14:48 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com
2008-10-21 07:24 . 2008-10-21 10:37 916 --a------ C:\WINDOWS\system32\tmp.reg
2008-10-20 20:07 . 2008-10-20 20:35 210 --a------ C:\WINDOWS\wininit.ini
2008-10-20 19:09 . 2008-10-20 23:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-10-20 12:14 . 2008-10-20 12:52 <REP> d-------- C:\Documents and Settings\valerie\Application Data\Winamp
2008-10-20 10:23 . 2006-11-11 05:43 933,536 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-10-20 10:20 . 2008-10-20 10:20 <REP> d-------- C:\Documents and Settings\valerie\Application Data\HP
2008-10-20 10:18 . 2006-05-05 06:19 155,648 --a------ C:\WINDOWS\system32\kemutb.dll
2008-10-20 10:18 . 2006-05-05 06:18 126,976 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-10-20 10:18 . 2006-05-05 06:18 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-10-20 10:18 . 2006-03-28 17:55 69,760 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-10-20 10:18 . 2006-03-28 17:55 55,808 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2008-10-20 10:18 . 2006-05-05 06:19 53,248 --a------ C:\WINDOWS\system32\KemXML.dll
2008-10-20 10:15 . 2008-10-20 10:15 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
2008-10-20 09:05 . 2008-10-20 09:06 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-10-20 09:03 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2008-10-20 08:09 . 2008-10-20 08:09 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WEBREG
2008-10-20 08:08 . 2008-10-20 08:08 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hewlett-Packard
2008-10-20 08:08 . 2007-05-02 12:03 267,864 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-10-20 08:08 . 2007-03-15 15:32 118,272 --a------ C:\WINDOWS\system32\hpz3l5ha.dll
2008-10-20 08:08 . 2007-03-08 06:20 49,920 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-10-20 08:08 . 2007-03-08 06:20 21,568 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-10-20 08:08 . 2007-03-08 06:20 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-10-20 08:07 . 2007-05-02 10:56 954,368 -ra------ C:\WINDOWS\system32\hpotiop5.dll
2008-10-20 08:07 . 2007-05-02 11:01 675,840 -ra------ C:\WINDOWS\system32\hpowiax5.dll
2008-10-20 08:07 . 2007-03-08 06:20 364,544 -ra------ C:\WINDOWS\system32\hppldcoi.dll
2008-10-20 08:07 . 2007-03-08 06:20 309,760 -ra------ C:\WINDOWS\system32\difxapi.dll
2008-10-20 08:07 . 2007-05-02 11:00 303,104 -ra------ C:\WINDOWS\system32\hpovst12.dll
2008-10-20 08:07 . 2008-04-13 20:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-20 08:07 . 2008-04-13 20:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-20 08:01 . 2008-10-21 17:26 <REP> d-------- C:\Documents and Settings\valerie\Application Data\HPAppData
2008-10-20 08:01 . 2008-10-20 08:01 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HPSSUPPLY
2008-10-20 08:00 . 2008-10-20 08:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP Product Assistant
2008-10-20 08:00 . 2008-10-20 08:00 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\HP
2008-10-20 07:57 . 2008-04-13 20:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-10-20 07:57 . 2008-04-13 20:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-10-20 07:56 . 2008-10-20 14:55 162,994 --a------ C:\WINDOWS\hpoins21.dat
2008-10-20 07:56 . 2007-09-05 20:26 8,138 --------- C:\WINDOWS\hpomdl21.dat
2008-10-20 07:24 . 2008-10-20 07:43 <REP> d-------- C:\Documents and Settings\valerie\Contacts
2008-10-20 07:23 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-20 07:20 . 2008-10-20 07:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-10-20 07:12 . 2008-04-13 20:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-10-20 00:00 . 2008-04-13 20:45 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-10-19 23:59 . 2008-04-14 04:34 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-10-19 23:59 . 2008-04-14 04:34 129,536 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-10-19 23:59 . 2008-04-14 04:33 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-19 23:58 . 2008-04-14 03:57 58,752 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-10-19 23:58 . 2004-08-04 00:31 20,992 --a------ C:\WINDOWS\system32\drivers\RTL8139.sys
2008-10-19 23:57 . 2008-04-14 04:33 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-10-19 23:57 . 2008-04-14 04:03 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2008-10-19 23:55 . 2008-10-20 07:27 877,168 --a------ C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-19 23:55 . 2008-10-19 22:16 4,205 --a------ C:\WINDOWS\ODBCINST.INI
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-10-19 23:54 . 2008-10-19 22:12 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-10-19 23:54 . 2008-10-19 23:54 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-10-19 23:54 . 2008-10-20 08:00 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-10-19 23:54 . 2008-10-19 23:54 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-10-19 23:54 . 2008-10-19 22:13 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-10-19 23:54 . 2008-10-20 12:16 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-10-19 23:53 . 2008-10-19 22:24 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS
2008-10-19 23:53 . 2008-10-19 22:15 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS
2008-10-19 23:51 . 2008-10-19 22:18 261 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-10-19 23:46 . 2008-10-19 23:46 <REP> d-------- C:\Documents and Settings\valerie\Application Data\vlc
2008-10-19 23:27 . 2008-10-19 23:27 <REP> d-------- C:\Documents and Settings\valerie\Application Data\MSNInstaller
2008-10-19 23:26 . 2008-09-08 12:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-19 23:26 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-19 23:26 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-19 23:26 . 2008-08-14 12:04 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-10-19 23:10 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-10-19 23:10 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-10-19 23:10 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-10-19 22:39 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-10-19 22:37 . 2008-10-03 19:12 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-19 22:37 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-10-19 22:37 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-10-19 22:37 . 2008-08-26 10:11 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-10-19 22:37 . 2008-08-26 10:11 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-10-19 22:37 . 2008-08-26 10:11 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-10-19 22:37 . 2008-08-26 10:11 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-10-19 22:37 . 2008-08-26 10:11 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-10-19 22:37 . 2008-08-25 10:38 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-10-19 22:25 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\valerie\Voisinage réseau
2008-10-19 22:25 . 2008-10-19 23:54 <REP> d--h----- C:\Documents and Settings\valerie\Voisinage d'impression
2008-10-19 22:25 . 2008-10-19 22:12 <REP> d--h----- C:\Documents and Settings\valerie\Modèles
2008-10-19 22:25 . 2008-10-21 14:46 <REP> dr------- C:\Documents and Settings\valerie\Mes documents
2008-10-19 22:25 . 2008-10-19 23:54 <REP> dr------- C:\Documents and Settings\valerie\Menu Démarrer
2008-10-19 22:25 . 2008-10-20 06:32 <REP> d-------- C:\Documents and Settings\valerie\Favoris
2008-10-19 22:25 . 2008-10-21 19:33 <REP> d-------- C:\Documents and Settings\valerie\Bureau
2008-10-19 22:25 . 2008-10-21 13:38 <REP> d-------- C:\Documents and Settings\valerie
2008-10-19 22:24 . 2008-10-19 22:24 13,588 --a------ C:\WINDOWS\system32\wpa.bak
2008-10-19 22:21 . 2008-10-19 22:21 <REP> d--hs---- C:\Documents and Settings\LocalService.AUTORITE NT
2008-10-19 22:20 . 2008-10-19 22:20 <REP> d--hs---- C:\Documents and Settings\NetworkService.AUTORITE NT
2008-10-19 22:20 . 2008-10-19 22:20 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2008-10-19 22:17 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-10-19 22:16 . 2008-10-20 12:16 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-10-19 22:16 . 2008-10-19 22:16 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-10-19 22:16 . 2008-10-19 22:16 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-10-19 22:16 . 2008-10-19 23:18 3,121 --a------ C:\WINDOWS\system32\CONFIG.NT
2008-10-19 22:16 . 2008-10-19 22:16 0 --a------ C:\WINDOWS\control.ini
2008-10-19 22:15 . 2008-10-20 12:15 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-10-19 22:15 . 2008-10-19 22:15 749 -rah----- C:\WINDOWS\system32\cdplayer.exe.manifest
2008-10-19 22:15 . 2008-10-19 22:15 488 -rah----- C:\WINDOWS\system32\WindowsLogon.manifest
2008-10-19 22:15 . 2008-10-19 22:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-10-19 22:13 . 2008-04-14 04:33 282,624 --a------ C:\WINDOWS\system32\inetcfg.dll
2008-10-19 22:13 . 2008-04-14 04:33 281,600 --a------ C:\WINDOWS\system32\mstask.dll
2008-10-19 22:13 . 2008-04-14 04:33 194,560 --a------ C:\WINDOWS\system32\schedsvc.dll
2008-10-19 22:13 . 2008-04-14 04:33 86,016 --a------ C:\WINDOWS\system32\isign32.dll
2008-10-19 22:13 . 2008-04-14 04:33 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2008-10-19 22:13 . 2008-04-14 04:33 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2008-10-19 22:13 . 2008-10-19 22:13 21,892 --a------ C:\WINDOWS\system32\emptyregdb.dat
2008-10-19 22:13 . 2008-04-14 04:34 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2008-10-19 22:13 . 2008-10-19 22:13 37 --a------ C:\WINDOWS\vbaddin.ini
2008-10-19 22:13 . 2008-10-19 22:13 36 --a------ C:\WINDOWS\vb.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 11:37 --------- d-----w C:\Program Files\CCleaner
2008-10-21 10:19 --------- d-----w C:\Program Files\fullanimes.free.fr
2008-10-20 17:09 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-20 10:39 --------- d-----w C:\Program Files\Winamp
2008-10-20 09:31 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-10-20 08:17 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-10-20 05:27 --------- d-----w C:\Program Files\Windows Live
2008-10-06 14:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-10-01 13:38 --------- d-----w C:\Program Files\World of Warcraft
2008-09-10 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-06 16:02 --------- d-----w C:\Program Files\Electronic Arts
2008-06-27 15:37 720,497,870 ----a-w C:\Program Files\fly_for_fun_client_complet_-_acte_2_l_aube_des_heros_francais_41629.exe
2007-02-28 12:24 926,571 ----a-w C:\Program Files\pap_lettre.exe
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{de44fda9-805d-413c-8322-65a08f7c99b9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{de44fda9-805d-413c-8322-65a08f7c99b9}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{de44fda9-805d-413c-8322-65a08f7c99b9}]
2008-09-15 06:47 1784856 --a------ C:\Program Files\fullanimes.free.fr\tbful0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{de44fda9-805d-413c-8322-65a08f7c99b9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DE44FDA9-805D-413C-8322-65A08F7C99B9}"= "C:\Program Files\fullanimes.free.fr\tbful0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{de44fda9-805d-413c-8322-65a08f7c99b9}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-20 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"LVCOMSX"="C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-11-15 244512]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-03-28 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-03-13 1183744]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-10-30 196608]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-02 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=umbjwv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{2416D744-7052-4EAA-BD61-0A977C75A75E} - C:\WINDOWS\system32\xxywTJDs.dll
BHO-{62d92fba-be2b-48b9-b9f4-b604d593009f} - C:\WINDOWS\system32\umbjwv.dll
BHO-{A54E6E01-88D4-4F38-9EFF-7DA7CDAD2C2D} - C:\WINDOWS\system32\byXPJBTk.dll
BHO-{C0F6A063-3DBA-4091-8D90-32A96A11C457} - (no file)
BHO-{D0957FD3-497E-4B96-906F-DF689DD2CAE8} - C:\WINDOWS\system32\ljJDWnnM.dll
HKCU-Run-LogitechSetup - D:\Setup\Setup.exe
HKCU-Run-ccleaner - C:\Program Files\CCleaner\ccleaner.exe
HKLM-Run-b4ba709e - C:\WINDOWS\system32\oyoxvuqv.dll
ShellExecuteHooks-{A54E6E01-88D4-4F38-9EFF-7DA7CDAD2C2D} - C:\WINDOWS\system32\byXPJBTk.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - %~$path:i
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 19:48:47
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 19:52:20 - La machine a redémarré [valerie]
ComboFix-quarantined-files.txt 2008-10-21 17:52:16

Avant-CF: 98,989,056,000 octets libres
Après-CF: 98,961,469,440 octets libres

279 --- E O F --- 2008-10-20 08:32:46

Réponse 2 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware

- Mets-le à jour.

- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/

- Choisis ta session habituelle.

- Fais un scan complet avec MalwareByte's Anti-Malware.

- Supprime tout ce que le logiciel trouve, enregistre le rapport.

- Redémarre en mode normal et poste le rapport ici.

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

valerie67 Messages postés 257 Statut Membre 5

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1304
Windows 5.1.2600 Service Pack 3

21/10/2008 21:09:50
mbam-log-2008-10-21 (21-09-50).txt

Type de recherche: Examen rapide
Eléments examinés: 49561
Temps écoulé: 5 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 3 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Poste un nouveau rapport HijackThis.

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:31, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: umbjwv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

Réponse 4 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

018 - Toutes les lignes

O20 - AppInit_DLLs: umbjwv.dll

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis.

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:46, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:46, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:46, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

Réponse 5 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

On peut passer à la dernière étape ?

valerie67 Messages postés 257 Statut Membre 5

ok

Réponse 6 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Pour finir :

---> Désinstalle HijackThis.

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Télécharge Tools Cleaner sur ton Bureau :
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

---> Pour naviguer sur Internet, je te conseille d'utiliser Firefox au lieu d'Internet Explorer.

---> Je te conseille également de remplacer Avast par Antivir ou AVG.

valerie67 Messages postés 257 Statut Membre 5

bonjour,
le rapport est trés trés long,il n'y aurai pas un raccourci copier/ coller plus rapide?
merci

Réponse 7 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Tu parles de quel rapport ? Tools Cleaner ?

valerie67 Messages postés 257 Statut Membre 5

oui

Réponse 8 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Normalement, il n'est pas très grand.

valerie67 Messages postés 257 Statut Membre 5

bizare
j'en met un début
2007/03/29 13:44:38:953 HTML parameter

ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

2007/03/29 13:44:38:984 3AA6008::OnCreate()
2007/03/29 13:44:38:984 3AA6008::COleControl::OnCreate() Pass!
2007/03/29 13:44:38:984 3AA6008::XP platform.
2007/03/29 13:44:39:000 3AA6008::Mutex = E38
2007/03/29 13:44:39:000 3AA6008::OnCreate() Web server List checking ...
2007/03/29 13:44:39:000 3AA6008::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2007/03/29 13:44:39:015 3AA6008::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2007/03/29 13:44:39:015 3AA6008::OnCreate() Found 'www.secuser.com' in server list
2007/03/29 13:44:39:015 m_strClientIP=192.168.1.10

2007/03/29 13:44:41:015 3AA6008::OnCreate() Pass!
2007/03/29 13:44:41:109 3AA6008::ActveUpdateGetNewestPatternEngine() begin
2007/03/29 13:44:41:843 (Xscan):nCurPatVer=0

2007/03/29 13:44:41:843 (Xscan):HouseCallWorkDir = C:\WINDOWS
2007/03/29 13:44:41:843 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2007/03/29 13:44:41:906 (Xscan):vscinfo.vi_Version=
2007/03/29 13:44:41:906 (Xscan):version.build=0
2007/03/29 13:44:41:906 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2007/03/29 13:44:42:109 HC client's product version 0 in uint32_t is 0x0, Build no is 0
2007/03/29 13:44:42:140 (Xscan):nNewPatVer=0

2007/03/29 13:44:42:140 (Xscan):HouseCallWorkDir=C:\WINDOWS

2007/03/29 13:45:25:390 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.375,C:\WINDOWS\VPTNFILE.375)

2007/03/29 13:45:25:390 3AA6008::ActveUpdateGetNewestPatternEngine() end
2007/03/29 13:45:25:515 3AA6008::OnSafeStateToFireEvent()
2007/03/29 13:45:46:890 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.375 to C:\WINDOWS\LPT$VPN.375

2007/03/29 13:45:46:890 (Xscan):AddTail path(A:\)
2007/03/29 13:45:46:890 (Xscan):AddTail path(C:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(D:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(E:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(F:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(G:\)
2007/03/29 13:45:46:921 3AA6008::VScanDlg.Create(619C8CA0)
2007/03/29 13:45:46:984 try to FormatSysInfoString()....

2007/03/29 13:45:46:984 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

2007/03/29 13:45:51:484 Internal Pattern Version = 4.375.00

2007/03/29 13:45:52:296 After call NewEncryptStr => !CRYPT!8402CC078604A3CB39E07D2E43B545CD8D4AD00CE88BD02A045C5BCA8FD062F1EF592D54F5E1D44F4855DB3B11DF772C85388352B87E04F280F5C8857E4321806362D7F6A35!840CFCC52158617ACDA965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0056B7303!840966B5876E5CA76982A2F575CBF2DFB8CE4BBF24CE63D656080810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3075C22616C!3136FCE03547A97E3597EF2114C8ADE6EB8FA3F3BD0DF6DED6C6F4B4F65
2007/03/29 13:45:52:312 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8402CC078604A3CB39E07D2E43B545CD8D4AD00CE88BD02A045C5BCA8FD062F1EF592D54F5E1D44F4855DB3B11DF772C85388352B87E04F280F5C8857E4321806362D7F6A35!840CFCC52158617ACDA965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0056B7303!840966B5876E5CA76982A2F575CBF2DFB8CE4BBF24CE63D656080810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3075C22616C!3136FCE03547A97E3597EF2114C8ADE6EB8FA3F3BD0DF6DED6C6F4B4F65
2007/03/29 13:45:52:828 SendLog GetUrlPostErrorMessage() => <HTML><HEAD></HEAD><meta http-equiv="Content-Type" content=text/html><meta http-equiv="pragma" content="no-cache">

<meta http-equiv="expires" content="-1">

<BODY>Decrypt successfully ! Write to inbox queue successed ! total write 208 byte(s) </BODY></HTML>Elapsed Time 16 ms 
2007/03/29 13:45:52:843 Server side CGI return successed !
2007/03/29 13:45:52:843 Removed Item from queue!
2007/03/29 13:45:53:078 3AA6008::~CXscanCtrl()
2007/03/29 13:46:42:281 HTML parameter

ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

2007/03/29 13:46:42:437 8F25F40::OnCreate()
2007/03/29 13:46:42:437 8F25F40::COleControl::OnCreate() Pass!
2007/03/29 13:46:42:437 8F25F40::XP platform.
2007/03/29 13:46:42:437 8F25F40::Mutex = 1DF8
2007/03/29 13:46:42:453 8F25F40::OnCreate() Web server List checking ...
2007/03/29 13:46:42:468 8F25F40::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2007/03/29 13:46:42:468 8F25F40::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2007/03/29 13:46:42:468 8F25F40::OnCreate() Found 'www.secuser.com' in server list
2007/03/29 13:46:42:500 m_strClientIP=192.168.1.10

2007/03/29 13:46:43:375 8F25F40::OnCreate() Pass!
2007/03/29 13:46:44:093 8F25F40::ActveUpdateGetNewestPatternEngine() begin
2007/03/29 13:46:46:234 (Xscan):nCurPatVer=375

2007/03/29 13:46:47:781 (Xscan):CopyFile(C:\WINDOWS\VPTNFILE.375,C:\WINDOWS\LPT$VPN.375)

2007/03/29 13:46:48:296 (Xscan):HouseCallWorkDir = C:\WINDOWS
2007/03/29 13:46:48:296 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2007/03/29 13:46:48:343 (Xscan):vscinfo.vi_Version=8.310-1002
2007/03/29 13:46:48:343 (Xscan):version.build=1002
2007/03/29 13:46:48:359 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2007/03/29 13:46:48:375 HC client's product version 5.70.850 in uint32_t is 0x57000, Build no is 850
2007/03/29 13:46:48:859 (Xscan):nNewPatVer=437500

2007/03/29 13:46:48:875 (Xscan):HouseCallWorkDir=C:\WINDOWS

2007/03/29 13:46:52:750 (Xscan):DeleteFile(C:\WINDOWS\LPT$VPN.375)

2007/03/29 13:46:52:750 8F25F40::ActveUpdateGetNewestPatternEngine() end
2007/03/29 13:46:52:875 8F25F40::OnSafeStateToFireEvent()
2007/03/29 13:47:00:265 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.375 to C:\WINDOWS\LPT$VPN.375

2007/03/29 13:47:00:265 (Xscan):AddTail path(A:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(C:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(D:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(E:\)
2007/03/29 13:47:00:281 (Xscan):AddTail path(F:\)
2007/03/29 13:47:00:281 (Xscan):AddTail path(G:\)
2007/03/29 13:47:00:281 8F25F40::VScanDlg.Create(619C8CA0)
2007/03/29 13:47:00:296 try to FormatSysInfoString()....

2007/03/29 13:47:00:296 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

2007/03/29 13:47:01:875 Internal Pattern Version = 4.375.00

2007/03/29 13:47:02:625 Start Scanning ************************
2007/03/29 13:47:02:625 (Xscan) : TSCKL.ini path=C:\WINDOWS\TSC.INI

2007/03/29 13:47:02:625 (Xscan) : TSCKL.ini : write

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write HouseCall has found and cleaned a malware.

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write HouseCall did not find any Trojans. Press the OK button to scan for other types of malware.

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write Please reboot your computer to completely clean the Trojan.

2007/03/29 13:47:02:656 (Xscan) : TSCKL.ini : write Please reboot your computer and run HouseCall Control again.

2007/03/29 13:47:02:656 (Xscan) : TSCKL.ini : write Allocate memory error

2007/03/29 13:47:02:671 (Xscan): CallTSCToScanVirus

2007/03/29 13:47:02:703 CXscanCtrl::CallTSCToScanVirus() : TSC pattern number = 850
2007/03/29 13:47:02:703 (Xscan): CreateProcess(CmdLine=C:\WINDOWS\TSC.EXE /mv,szHouseCallWorkDir=C:\WINDOWS)

2007/03/29 13:47:14:531 (Xscan) : MsgWaitForMultipleObjects return 0,GetLastError()=0

2007/03/29 13:47:14:531 (Xscan) : CallTSCToScanVirus() : TSC exit(0)
2007/03/29 13:47:14:531 (Xscan) : DealWithTSCExitCode(0)

2007/03/29 13:47:14:531 (Xscan) : TSCKL.EXE returned successfully

2007/03/29 13:47:14:546 CTSCProgress::GetNoInfectFromIni(int& nNoInfect )
2007/03/29 13:47:18:046 ScanFile C:\\20789c85a5d0cafb06\icones\Français.ico
2007/03/29 13:47:18:125 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:140 ScanFile C:\\20789c85a5d0cafb06\icones\Thumbs.db
2007/03/29 13:47:18:140 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:171 ScanFile C:\\20789c85a5d0cafb06\strings\French.str
2007/03/29 13:47:18:218 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:218 ScanFile C:\\20789c85a5d0cafb06\dict.avi
2007/03/29 13:47:18:500 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:500 ScanFile C:\\20789c85a5d0cafb06\dict.exe
2007/03/29 13:47:18:765 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:765 ScanFile C:\\20789c85a5d0cafb06\Dict.GID
2007/03/29 13:47:18:812 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:812 ScanFile C:\\20789c85a5d0cafb06\Dict.hlp
2007/03/29 13:47:18:875 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:875 ScanFile C:\\20789c85a5d0cafb06\language.ini
2007/03/29 13:47:18:875 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:890 ScanFile C:\\20789c85a5d0cafb06\logo.bmp
2007/03/29 13:47:18:921 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:921 ScanFile C:\\20789c85a5d0cafb06\maj.bat
2007/03/29 13:47:18:968 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:968 ScanFile C:\\20789c85a5d0cafb06\msxml4-KB927978-enu.log
2007/03/29 13:47:19:000 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:000 ScanFile C:\\20789c85a5d0cafb06\right.wav
2007/03/29 13:47:19:031 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:031 ScanFile C:\\20789c85a5d0cafb06\skipped.wav
2007/03/29 13:47:19:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:062 ScanFile C:\\20789c85a5d0cafb06\wrong.wav
2007/03/29 13:47:19:093 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:109 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL1208.DLL
2007/03/29 13:47:19:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:234 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35.DAT
2007/03/29 13:47:19:281 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:281 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35C.DAT
2007/03/29 13:47:19:296 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:296 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35R.DAT
2007/03/29 13:47:19:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:328 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNS12X.ICC
2007/03/29 13:47:19:390 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:390 ScanFile C:\\CanoScan\CNQL35\CNQL35\MC2.TXT
2007/03/29 13:47:19:421 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:421 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CANOIT32.EXE
2007/03/29 13:47:19:468 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:468 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CISDS.DS
2007/03/29 13:47:19:515 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:515 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CNQU77.DLL
2007/03/29 13:47:19:562 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:562 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CNZ005.ICC
2007/03/29 13:47:19:593 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:593 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSSAMP1.MID
2007/03/29 13:47:19:625 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:625 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSUI.DLL
2007/03/29 13:47:20:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:062 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSUI_RES.DLL
2007/03/29 13:47:20:203 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:203 ScanFile C:\\CanoScan\CNQL35\CNQSG77\IOP.DLL
2007/03/29 13:47:20:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:328 ScanFile C:\\CanoScan\CNQL35\CNQSG77\ITLIB32.DLL
2007/03/29 13:47:20:421 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:421 ScanFile C:\\CanoScan\CNQL35\CNQSG77\JDA_CIMG.DLL
2007/03/29 13:47:20:453 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:468 ScanFile C:\\CanoScan\CNQL35\CNQSG77\MSVCRT.DLL
2007/03/29 13:47:20:578 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:578 ScanFile C:\\CanoScan\CNQL35\CNQSG77\NBS4MB.DLL
2007/03/29 13:47:20:625 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:640 ScanFile C:\\CanoScan\CNQL35\CNQSG77\NBSCOR4M.DLL
2007/03/29 13:47:20:796 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:796 ScanFile C:\\CanoScan\CNQL35\CNQSG77\RMSLANTC.DLL
2007/03/29 13:47:20:828 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:828 ScanFile C:\\CanoScan\CNQL35\CNQSG77\RSTCOL.DLL
2007/03/29 13:47:20:906 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:906 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SCANINTF.DLL
2007/03/29 13:47:21:015 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:031 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SCRPRMV.DLL
2007/03/29 13:47:21:046 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:046 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SGUI.DLL
2007/03/29 13:47:21:359 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:359 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TPM.DLL
2007/03/29 13:47:21:750 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:750 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWAIN.DLL
2007/03/29 13:47:21:781 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:781 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWAIN_32.DLL
2007/03/29 13:47:21:859 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:875 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWUNK_16.EXE
2007/03/29 13:47:21:906 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:906 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWUNK_32.EXE
2007/03/29 13:47:21:953 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:968 ScanFile C:\\CanoScan\CNQL35\CNQSG77\UCS32P.DLL
2007/03/29 13:47:22:125 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:125 ScanFile C:\\CanoScan\CNQL35\CNQL35.CAT
2007/03/29 13:47:22:156 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:218 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\bullet-over.gif
2007/03/29 13:47:22:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:234 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\bullet.gif
2007/03/29 13:47:22:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:234 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\header-logo.gif
2007/03/29 13:47:22:265 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:265 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\header-title.jpg
2007/03/29 13:47:22:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:921 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-cloud9.jpg
2007/03/29 13:47:22:968 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:968 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-logoslogan.gif
2007/03/29 13:47:22:984 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:984 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-octopus.jpg
2007/03/29 13:47:23:015 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:031 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\spacer.gif
2007/03/29 13:47:23:031 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:031 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\cannot-connect.htm
2007/03/29 13:47:23:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:062 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\do-not-connect.htm
2007/03/29 13:47:23:140 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:140 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\new-acdstyle.css
2007/03/29 13:47:23:203 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:203 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\Default.prf
2007/03/29 13:47:23:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:250 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\Light.prf
2007/03/29 13:47:23:265 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:265 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\PENTAX.prf
2007/03/29 13:47:23:312 Dump_Virus:pfcb->pfcb_status=0

valerie67 Messages postés 257 Statut Membre 5

bizare
j'en met un début
2007/03/29 13:44:38:953 HTML parameter

ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

2007/03/29 13:44:38:984 3AA6008::OnCreate()
2007/03/29 13:44:38:984 3AA6008::COleControl::OnCreate() Pass!
2007/03/29 13:44:38:984 3AA6008::XP platform.
2007/03/29 13:44:39:000 3AA6008::Mutex = E38
2007/03/29 13:44:39:000 3AA6008::OnCreate() Web server List checking ...
2007/03/29 13:44:39:000 3AA6008::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2007/03/29 13:44:39:015 3AA6008::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2007/03/29 13:44:39:015 3AA6008::OnCreate() Found 'www.secuser.com' in server list
2007/03/29 13:44:39:015 m_strClientIP=192.168.1.10

2007/03/29 13:44:41:015 3AA6008::OnCreate() Pass!
2007/03/29 13:44:41:109 3AA6008::ActveUpdateGetNewestPatternEngine() begin
2007/03/29 13:44:41:843 (Xscan):nCurPatVer=0

2007/03/29 13:44:41:843 (Xscan):HouseCallWorkDir = C:\WINDOWS
2007/03/29 13:44:41:843 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2007/03/29 13:44:41:906 (Xscan):vscinfo.vi_Version=
2007/03/29 13:44:41:906 (Xscan):version.build=0
2007/03/29 13:44:41:906 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2007/03/29 13:44:42:109 HC client's product version 0 in uint32_t is 0x0, Build no is 0
2007/03/29 13:44:42:140 (Xscan):nNewPatVer=0

2007/03/29 13:44:42:140 (Xscan):HouseCallWorkDir=C:\WINDOWS

2007/03/29 13:45:25:390 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.375,C:\WINDOWS\VPTNFILE.375)

2007/03/29 13:45:25:390 3AA6008::ActveUpdateGetNewestPatternEngine() end
2007/03/29 13:45:25:515 3AA6008::OnSafeStateToFireEvent()
2007/03/29 13:45:46:890 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.375 to C:\WINDOWS\LPT$VPN.375

2007/03/29 13:45:46:890 (Xscan):AddTail path(A:\)
2007/03/29 13:45:46:890 (Xscan):AddTail path(C:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(D:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(E:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(F:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(G:\)
2007/03/29 13:45:46:921 3AA6008::VScanDlg.Create(619C8CA0)
2007/03/29 13:45:46:984 try to FormatSysInfoString()....

2007/03/29 13:45:46:984 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

2007/03/29 13:45:51:484 Internal Pattern Version = 4.375.00

2007/03/29 13:45:52:296 After call NewEncryptStr => !CRYPT!8402CC078604A3CB39E07D2E43B545CD8D4AD00CE88BD02A045C5BCA8FD062F1EF592D54F5E1D44F4855DB3B11DF772C85388352B87E04F280F5C8857E4321806362D7F6A35!840CFCC52158617ACDA965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0056B7303!840966B5876E5CA76982A2F575CBF2DFB8CE4BBF24CE63D656080810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3075C22616C!3136FCE03547A97E3597EF2114C8ADE6EB8FA3F3BD0DF6DED6C6F4B4F65
2007/03/29 13:45:52:312 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8402CC078604A3CB39E07D2E43B545CD8D4AD00CE88BD02A045C5BCA8FD062F1EF592D54F5E1D44F4855DB3B11DF772C85388352B87E04F280F5C8857E4321806362D7F6A35!840CFCC52158617ACDA965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0056B7303!840966B5876E5CA76982A2F575CBF2DFB8CE4BBF24CE63D656080810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3075C22616C!3136FCE03547A97E3597EF2114C8ADE6EB8FA3F3BD0DF6DED6C6F4B4F65
2007/03/29 13:45:52:828 SendLog GetUrlPostErrorMessage() => <HTML><HEAD></HEAD><meta http-equiv="Content-Type" content=text/html><meta http-equiv="pragma" content="no-cache">

<meta http-equiv="expires" content="-1">

<BODY>Decrypt successfully ! Write to inbox queue successed ! total write 208 byte(s) </BODY></HTML>Elapsed Time 16 ms 
2007/03/29 13:45:52:843 Server side CGI return successed !
2007/03/29 13:45:52:843 Removed Item from queue!
2007/03/29 13:45:53:078 3AA6008::~CXscanCtrl()
2007/03/29 13:46:42:281 HTML parameter

ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

2007/03/29 13:46:42:437 8F25F40::OnCreate()
2007/03/29 13:46:42:437 8F25F40::COleControl::OnCreate() Pass!
2007/03/29 13:46:42:437 8F25F40::XP platform.
2007/03/29 13:46:42:437 8F25F40::Mutex = 1DF8
2007/03/29 13:46:42:453 8F25F40::OnCreate() Web server List checking ...
2007/03/29 13:46:42:468 8F25F40::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2007/03/29 13:46:42:468 8F25F40::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2007/03/29 13:46:42:468 8F25F40::OnCreate() Found 'www.secuser.com' in server list
2007/03/29 13:46:42:500 m_strClientIP=192.168.1.10

2007/03/29 13:46:43:375 8F25F40::OnCreate() Pass!
2007/03/29 13:46:44:093 8F25F40::ActveUpdateGetNewestPatternEngine() begin
2007/03/29 13:46:46:234 (Xscan):nCurPatVer=375

2007/03/29 13:46:47:781 (Xscan):CopyFile(C:\WINDOWS\VPTNFILE.375,C:\WINDOWS\LPT$VPN.375)

2007/03/29 13:46:48:296 (Xscan):HouseCallWorkDir = C:\WINDOWS
2007/03/29 13:46:48:296 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2007/03/29 13:46:48:343 (Xscan):vscinfo.vi_Version=8.310-1002
2007/03/29 13:46:48:343 (Xscan):version.build=1002
2007/03/29 13:46:48:359 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2007/03/29 13:46:48:375 HC client's product version 5.70.850 in uint32_t is 0x57000, Build no is 850
2007/03/29 13:46:48:859 (Xscan):nNewPatVer=437500

2007/03/29 13:46:48:875 (Xscan):HouseCallWorkDir=C:\WINDOWS

2007/03/29 13:46:52:750 (Xscan):DeleteFile(C:\WINDOWS\LPT$VPN.375)

2007/03/29 13:46:52:750 8F25F40::ActveUpdateGetNewestPatternEngine() end
2007/03/29 13:46:52:875 8F25F40::OnSafeStateToFireEvent()
2007/03/29 13:47:00:265 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.375 to C:\WINDOWS\LPT$VPN.375

2007/03/29 13:47:00:265 (Xscan):AddTail path(A:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(C:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(D:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(E:\)
2007/03/29 13:47:00:281 (Xscan):AddTail path(F:\)
2007/03/29 13:47:00:281 (Xscan):AddTail path(G:\)
2007/03/29 13:47:00:281 8F25F40::VScanDlg.Create(619C8CA0)
2007/03/29 13:47:00:296 try to FormatSysInfoString()....

2007/03/29 13:47:00:296 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

2007/03/29 13:47:01:875 Internal Pattern Version = 4.375.00

2007/03/29 13:47:02:625 Start Scanning ************************
2007/03/29 13:47:02:625 (Xscan) : TSCKL.ini path=C:\WINDOWS\TSC.INI

2007/03/29 13:47:02:625 (Xscan) : TSCKL.ini : write

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write HouseCall has found and cleaned a malware.

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write HouseCall did not find any Trojans. Press the OK button to scan for other types of malware.

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write Please reboot your computer to completely clean the Trojan.

2007/03/29 13:47:02:656 (Xscan) : TSCKL.ini : write Please reboot your computer and run HouseCall Control again.

2007/03/29 13:47:02:656 (Xscan) : TSCKL.ini : write Allocate memory error

2007/03/29 13:47:02:671 (Xscan): CallTSCToScanVirus

2007/03/29 13:47:02:703 CXscanCtrl::CallTSCToScanVirus() : TSC pattern number = 850
2007/03/29 13:47:02:703 (Xscan): CreateProcess(CmdLine=C:\WINDOWS\TSC.EXE /mv,szHouseCallWorkDir=C:\WINDOWS)

2007/03/29 13:47:14:531 (Xscan) : MsgWaitForMultipleObjects return 0,GetLastError()=0

2007/03/29 13:47:14:531 (Xscan) : CallTSCToScanVirus() : TSC exit(0)
2007/03/29 13:47:14:531 (Xscan) : DealWithTSCExitCode(0)

2007/03/29 13:47:14:531 (Xscan) : TSCKL.EXE returned successfully

2007/03/29 13:47:14:546 CTSCProgress::GetNoInfectFromIni(int& nNoInfect )
2007/03/29 13:47:18:046 ScanFile C:\\20789c85a5d0cafb06\icones\Français.ico
2007/03/29 13:47:18:125 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:140 ScanFile C:\\20789c85a5d0cafb06\icones\Thumbs.db
2007/03/29 13:47:18:140 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:171 ScanFile C:\\20789c85a5d0cafb06\strings\French.str
2007/03/29 13:47:18:218 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:218 ScanFile C:\\20789c85a5d0cafb06\dict.avi
2007/03/29 13:47:18:500 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:500 ScanFile C:\\20789c85a5d0cafb06\dict.exe
2007/03/29 13:47:18:765 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:765 ScanFile C:\\20789c85a5d0cafb06\Dict.GID
2007/03/29 13:47:18:812 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:812 ScanFile C:\\20789c85a5d0cafb06\Dict.hlp
2007/03/29 13:47:18:875 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:875 ScanFile C:\\20789c85a5d0cafb06\language.ini
2007/03/29 13:47:18:875 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:890 ScanFile C:\\20789c85a5d0cafb06\logo.bmp
2007/03/29 13:47:18:921 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:921 ScanFile C:\\20789c85a5d0cafb06\maj.bat
2007/03/29 13:47:18:968 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:968 ScanFile C:\\20789c85a5d0cafb06\msxml4-KB927978-enu.log
2007/03/29 13:47:19:000 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:000 ScanFile C:\\20789c85a5d0cafb06\right.wav
2007/03/29 13:47:19:031 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:031 ScanFile C:\\20789c85a5d0cafb06\skipped.wav
2007/03/29 13:47:19:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:062 ScanFile C:\\20789c85a5d0cafb06\wrong.wav
2007/03/29 13:47:19:093 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:109 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL1208.DLL
2007/03/29 13:47:19:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:234 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35.DAT
2007/03/29 13:47:19:281 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:281 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35C.DAT
2007/03/29 13:47:19:296 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:296 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35R.DAT
2007/03/29 13:47:19:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:328 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNS12X.ICC
2007/03/29 13:47:19:390 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:390 ScanFile C:\\CanoScan\CNQL35\CNQL35\MC2.TXT
2007/03/29 13:47:19:421 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:421 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CANOIT32.EXE
2007/03/29 13:47:19:468 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:468 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CISDS.DS
2007/03/29 13:47:19:515 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:515 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CNQU77.DLL
2007/03/29 13:47:19:562 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:562 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CNZ005.ICC
2007/03/29 13:47:19:593 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:593 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSSAMP1.MID
2007/03/29 13:47:19:625 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:625 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSUI.DLL
2007/03/29 13:47:20:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:062 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSUI_RES.DLL
2007/03/29 13:47:20:203 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:203 ScanFile C:\\CanoScan\CNQL35\CNQSG77\IOP.DLL
2007/03/29 13:47:20:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:328 ScanFile C:\\CanoScan\CNQL35\CNQSG77\ITLIB32.DLL
2007/03/29 13:47:20:421 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:421 ScanFile C:\\CanoScan\CNQL35\CNQSG77\JDA_CIMG.DLL
2007/03/29 13:47:20:453 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:468 ScanFile C:\\CanoScan\CNQL35\CNQSG77\MSVCRT.DLL
2007/03/29 13:47:20:578 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:578 ScanFile C:\\CanoScan\CNQL35\CNQSG77\NBS4MB.DLL
2007/03/29 13:47:20:625 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:640 ScanFile C:\\CanoScan\CNQL35\CNQSG77\NBSCOR4M.DLL
2007/03/29 13:47:20:796 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:796 ScanFile C:\\CanoScan\CNQL35\CNQSG77\RMSLANTC.DLL
2007/03/29 13:47:20:828 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:828 ScanFile C:\\CanoScan\CNQL35\CNQSG77\RSTCOL.DLL
2007/03/29 13:47:20:906 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:906 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SCANINTF.DLL
2007/03/29 13:47:21:015 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:031 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SCRPRMV.DLL
2007/03/29 13:47:21:046 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:046 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SGUI.DLL
2007/03/29 13:47:21:359 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:359 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TPM.DLL
2007/03/29 13:47:21:750 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:750 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWAIN.DLL
2007/03/29 13:47:21:781 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:781 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWAIN_32.DLL
2007/03/29 13:47:21:859 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:875 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWUNK_16.EXE
2007/03/29 13:47:21:906 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:906 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWUNK_32.EXE
2007/03/29 13:47:21:953 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:968 ScanFile C:\\CanoScan\CNQL35\CNQSG77\UCS32P.DLL
2007/03/29 13:47:22:125 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:125 ScanFile C:\\CanoScan\CNQL35\CNQL35.CAT
2007/03/29 13:47:22:156 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:218 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\bullet-over.gif
2007/03/29 13:47:22:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:234 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\bullet.gif
2007/03/29 13:47:22:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:234 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\header-logo.gif
2007/03/29 13:47:22:265 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:265 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\header-title.jpg
2007/03/29 13:47:22:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:921 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-cloud9.jpg
2007/03/29 13:47:22:968 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:968 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-logoslogan.gif
2007/03/29 13:47:22:984 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:984 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-octopus.jpg
2007/03/29 13:47:23:015 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:031 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\spacer.gif
2007/03/29 13:47:23:031 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:031 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\cannot-connect.htm
2007/03/29 13:47:23:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:062 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\do-not-connect.htm
2007/03/29 13:47:23:140 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:140 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\new-acdstyle.css
2007/03/29 13:47:23:203 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:203 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\Default.prf
2007/03/29 13:47:23:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:250 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\Light.prf
2007/03/29 13:47:23:265 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:265 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\PENTAX.prf
2007/03/29 13:47:23:312 Dump_Virus:pfcb->pfcb_status=0

valerie67 Messages postés 257 Statut Membre 5

bizare
j'en met un début
2007/03/29 13:44:38:953 HTML parameter

ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

2007/03/29 13:44:38:984 3AA6008::OnCreate()
2007/03/29 13:44:38:984 3AA6008::COleControl::OnCreate() Pass!
2007/03/29 13:44:38:984 3AA6008::XP platform.
2007/03/29 13:44:39:000 3AA6008::Mutex = E38
2007/03/29 13:44:39:000 3AA6008::OnCreate() Web server List checking ...
2007/03/29 13:44:39:000 3AA6008::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2007/03/29 13:44:39:015 3AA6008::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2007/03/29 13:44:39:015 3AA6008::OnCreate() Found 'www.secuser.com' in server list
2007/03/29 13:44:39:015 m_strClientIP=192.168.1.10

2007/03/29 13:44:41:015 3AA6008::OnCreate() Pass!
2007/03/29 13:44:41:109 3AA6008::ActveUpdateGetNewestPatternEngine() begin
2007/03/29 13:44:41:843 (Xscan):nCurPatVer=0

2007/03/29 13:44:41:843 (Xscan):HouseCallWorkDir = C:\WINDOWS
2007/03/29 13:44:41:843 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2007/03/29 13:44:41:906 (Xscan):vscinfo.vi_Version=
2007/03/29 13:44:41:906 (Xscan):version.build=0
2007/03/29 13:44:41:906 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2007/03/29 13:44:42:109 HC client's product version 0 in uint32_t is 0x0, Build no is 0
2007/03/29 13:44:42:140 (Xscan):nNewPatVer=0

2007/03/29 13:44:42:140 (Xscan):HouseCallWorkDir=C:\WINDOWS

2007/03/29 13:45:25:390 (Xscan):MoveFile(C:\WINDOWS\LPT$VPN.375,C:\WINDOWS\VPTNFILE.375)

2007/03/29 13:45:25:390 3AA6008::ActveUpdateGetNewestPatternEngine() end
2007/03/29 13:45:25:515 3AA6008::OnSafeStateToFireEvent()
2007/03/29 13:45:46:890 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.375 to C:\WINDOWS\LPT$VPN.375

2007/03/29 13:45:46:890 (Xscan):AddTail path(A:\)
2007/03/29 13:45:46:890 (Xscan):AddTail path(C:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(D:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(E:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(F:\)
2007/03/29 13:45:46:906 (Xscan):AddTail path(G:\)
2007/03/29 13:45:46:921 3AA6008::VScanDlg.Create(619C8CA0)
2007/03/29 13:45:46:984 try to FormatSysInfoString()....

2007/03/29 13:45:46:984 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

2007/03/29 13:45:51:484 Internal Pattern Version = 4.375.00

2007/03/29 13:45:52:296 After call NewEncryptStr => !CRYPT!8402CC078604A3CB39E07D2E43B545CD8D4AD00CE88BD02A045C5BCA8FD062F1EF592D54F5E1D44F4855DB3B11DF772C85388352B87E04F280F5C8857E4321806362D7F6A35!840CFCC52158617ACDA965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0056B7303!840966B5876E5CA76982A2F575CBF2DFB8CE4BBF24CE63D656080810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3075C22616C!3136FCE03547A97E3597EF2114C8ADE6EB8FA3F3BD0DF6DED6C6F4B4F65
2007/03/29 13:45:52:312 Get log from queue ok! data : 00,http://wtc.trendmicro.com/HcBin/HcAddLog.exe?!CRYPT!8402CC078604A3CB39E07D2E43B545CD8D4AD00CE88BD02A045C5BCA8FD062F1EF592D54F5E1D44F4855DB3B11DF772C85388352B87E04F280F5C8857E4321806362D7F6A35!840CFCC52158617ACDA965970FC4FC31FEF716570CD6F3F7CBFF46DADBB0F924E4F9CA29D8F529EAC304F048095CD107F2D0388C73FBF332BBE7B59B222FB36F9E0056B7303!840966B5876E5CA76982A2F575CBF2DFB8CE4BBF24CE63D656080810614CE5BAC40C30F32A6131A1AD35FD4DCF38F7196210A3BB7CC9ABC51D95B96F685A9CFB3075C22616C!3136FCE03547A97E3597EF2114C8ADE6EB8FA3F3BD0DF6DED6C6F4B4F65
2007/03/29 13:45:52:828 SendLog GetUrlPostErrorMessage() => <HTML><HEAD></HEAD><meta http-equiv="Content-Type" content=text/html><meta http-equiv="pragma" content="no-cache">

<meta http-equiv="expires" content="-1">

<BODY>Decrypt successfully ! Write to inbox queue successed ! total write 208 byte(s) </BODY></HTML>Elapsed Time 16 ms 
2007/03/29 13:45:52:843 Server side CGI return successed !
2007/03/29 13:45:52:843 Removed Item from queue!
2007/03/29 13:45:53:078 3AA6008::~CXscanCtrl()
2007/03/29 13:46:42:281 HTML parameter

ScanAllDrives = 0
Cleanable = 1
AutoClean = 0
ZipClean = 1
SpecialTSC = 0
EnableTSC = 1
AdUrl =
VirusAction = 0
ScanFileExtensOnly =
RenameToFileExtens = .VIR
MoveToPath = C:\HouseCallQuarantine
ShowErrorInAction = 0
TrendUserId =
TrendScanCompletedURL =
ScanReportUrl = http://wtc.trendmicro.com/HcBin/HcAddLog.exe
ScanMemoryVirus = 1
ScanBootVirus = 1
ActiveUpdateUrl = http://housecall-p.activeupdate.trendmicro.com/activeupdate/
HouseCallBaseUrl = http://wtc.trendmicro.com:8000/hcms/

2007/03/29 13:46:42:437 8F25F40::OnCreate()
2007/03/29 13:46:42:437 8F25F40::COleControl::OnCreate() Pass!
2007/03/29 13:46:42:437 8F25F40::XP platform.
2007/03/29 13:46:42:437 8F25F40::Mutex = 1DF8
2007/03/29 13:46:42:453 8F25F40::OnCreate() Web server List checking ...
2007/03/29 13:46:42:468 8F25F40::OnCreate() Get AddressBarText => 'http://www.secuser.com'
2007/03/29 13:46:42:468 8F25F40::OnCreate() Parsing hostname form AddressBarText => 'http://www.secuser.com'
2007/03/29 13:46:42:468 8F25F40::OnCreate() Found 'www.secuser.com' in server list
2007/03/29 13:46:42:500 m_strClientIP=192.168.1.10

2007/03/29 13:46:43:375 8F25F40::OnCreate() Pass!
2007/03/29 13:46:44:093 8F25F40::ActveUpdateGetNewestPatternEngine() begin
2007/03/29 13:46:46:234 (Xscan):nCurPatVer=375

2007/03/29 13:46:47:781 (Xscan):CopyFile(C:\WINDOWS\VPTNFILE.375,C:\WINDOWS\LPT$VPN.375)

2007/03/29 13:46:48:296 (Xscan):HouseCallWorkDir = C:\WINDOWS
2007/03/29 13:46:48:296 (Xscan):szDll = C:\WINDOWS\TmUpdate.dll
2007/03/29 13:46:48:343 (Xscan):vscinfo.vi_Version=8.310-1002
2007/03/29 13:46:48:343 (Xscan):version.build=1002
2007/03/29 13:46:48:359 server.ini path = C:\WINDOWS\AU_Temp\server.ini
2007/03/29 13:46:48:375 HC client's product version 5.70.850 in uint32_t is 0x57000, Build no is 850
2007/03/29 13:46:48:859 (Xscan):nNewPatVer=437500

2007/03/29 13:46:48:875 (Xscan):HouseCallWorkDir=C:\WINDOWS

2007/03/29 13:46:52:750 (Xscan):DeleteFile(C:\WINDOWS\LPT$VPN.375)

2007/03/29 13:46:52:750 8F25F40::ActveUpdateGetNewestPatternEngine() end
2007/03/29 13:46:52:875 8F25F40::OnSafeStateToFireEvent()
2007/03/29 13:47:00:265 (Xscan) : DuplicatePatternForTSC() :copy from C:\WINDOWS\VPTNFILE.375 to C:\WINDOWS\LPT$VPN.375

2007/03/29 13:47:00:265 (Xscan):AddTail path(A:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(C:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(D:\)
2007/03/29 13:47:00:265 (Xscan):AddTail path(E:\)
2007/03/29 13:47:00:281 (Xscan):AddTail path(F:\)
2007/03/29 13:47:00:281 (Xscan):AddTail path(G:\)
2007/03/29 13:47:00:281 8F25F40::VScanDlg.Create(619C8CA0)
2007/03/29 13:47:00:296 try to FormatSysInfoString()....

2007/03/29 13:47:00:296 FormatSysInfoString : 5:1:2600:VER_PLATFORM_WIN32_NT:Service Pack 2

2007/03/29 13:47:01:875 Internal Pattern Version = 4.375.00

2007/03/29 13:47:02:625 Start Scanning ************************
2007/03/29 13:47:02:625 (Xscan) : TSCKL.ini path=C:\WINDOWS\TSC.INI

2007/03/29 13:47:02:625 (Xscan) : TSCKL.ini : write

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write HouseCall has found and cleaned a malware.

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write HouseCall did not find any Trojans. Press the OK button to scan for other types of malware.

2007/03/29 13:47:02:640 (Xscan) : TSCKL.ini : write Please reboot your computer to completely clean the Trojan.

2007/03/29 13:47:02:656 (Xscan) : TSCKL.ini : write Please reboot your computer and run HouseCall Control again.

2007/03/29 13:47:02:656 (Xscan) : TSCKL.ini : write Allocate memory error

2007/03/29 13:47:02:671 (Xscan): CallTSCToScanVirus

2007/03/29 13:47:02:703 CXscanCtrl::CallTSCToScanVirus() : TSC pattern number = 850
2007/03/29 13:47:02:703 (Xscan): CreateProcess(CmdLine=C:\WINDOWS\TSC.EXE /mv,szHouseCallWorkDir=C:\WINDOWS)

2007/03/29 13:47:14:531 (Xscan) : MsgWaitForMultipleObjects return 0,GetLastError()=0

2007/03/29 13:47:14:531 (Xscan) : CallTSCToScanVirus() : TSC exit(0)
2007/03/29 13:47:14:531 (Xscan) : DealWithTSCExitCode(0)

2007/03/29 13:47:14:531 (Xscan) : TSCKL.EXE returned successfully

2007/03/29 13:47:14:546 CTSCProgress::GetNoInfectFromIni(int& nNoInfect )
2007/03/29 13:47:18:046 ScanFile C:\\20789c85a5d0cafb06\icones\Français.ico
2007/03/29 13:47:18:125 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:140 ScanFile C:\\20789c85a5d0cafb06\icones\Thumbs.db
2007/03/29 13:47:18:140 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:171 ScanFile C:\\20789c85a5d0cafb06\strings\French.str
2007/03/29 13:47:18:218 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:218 ScanFile C:\\20789c85a5d0cafb06\dict.avi
2007/03/29 13:47:18:500 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:500 ScanFile C:\\20789c85a5d0cafb06\dict.exe
2007/03/29 13:47:18:765 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:765 ScanFile C:\\20789c85a5d0cafb06\Dict.GID
2007/03/29 13:47:18:812 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:812 ScanFile C:\\20789c85a5d0cafb06\Dict.hlp
2007/03/29 13:47:18:875 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:875 ScanFile C:\\20789c85a5d0cafb06\language.ini
2007/03/29 13:47:18:875 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:890 ScanFile C:\\20789c85a5d0cafb06\logo.bmp
2007/03/29 13:47:18:921 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:921 ScanFile C:\\20789c85a5d0cafb06\maj.bat
2007/03/29 13:47:18:968 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:18:968 ScanFile C:\\20789c85a5d0cafb06\msxml4-KB927978-enu.log
2007/03/29 13:47:19:000 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:000 ScanFile C:\\20789c85a5d0cafb06\right.wav
2007/03/29 13:47:19:031 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:031 ScanFile C:\\20789c85a5d0cafb06\skipped.wav
2007/03/29 13:47:19:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:062 ScanFile C:\\20789c85a5d0cafb06\wrong.wav
2007/03/29 13:47:19:093 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:109 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL1208.DLL
2007/03/29 13:47:19:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:234 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35.DAT
2007/03/29 13:47:19:281 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:281 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35C.DAT
2007/03/29 13:47:19:296 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:296 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNQL35R.DAT
2007/03/29 13:47:19:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:328 ScanFile C:\\CanoScan\CNQL35\CNQL35\CNS12X.ICC
2007/03/29 13:47:19:390 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:390 ScanFile C:\\CanoScan\CNQL35\CNQL35\MC2.TXT
2007/03/29 13:47:19:421 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:421 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CANOIT32.EXE
2007/03/29 13:47:19:468 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:468 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CISDS.DS
2007/03/29 13:47:19:515 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:515 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CNQU77.DLL
2007/03/29 13:47:19:562 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:562 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CNZ005.ICC
2007/03/29 13:47:19:593 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:593 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSSAMP1.MID
2007/03/29 13:47:19:625 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:19:625 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSUI.DLL
2007/03/29 13:47:20:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:062 ScanFile C:\\CanoScan\CNQL35\CNQSG77\CSUI_RES.DLL
2007/03/29 13:47:20:203 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:203 ScanFile C:\\CanoScan\CNQL35\CNQSG77\IOP.DLL
2007/03/29 13:47:20:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:328 ScanFile C:\\CanoScan\CNQL35\CNQSG77\ITLIB32.DLL
2007/03/29 13:47:20:421 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:421 ScanFile C:\\CanoScan\CNQL35\CNQSG77\JDA_CIMG.DLL
2007/03/29 13:47:20:453 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:468 ScanFile C:\\CanoScan\CNQL35\CNQSG77\MSVCRT.DLL
2007/03/29 13:47:20:578 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:578 ScanFile C:\\CanoScan\CNQL35\CNQSG77\NBS4MB.DLL
2007/03/29 13:47:20:625 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:640 ScanFile C:\\CanoScan\CNQL35\CNQSG77\NBSCOR4M.DLL
2007/03/29 13:47:20:796 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:796 ScanFile C:\\CanoScan\CNQL35\CNQSG77\RMSLANTC.DLL
2007/03/29 13:47:20:828 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:828 ScanFile C:\\CanoScan\CNQL35\CNQSG77\RSTCOL.DLL
2007/03/29 13:47:20:906 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:20:906 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SCANINTF.DLL
2007/03/29 13:47:21:015 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:031 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SCRPRMV.DLL
2007/03/29 13:47:21:046 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:046 ScanFile C:\\CanoScan\CNQL35\CNQSG77\SGUI.DLL
2007/03/29 13:47:21:359 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:359 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TPM.DLL
2007/03/29 13:47:21:750 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:750 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWAIN.DLL
2007/03/29 13:47:21:781 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:781 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWAIN_32.DLL
2007/03/29 13:47:21:859 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:875 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWUNK_16.EXE
2007/03/29 13:47:21:906 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:906 ScanFile C:\\CanoScan\CNQL35\CNQSG77\TWUNK_32.EXE
2007/03/29 13:47:21:953 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:21:968 ScanFile C:\\CanoScan\CNQL35\CNQSG77\UCS32P.DLL
2007/03/29 13:47:22:125 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:125 ScanFile C:\\CanoScan\CNQL35\CNQL35.CAT
2007/03/29 13:47:22:156 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:218 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\bullet-over.gif
2007/03/29 13:47:22:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:234 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\bullet.gif
2007/03/29 13:47:22:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:234 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\header-logo.gif
2007/03/29 13:47:22:265 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:265 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\header-title.jpg
2007/03/29 13:47:22:328 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:921 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-cloud9.jpg
2007/03/29 13:47:22:968 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:968 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-logoslogan.gif
2007/03/29 13:47:22:984 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:22:984 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\masthead-octopus.jpg
2007/03/29 13:47:23:015 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:031 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\Images\spacer.gif
2007/03/29 13:47:23:031 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:031 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\cannot-connect.htm
2007/03/29 13:47:23:062 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:062 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\do-not-connect.htm
2007/03/29 13:47:23:140 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:140 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\5.0\ACDInTouch\FR\StaticPages\new-acdstyle.css
2007/03/29 13:47:23:203 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:203 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\Default.prf
2007/03/29 13:47:23:234 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:250 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\Light.prf
2007/03/29 13:47:23:265 Dump_Virus:pfcb->pfcb_status=0

2007/03/29 13:47:23:265 ScanFile C:\\Documents and Settings\All Users\Application Data\ACD Systems\ACDSee\Layouts\PENTAX.prf
2007/03/29 13:47:23:312 Dump_Virus:pfcb->pfcb_status=0

Réponse 9 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Ça n'a rien à voir avec un rapport Tools Cleaner.

valerie67 Messages postés 257 Statut Membre 5

zut ,alors je recommence!

valerie67 Messages postés 257 Statut Membre 5 > valerie67 Messages postés 257 Statut Membre

c'est p't'étre ça ?
[ Rapport ToolsCleaner version 2.2.4 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Documents and Settings\valerie\Bureau\ComboFix.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\valerie\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!

Corbeille vidée!
Fichiers temporaires nettoyés !

en tout cas je n'ai plus de pubs et pas d'autres ennuis

Réponse 10 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Oui, c'est bien ça. Tu peux supprimer Tools Cleaner et ComboFix.

Des questions ?

valerie67 Messages postés 257 Statut Membre 5

non ,pas d'autres questions,
et un GRAND MERCI a vous ,heureusement qu'il y a des personnes comme vous pour nous aider.
tout est parfait
cordialement

Réponse 11 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Salut,

Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

- Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse.

[*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:05:22, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {de44fda9-805d-413c-8322-65a08f7c99b9} - (no file)
O3 - Toolbar: (no name) - {de44fda9-805d-413c-8322-65a08f7c99b9} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [b4ba709e] rundll32.exe "C:\WINDOWS\system32\oyoxvuqv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: umbjwv.dll
O21 - SSODL: qrbgltos - {AEB7EDFC-4CF1-4FEB-8CF3-04A575FA47B3} - C:\WINDOWS\qrbgltos.dll
O21 - SSODL: ngwstxfd - {04DC8A4C-E64B-4BAF-9E65-87326D620F81} - C:\WINDOWS\ngwstxfd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:05:22, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {de44fda9-805d-413c-8322-65a08f7c99b9} - (no file)
O3 - Toolbar: (no name) - {de44fda9-805d-413c-8322-65a08f7c99b9} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [b4ba709e] rundll32.exe "C:\WINDOWS\system32\oyoxvuqv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: umbjwv.dll
O21 - SSODL: qrbgltos - {AEB7EDFC-4CF1-4FEB-8CF3-04A575FA47B3} - C:\WINDOWS\qrbgltos.dll
O21 - SSODL: ngwstxfd - {04DC8A4C-E64B-4BAF-9E65-87326D620F81} - C:\WINDOWS\ngwstxfd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe

valerie67 Messages postés 257 Statut Membre 5

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:05:22, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {de44fda9-805d-413c-8322-65a08f7c99b9} - (no file)
O3 - Toolbar: (no name) - {de44fda9-805d-413c-8322-65a08f7c99b9} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [b4ba709e] rundll32.exe "C:\WINDOWS\system32\oyoxvuqv.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSetup] D:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {87C18DD9-5FAA-4924-8D5D-C7AA19837B91} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: umbjwv.dll
O21 - SSODL: qrbgltos - {AEB7EDFC-4CF1-4FEB-8CF3-04A575FA47B3} - C:\WINDOWS\qrbgltos.dll
O21 - SSODL: ngwstxfd - {04DC8A4C-E64B-4BAF-9E65-87326D620F81} - C:\WINDOWS\ngwstxfd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logishrd\SrvLnch\SrvLnch.exe

Réponse 12 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

Ce n'est pas ce que je t'ai demandé.

Réponse 13 / 15

valerie67 Messages postés 257 Statut Membre 5

bon,j'espére que c'est ça?
SmitFraudFix v2.365

Rapport fait à 7:32:55,42, 21/10/2008
Executé à partir de C:\Documents and Settings\valerie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\valerie\Mes documents\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\notepad.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

Fichier hosts corrompu !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\lomxeqsn.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\valerie

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\valerie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\valerie\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

[!] Suspicious: qrbgltos.dll
SSODL: qrbgltos - {AEB7EDFC-4CF1-4FEB-8CF3-04A575FA47B3}

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="umbjwv.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 14 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

C'est mieux.

---> Télécharge HostsXpert sur ton Bureau :
http://www.funkytoad.com/download/HostsXpert.zip

---> Décompresse-le (Clic droit >> Extraire ici)

---> Double-clique sur HostsXpert pour le lancer

---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche est ouvert sinon tu vas avoir un message d'erreur.

valerie67 Messages postés 257 Statut Membre 5

j'ai fait ce que tu as dis et maintenant?

Réponse 15 / 15

Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention 10 305

- Redémarre ton ordinateur en mode sans échec :
https://blog.sosordi.net/

- Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

- Réponds O(oui) à ces deux questions si elles te sont posées

Voulez-vous nettoyer le registre ?
Corriger le fichier infecté ?

- Un rapport sera généré, sauvegarde-le sur le bureau

- Redémarre en mode normal

- Poste le rapport SmitfraudFix

valerie67 Messages postés 257 Statut Membre 5

voici,
SmitFraudFix v2.365

Rapport fait à 10:36:58,01, 21/10/2008
Executé à partir de C:\Documents and Settings\valerie\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{775B5E2B-2534-4796-9249-25B67086C0AE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

VIRUS GRAVE

15 réponses

Votre réponse

Discussions similaires

Newsletters