probleme avec un virus msn
Dernière réponse : dans Sécurité
Bonjours, hier j'ai attrapé un virus sur MSN. ce virus revient tout les 5 minutes et il semble qu'ils soient toujours plus nombreux d'heures en heures et aussi il utilise mes contacs . je ne sais pas quoi faire pour lenlever. Aidez-moi svp
Voici le nom des 4 chose qui son sur mon bureau :winstall,mcc,ost,et aussi gotgo mes il est disparu
Voici le nom des 4 chose qui son sur mon bureau :winstall,mcc,ost,et aussi gotgo mes il est disparu
Autres pages sur : probleme virus msn
Lassé par la pub ? Créez un compte
Bonjour,
- Télécharge Hijackthis de Merjin.
- Dézippe le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
AIDE : Tuto sur Hijackthis (Malekal)
- Télécharge Hijackthis de Merjin.
- Dézippe le dans un dossier ou sur ton bureau.
-- Clique Droit sur Hijackthis.exe :
-> Choisis "Renommer"
-> Tape Scanner.exe puis valide.
- Lance l'application
- Choisis l'option "Do a system scan and save a logfile"
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
AIDE : Tuto sur Hijackthis (Malekal)
Logfile of HijackThis v1.99.1
Scan saved at 13:24:17, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\francis\Bureau\winstall.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\ost.exe
C:\Program Files\Fichiers communs\{E45B6021-0AF0-3084-1119-031114030002}\Update.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\francis\Bureau\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Scan saved at 13:24:17, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\francis\Bureau\winstall.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\ost.exe
C:\Program Files\Fichiers communs\{E45B6021-0AF0-3084-1119-031114030002}\Update.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\francis\Bureau\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
francis - 06-12-04 13:53:24.00 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\francis\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\{345B6021-0AF0-3084-1119-031114030002}
C:\Program Files\Fichiers communs\{E45B6021-0AF0-3084-1119-031114030002}
((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 ))))))))))))))))))))))))))))))))))
2006-12-04 12:10 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-04 12:10 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2006-12-04 11:59 8,759 --a------ C:\WINDOWS\system32\ost.exe
2006-12-03 23:17 <REP> d-------- C:\WINDOWS\AU_Temp
2006-12-03 23:17 <REP> d-------- C:\WINDOWS\AU_Log
2006-12-03 23:16 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-12-03 23:16 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-12-03 23:16 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-12-03 22:36 77,824 --a------ C:\WINDOWS\system32\gotgo.exe
2006-12-03 22:36 138,565 --a------ C:\WINDOWS\system32\mcc.exe
2006-12-03 22:36 122,880 --a------ C:\WINDOWS\system32\winstall.exe
2006-12-03 22:28 <REP> dr-h----- C:\$VAULT$.AVG
2006-12-03 11:55 <REP> d-------- C:\Program Files\Pokerbility
2006-12-02 22:01 <REP> d-------- C:\Program Files\Poker Indicator
2006-11-30 13:13 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-11-30 13:13 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-11-30 13:13 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-11-30 13:09 <REP> d-------- C:\Program Files\Diablo II
2006-11-27 11:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-27 11:28 <REP> d-------- C:\Documents and Settings\francis\Application Data\Atari
2006-11-27 11:27 <REP> d-------- C:\Documents and Settings\francis\Application Data\Leadertech
2006-11-27 11:16 <REP> d-------- C:\Program Files\Atari
2006-11-25 17:59 <REP> d-------- C:\Program Files\Doom 3
2006-11-21 13:35 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-20 20:45 <REP> d-------- C:\WINDOWS\Minidump
2006-11-20 20:43 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-11-20 20:43 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-11-20 20:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-20 20:25 <REP> d-------- C:\Program Files\Monte Cristo
2006-11-20 20:22 <REP> d-------- C:\unzipped
2006-11-15 15:28 <REP> d-------- C:\Program Files\MSXML 4.0
2006-11-15 15:28 <REP> d-------- C:\74e90c776619b740e85d609734
2006-11-12 16:40 <REP> d-------- C:\Program Files\WinZip
2006-11-07 22:46 <REP> d-------- C:\Program Files\No Brakes 4x4 Racing Demo
2006-11-07 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2006-11-07 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
2006-11-07 19:23 <REP> d-------- C:\Program Files\SEGA
2006-11-07 18:33 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-07 18:33 <REP> dr-h----- C:\Documents and Settings\francis\Application Data\SecuROM
2006-11-07 16:55 <REP> d-------- C:\Program Files\eMule
2006-11-07 16:53 <REP> d-------- C:\Program Files\WinRAR
2006-11-07 16:33 <REP> d-------- C:\Program Files\Raven
2006-11-07 16:19 22,880 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2006-11-07 16:09 <REP> d-------- C:\Program Files\directx
2006-11-07 15:38 <REP> d-------- C:\Program Files\DAEMON Tools
2006-11-07 15:35 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-07 15:07 <REP> d-------- C:\Program Files\CDBurnerXP Pro 3
2006-11-05 21:51 <REP> d-------- C:\Program Files\Flash Player Pro
2006-11-04 16:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 05:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-04 13:54 -------- d-------- C:\Program Files\Fichiers communs
2006-12-04 12:33 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-04 12:32 -------- d-------- C:\Program Files\MSN Messenger
2006-12-04 12:32 -------- d-------- C:\Program Files\Messenger
2006-12-04 12:32 -------- d-------- C:\Program Files\Internet Explorer
2006-12-04 12:32 -------- d-------- C:\Program Files\Google
2006-12-03 23:49 -------- d-------- C:\Documents and Settings\francis\Application Data\AVG7
2006-11-29 13:31 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-11-27 20:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-25 18:13 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-25 15:15 -------- d-------- C:\Program Files\Microsoft Games
2006-11-13 15:04 -------- d-------- C:\Documents and Settings\francis\Application Data\Creative
2006-11-07 15:07 -------- d---s---- C:\Documents and Settings\francis\Application Data\Microsoft
2006-11-03 22:46 -------- d-------- C:\Program Files\Yahoo!
2006-11-03 18:14 -------- d-------- C:\Program Files\Fichiers communs\DirectX
2006-11-03 15:50 -------- d-------- C:\Program Files\EA GAMES
2006-11-01 11:16 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-01 01:25 -------- d-------- C:\Documents and Settings\francis\Application Data\Apple Computer
2006-11-01 01:22 -------- d-------- C:\Program Files\QuickTime
2006-11-01 01:21 -------- d-------- C:\Program Files\Apple Software Update
2006-10-31 20:28 -------- d-------- C:\Documents and Settings\francis\Application Data\Google
2006-10-31 20:23 -------- d-------- C:\Documents and Settings\francis\Application Data\Media Player Classic
2006-10-31 12:33 -------- d-------- C:\Documents and Settings\francis\Application Data\Macromedia
2006-10-31 12:21 -------- d-------- C:\Program Files\BitComet
2006-10-30 20:56 -------- d-------- C:\Documents and Settings\francis\Application Data\Microsoft Games
2006-10-30 14:56 -------- d-------- C:\Program Files\Creative
2006-10-30 14:56 -------- d-------- C:\Program Files\Audible
2006-10-30 14:48 -------- d-------- C:\Program Files\Windows Media Player
2006-10-30 14:35 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-30 14:28 -------- d-------- C:\Program Files\M‚t‚oM‚dia
2006-10-30 14:22 -------- d-------- C:\Program Files\Ahead
2006-10-29 18:51 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-29 18:51 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-29 18:51 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-29 18:51 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-29 18:51 -------- d-------- C:\Program Files\Grisoft
2006-10-29 18:49 -------- d-------- C:\Program Files\MSN Apps
2006-10-29 18:26 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-29 18:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-29 18:21 -------- d-------- C:\Documents and Settings\francis\Application Data\Lavasoft
2006-10-29 17:18 -------- d-------- C:\Program Files\Outlook Express
2006-10-29 17:18 -------- d-------- C:\Program Files\Fichiers communs\System
2006-10-29 16:33 -------- d-------- C:\Program Files\Movie Maker
2006-10-29 16:30 -------- d-------- C:\Program Files\Windows NT
2006-10-29 16:30 -------- d-------- C:\Program Files\NetMeeting
2006-10-29 15:46 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-29 15:39 -------- d-------- C:\Program Files\MSN
2006-10-29 15:38 -------- d-------- C:\Documents and Settings\francis\Application Data\MSN6
2006-10-29 15:35 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-29 15:35 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-29 15:35 -------- d-------- C:\Documents and Settings\francis\Application Data\Identities
2006-10-29 15:27 -------- d-------- C:\Program Files\xerox
2006-10-29 15:27 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-29 15:26 0 -rahs---- C:\MSDOS.SYS
2006-10-29 15:26 0 -rahs---- C:\IO.SYS
2006-10-29 15:26 0 --a------ C:\CONFIG.SYS
2006-10-29 15:26 0 --a------ C:\AUTOEXEC.BAT
2006-10-29 15:24 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-10-29 15:23 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-10-29 15:22 -------- d-------- C:\Program Files\Services en ligne
2006-10-29 15:22 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-29 15:22 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-29 06:59 62 --ahs---- C:\Documents and Settings\francis\Application Data\desktop.ini
2006-10-29 06:59 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-10-29 06:59 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-10-13 07:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-14 01:14 593938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-09-13 00:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MétéoIMédia"="C:\\Program Files\\MétéoMédia\\MétéoIMédia\\WeatherEye"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AlcxMonitor"="ALCXMNTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-12-04 13:55:02.93
C:\ComboFix.txt ... 06-12-04 13:55
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\francis\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Fichiers communs\Yazzle1122OinUninstaller.exe
C:\Program Files\Fichiers communs\{345B6021-0AF0-3084-1119-031114030002}
C:\Program Files\Fichiers communs\{E45B6021-0AF0-3084-1119-031114030002}
((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 ))))))))))))))))))))))))))))))))))
2006-12-04 12:10 <REP> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-04 12:10 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2006-12-04 11:59 8,759 --a------ C:\WINDOWS\system32\ost.exe
2006-12-03 23:17 <REP> d-------- C:\WINDOWS\AU_Temp
2006-12-03 23:17 <REP> d-------- C:\WINDOWS\AU_Log
2006-12-03 23:16 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-12-03 23:16 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-12-03 23:16 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-12-03 22:36 77,824 --a------ C:\WINDOWS\system32\gotgo.exe
2006-12-03 22:36 138,565 --a------ C:\WINDOWS\system32\mcc.exe
2006-12-03 22:36 122,880 --a------ C:\WINDOWS\system32\winstall.exe
2006-12-03 22:28 <REP> dr-h----- C:\$VAULT$.AVG
2006-12-03 11:55 <REP> d-------- C:\Program Files\Pokerbility
2006-12-02 22:01 <REP> d-------- C:\Program Files\Poker Indicator
2006-11-30 13:13 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2006-11-30 13:13 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2006-11-30 13:13 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2006-11-30 13:09 <REP> d-------- C:\Program Files\Diablo II
2006-11-27 11:28 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-11-27 11:28 <REP> d-------- C:\Documents and Settings\francis\Application Data\Atari
2006-11-27 11:27 <REP> d-------- C:\Documents and Settings\francis\Application Data\Leadertech
2006-11-27 11:16 <REP> d-------- C:\Program Files\Atari
2006-11-25 17:59 <REP> d-------- C:\Program Files\Doom 3
2006-11-21 13:35 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-11-20 20:45 <REP> d-------- C:\WINDOWS\Minidump
2006-11-20 20:43 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-11-20 20:43 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-11-20 20:42 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2006-11-20 20:25 <REP> d-------- C:\Program Files\Monte Cristo
2006-11-20 20:22 <REP> d-------- C:\unzipped
2006-11-15 15:28 <REP> d-------- C:\Program Files\MSXML 4.0
2006-11-15 15:28 <REP> d-------- C:\74e90c776619b740e85d609734
2006-11-12 16:40 <REP> d-------- C:\Program Files\WinZip
2006-11-07 22:46 <REP> d-------- C:\Program Files\No Brakes 4x4 Racing Demo
2006-11-07 22:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2006-11-07 22:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 XPack Trial
2006-11-07 19:23 <REP> d-------- C:\Program Files\SEGA
2006-11-07 18:33 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-07 18:33 <REP> dr-h----- C:\Documents and Settings\francis\Application Data\SecuROM
2006-11-07 16:55 <REP> d-------- C:\Program Files\eMule
2006-11-07 16:53 <REP> d-------- C:\Program Files\WinRAR
2006-11-07 16:33 <REP> d-------- C:\Program Files\Raven
2006-11-07 16:19 22,880 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2006-11-07 16:09 <REP> d-------- C:\Program Files\directx
2006-11-07 15:38 <REP> d-------- C:\Program Files\DAEMON Tools
2006-11-07 15:35 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-11-07 15:07 <REP> d-------- C:\Program Files\CDBurnerXP Pro 3
2006-11-05 21:51 <REP> d-------- C:\Program Files\Flash Player Pro
2006-11-04 16:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 05:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-12-04 13:54 -------- d-------- C:\Program Files\Fichiers communs
2006-12-04 12:33 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-04 12:32 -------- d-------- C:\Program Files\MSN Messenger
2006-12-04 12:32 -------- d-------- C:\Program Files\Messenger
2006-12-04 12:32 -------- d-------- C:\Program Files\Internet Explorer
2006-12-04 12:32 -------- d-------- C:\Program Files\Google
2006-12-03 23:49 -------- d-------- C:\Documents and Settings\francis\Application Data\AVG7
2006-11-29 13:31 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll
2006-11-27 20:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-25 18:13 11973 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-11-25 15:15 -------- d-------- C:\Program Files\Microsoft Games
2006-11-13 15:04 -------- d-------- C:\Documents and Settings\francis\Application Data\Creative
2006-11-07 15:07 -------- d---s---- C:\Documents and Settings\francis\Application Data\Microsoft
2006-11-03 22:46 -------- d-------- C:\Program Files\Yahoo!
2006-11-03 18:14 -------- d-------- C:\Program Files\Fichiers communs\DirectX
2006-11-03 15:50 -------- d-------- C:\Program Files\EA GAMES
2006-11-01 11:16 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-11-01 01:25 -------- d-------- C:\Documents and Settings\francis\Application Data\Apple Computer
2006-11-01 01:22 -------- d-------- C:\Program Files\QuickTime
2006-11-01 01:21 -------- d-------- C:\Program Files\Apple Software Update
2006-10-31 20:28 -------- d-------- C:\Documents and Settings\francis\Application Data\Google
2006-10-31 20:23 -------- d-------- C:\Documents and Settings\francis\Application Data\Media Player Classic
2006-10-31 12:33 -------- d-------- C:\Documents and Settings\francis\Application Data\Macromedia
2006-10-31 12:21 -------- d-------- C:\Program Files\BitComet
2006-10-30 20:56 -------- d-------- C:\Documents and Settings\francis\Application Data\Microsoft Games
2006-10-30 14:56 -------- d-------- C:\Program Files\Creative
2006-10-30 14:56 -------- d-------- C:\Program Files\Audible
2006-10-30 14:48 -------- d-------- C:\Program Files\Windows Media Player
2006-10-30 14:35 -------- d-------- C:\Program Files\Fichiers communs\InstallShield
2006-10-30 14:28 -------- d-------- C:\Program Files\M‚t‚oM‚dia
2006-10-30 14:22 -------- d-------- C:\Program Files\Ahead
2006-10-29 18:51 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-29 18:51 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-29 18:51 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-29 18:51 28416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-29 18:51 -------- d-------- C:\Program Files\Grisoft
2006-10-29 18:49 -------- d-------- C:\Program Files\MSN Apps
2006-10-29 18:26 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-10-29 18:21 -------- d-------- C:\Program Files\Lavasoft
2006-10-29 18:21 -------- d-------- C:\Documents and Settings\francis\Application Data\Lavasoft
2006-10-29 17:18 -------- d-------- C:\Program Files\Outlook Express
2006-10-29 17:18 -------- d-------- C:\Program Files\Fichiers communs\System
2006-10-29 16:33 -------- d-------- C:\Program Files\Movie Maker
2006-10-29 16:30 -------- d-------- C:\Program Files\Windows NT
2006-10-29 16:30 -------- d-------- C:\Program Files\NetMeeting
2006-10-29 15:46 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-29 15:39 -------- d-------- C:\Program Files\MSN
2006-10-29 15:38 -------- d-------- C:\Documents and Settings\francis\Application Data\MSN6
2006-10-29 15:35 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-29 15:35 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-29 15:35 -------- d-------- C:\Documents and Settings\francis\Application Data\Identities
2006-10-29 15:27 -------- d-------- C:\Program Files\xerox
2006-10-29 15:27 -------- d-------- C:\Program Files\microsoft frontpage
2006-10-29 15:26 0 -rahs---- C:\MSDOS.SYS
2006-10-29 15:26 0 -rahs---- C:\IO.SYS
2006-10-29 15:26 0 --a------ C:\CONFIG.SYS
2006-10-29 15:26 0 --a------ C:\AUTOEXEC.BAT
2006-10-29 15:24 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-10-29 15:23 -------- d-------- C:\Program Files\Fichiers communs\MSSoap
2006-10-29 15:22 -------- d-------- C:\Program Files\Services en ligne
2006-10-29 15:22 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-29 15:22 -------- d-------- C:\Program Files\ComPlus Applications
2006-10-29 06:59 62 --ahs---- C:\Documents and Settings\francis\Application Data\desktop.ini
2006-10-29 06:59 -------- d-------- C:\Program Files\Fichiers communs\SpeechEngines
2006-10-29 06:59 -------- d-------- C:\Program Files\Fichiers communs\ODBC
2006-10-13 07:36 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:36 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:36 145920 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-13 05:23 163584 --a------ C:\WINDOWS\system32\drivers\nwrdr.sys
2006-09-14 01:14 593938 --a------ C:\WINDOWS\system32\x264vfw.dll
2006-09-13 00:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MétéoIMédia"="C:\\Program Files\\MétéoMédia\\MétéoIMédia\\WeatherEye"
"Creative Detector"="\"C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe\" /R"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AlcxMonitor"="ALCXMNTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
Completion time: 06-12-04 13:55:02.93
C:\ComboFix.txt ... 06-12-04 13:55
Ok salut... euh je profite de ce post, parce que j'ai exactement le même problème !! Est-ce possible de m'aider également ? Je peux attendre, c'est juste que j'en aie marre depuis deux jours je tente tout pour me débarasser de ce virus!
Voici donc le rapport de combofix que j'ai fais : ComboFix 06.11.27W - Running from: "C:\Documents and Settings\user\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\winstall.exe
C:\Program Files\Fichiers communs\{4242B883-03A2-3084-0831-010503200002}
((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 ))))))))))))))))))))))))))))))))))
2006-12-03 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-03 17:39 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-03 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-03 17:28 <REP> d-------- C:\WINDOWS\AU_Temp
2006-12-03 17:04 <REP> d-------- C:\Documents and Settings\user\Application Data\PC Tools
2006-12-03 16:58 <REP> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2006-12-03 16:41 <REP> d-------- C:\WINDOWS\report
2006-12-03 16:40 86,094 --a------ C:\WINDOWS\BPMNT.dll
2006-12-03 16:40 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2006-12-03 16:40 176,709 --a------ C:\WINDOWS\tsc.exe
2006-12-03 16:40 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2006-12-03 16:40 <REP> d-------- C:\WINDOWS\AU_Backup
2006-12-03 16:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-12-03 16:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-12-03 16:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-12-03 16:39 <REP> d-------- C:\WINDOWS\AU_Log
2006-12-03 15:13 <REP> d-------- C:\Program Files\Norton AntiVirus
2006-12-03 15:12 48,768 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2006-12-03 15:12 110,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2006-12-03 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-12-03 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-12-03 00:13 <REP> d-------- C:\Program Files\Lavasoft
2006-12-03 00:13 <REP> d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2006-11-30 13:15 <REP> dr-h----- C:\Documents and Settings\user\Recent
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-04 19:44 37896 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2006-10-03 23:33 174 --a------ C:\WINDOWS\Palace.reg
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"CieTest"="C:\\Program Files\\UNI\\UNI_r.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"IgfxTray"="C:\\WINDOWS\\SYSTEM32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\SYSTEM32\\hkcmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\D‚marrage du programme de r‚glages.job
Completion time: 06-12-04 14:03:59.33
C:\ComboFix.txt ... 06-12-04 14:04
Et celui d'hijack :
Logfile of HijackThis v1.99.1
Scan saved at 14:06:04, on 04/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wwxveofyofooqhkdbnd.uk/PVSM_Ch5DPtMtrayaf2N4...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CieTest] C:\Program Files\UNI\UNI_r.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe":\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe":\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe":\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTNetCN.dll /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
Aidez-moi ! lol.. Merci beaucoup
Voici donc le rapport de combofix que j'ai fais : ComboFix 06.11.27W - Running from: "C:\Documents and Settings\user\Bureau"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\winstall.exe
C:\Program Files\Fichiers communs\{4242B883-03A2-3084-0831-010503200002}
((((((((((((((((((((((((((((((( Files Created from 2006-11-04 to 2006-12-04 ))))))))))))))))))))))))))))))))))
2006-12-03 20:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-03 17:39 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-03 17:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-12-03 17:28 <REP> d-------- C:\WINDOWS\AU_Temp
2006-12-03 17:04 <REP> d-------- C:\Documents and Settings\user\Application Data\PC Tools
2006-12-03 16:58 <REP> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2006-12-03 16:41 <REP> d-------- C:\WINDOWS\report
2006-12-03 16:40 86,094 --a------ C:\WINDOWS\BPMNT.dll
2006-12-03 16:40 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2006-12-03 16:40 176,709 --a------ C:\WINDOWS\tsc.exe
2006-12-03 16:40 1,101,904 --a------ C:\WINDOWS\vsapi32.dll
2006-12-03 16:40 <REP> d-------- C:\WINDOWS\AU_Backup
2006-12-03 16:39 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2006-12-03 16:39 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2006-12-03 16:39 286,720 --a------ C:\WINDOWS\PATCH.EXE
2006-12-03 16:39 <REP> d-------- C:\WINDOWS\AU_Log
2006-12-03 15:13 <REP> d-------- C:\Program Files\Norton AntiVirus
2006-12-03 15:12 48,768 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2006-12-03 15:12 110,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS
2006-12-03 15:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2006-12-03 15:10 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2006-12-03 00:13 <REP> d-------- C:\Program Files\Lavasoft
2006-12-03 00:13 <REP> d-------- C:\Documents and Settings\user\Application Data\Lavasoft
2006-11-30 13:15 <REP> dr-h----- C:\Documents and Settings\user\Recent
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-04 19:44 37896 --a------ C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2006-10-03 23:33 174 --a------ C:\WINDOWS\Palace.reg
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SystemTray"="SysTray.Exe"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"CieTest"="C:\\Program Files\\UNI\\UNI_r.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoActiveDesktop"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000001
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoActiveDesktop"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"IgfxTray"="C:\\WINDOWS\\SYSTEM32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\SYSTEM32\\hkcmd.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\D‚marrage du programme de r‚glages.job
Completion time: 06-12-04 14:03:59.33
C:\ComboFix.txt ... 06-12-04 14:04
Et celui d'hijack :
Logfile of HijackThis v1.99.1
Scan saved at 14:06:04, on 04/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\user\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wwxveofyofooqhkdbnd.uk/PVSM_Ch5DPtMtrayaf2N4...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CieTest] C:\Program Files\UNI\UNI_r.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpl...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) -
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe":\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe":\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe":\Program Files\Fichiers communs\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTNetCN.dll /h ccCommon (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
Aidez-moi ! lol.. Merci beaucoup
Re,
On continue.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur Avg Antispyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
On continue.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Une fois AVG AS lancé, clique sur "Mise à jour"
Ferme le programme.
AIDE : Tuto sur Avg Antispyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS puis choisis l'onglet "Analyse"
Puis l'onglet "Paramètres"
Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
/!\ Si un fichier est infecté en fin d'analyse /!\
Clique sur "Appliquer toutes les actions "
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:47:27 2006-12-04
+ Résultat de l'analyse:
C:\System Volume Information\_restore{4037DF35-D285-4859-AEA6-556BD8B88200}\RP43\A0008898.exe -> Adware.MediaTicket : Nettoyé.
C:\System Volume Information\_restore{4037DF35-D285-4859-AEA6-556BD8B88200}\RP43\A0008990.exe -> Adware.MediaTicket : Nettoyé.
C:\System Volume Information\_restore{4037DF35-D285-4859-AEA6-556BD8B88200}\RP60\A0010191.exe -> Dropper.Small : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wfkiuid5ako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wgkokjajedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wgliopc5wlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjk4ckdpsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjk4ohc5ccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjkospdjedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjliwpdzihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjloalcpmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjmiknd5ilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjmiqicpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
Fin du rapport
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 15:47:27 2006-12-04
+ Résultat de l'analyse:
C:\System Volume Information\_restore{4037DF35-D285-4859-AEA6-556BD8B88200}\RP43\A0008898.exe -> Adware.MediaTicket : Nettoyé.
C:\System Volume Information\_restore{4037DF35-D285-4859-AEA6-556BD8B88200}\RP43\A0008990.exe -> Adware.MediaTicket : Nettoyé.
C:\System Volume Information\_restore{4037DF35-D285-4859-AEA6-556BD8B88200}\RP60\A0010191.exe -> Dropper.Small : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@workopolis.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@www.burstnet[1].txt -> TrackingCookie.Burstnet : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@com[1].txt -> TrackingCookie.Com : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wfkiuid5ako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wgkokjajedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wgliopc5wlp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjk4ckdpsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjk4ohc5ccq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjkospdjedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjliwpdzihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjloalcpmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjmiknd5ilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@e-2dj6wjmiqicpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
C:\Documents and Settings\francis\Cookies\francis@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 13:24:17, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\francis\Bureau\winstall.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\ost.exe
C:\Program Files\Fichiers communs\{E45B6021-0AF0-3084-1119-031114030002}\Update.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\francis\Bureau\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Scan saved at 13:24:17, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\francis\Bureau\winstall.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msrr.exe
C:\WINDOWS\system32\ost.exe
C:\Program Files\Fichiers communs\{E45B6021-0AF0-3084-1119-031114030002}\Update.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FICHIE~1\{345B6~1\888Bar.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\francis\Bureau\winstall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Bob,
le premier rapport hijackthis ces le vieux scuse moi je me suis tromper lui ces le bon:Logfile of HijackThis v1.99.1
Scan saved at 15:57:22, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Scan saved at 15:57:22, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: (no name) - {C004DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
Ok.
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
Clique sur Fix checked (en bas à gauche)
D'autres problèmes ?
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
Clique sur Fix checked (en bas à gauche)
D'autres problèmes ?
Logfile of HijackThis v1.99.1
Scan saved at 18:13:36, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Scan saved at 18:13:36, on 2006-12-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\francis\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MétéoIMédia] C:\Program Files\MétéoMédia\MétéoIMédia\WeatherEye
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: TruePass EPF 7,0,100,730 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassap...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
jai fait un scan avec panda :
Incident Statut Analyse
Adware:adware/superspider No Désinfecté c:\windows\system32\mcc.exe
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\francis\Bureau\clean\pskill.exe
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\francis\Bureau\clean.zip[clean/pskill.exe]
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\francis\Cookies\francis@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\francis\Cookies\francis@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\francis\Cookies\francis@cgi-bin[4].txt
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\francis\Cookies\francis@searchportal.information[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\francis\Cookies\francis@xiti[1].txt
Incident Statut Analyse
Adware:adware/superspider No Désinfecté c:\windows\system32\mcc.exe
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\francis\Bureau\clean\pskill.exe
Outil indésirable:Application/Pskill.K No Désinfecté C:\Documents and Settings\francis\Bureau\clean.zip[clean/pskill.exe]
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\francis\Cookies\francis@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\francis\Cookies\francis@cgi-bin[2].txt
Spyware:Cookie/Cgi-bin No Désinfecté C:\Documents and Settings\francis\Cookies\francis@cgi-bin[4].txt
Spyware:Cookie/Searchportal No Désinfecté C:\Documents and Settings\francis\Cookies\francis@searchportal.information[1].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\francis\Cookies\francis@xiti[1].txt
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumProbleme virus
- ForumProbleme de virus sur pc
- ForumProbleme avec un virus corriace
- ForumProbleme de virus
- ForumProbleme de virus internet explorer
- ForumProbleme virus resolu
- ForumProbleme de virus et anti-virus.
- ForumProbleme virus devmgrb.dll
- ForumProbleme avec virus click me
- ForumProbleme virus publicite
- Voir plus
