Protection bar + pub intempestive
Dernière réponse : dans Sécurité
Bonjours, je viens de voir avec tristesse que mon IE v7.0 vient d'être une nouvelle victime de la protection qui se met tout en au dans la barre de tache explorer de plus ma page d'acceuil et passer de google a protectionband accompagner d'un message en anglais qui dit que je suis infecter.
Voila je ne sais pas trop quoi faire mais je croi que le mieu et de demander a des personnes compétantes qui seront m'aidés comme vous (enfin je l'espère)
Voila je ne sais pas trop quoi faire mais je croi que le mieu et de demander a des personnes compétantes qui seront m'aidés comme vous (enfin je l'espère)
Autres pages sur : protection bar pub intempestive
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
&
Télécharge Hijackthis (de Merjin).
Dézippe le dans un dossier ou sur ton bureau.
Lance l'application.
Choisis l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
Colle le rapport ici.
AIDE : Tuto sur Hijackthis (Malekal)
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
&
Télécharge Hijackthis (de Merjin).
Dézippe le dans un dossier ou sur ton bureau.
Lance l'application.
Choisis l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
Colle le rapport ici.
AIDE : Tuto sur Hijackthis (Malekal)
Voila tout et fait ![:)]( ":)")
voici le rapport Smitfraudfix :
SmitFraudFix v2.144
Rapport fait à 17:15:06,26, 21/02/2007
Executé à partir de C:\Documents and Settings\diego\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\higehsg.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\diego
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\diego\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\diego\Favoris
C:\DOCUME~1\diego\Favoris\Online Security Test.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video Access ActiveX Object\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voila et celui de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:16:09, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\eChanblard\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Merci de ta réponce si rapide !
voici le rapport Smitfraudfix :SmitFraudFix v2.144
Rapport fait à 17:15:06,26, 21/02/2007
Executé à partir de C:\Documents and Settings\diego\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\higehsg.dll PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\diego
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\diego\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\diego\Favoris
C:\DOCUME~1\diego\Favoris\Online Security Test.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Video Access ActiveX Object\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Voila et celui de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:16:09, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\Program Files\Video Access ActiveX Object\pmsnrr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Video Access ActiveX Object\pmmnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Program Files\eChanblard\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Merci de ta réponce si rapide !
Re,
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
Redémarre en mode sans échec
Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.
Redémarre normalement.
Poste les rapports Hijackthis et SmitfraudFix.
OaOU je croi que sa a marcher ya plus rien !!!
je te donne quand meme les rapports
Celui de SmitfraudFix :
SmitFraudFix v2.144
Rapport fait à 17:29:48,76, 21/02/2007
Executé à partir de C:\Documents and Settings\diego\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et enfin celui de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:31:10, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.985\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
je te donne quand meme les rapports
Celui de SmitfraudFix :
SmitFraudFix v2.144
Rapport fait à 17:29:48,76, 21/02/2007
Executé à partir de C:\Documents and Settings\diego\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
et enfin celui de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:31:10, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.985\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Tu es encore infecté.
Refais un scan Smitfraudfix Option 1.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Refais un scan Smitfraudfix Option 1.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
alors voila j'ai tous fait voici le rapport sdfix :
SDFix: Version 1.67
Run by diego - 21/02/2007 @ 18:14:32,31
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system\smss.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"E:\\Program Files\\eChanblard\\emule.exe"="E:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"
"E:\\Ddidier\\mIRC\\MIRC Fr\\mIRC.exe"="E:\\Ddidier\\mIRC\\MIRC Fr\\mIRC.exe:*:Enabled:mIRC"
"E:\\Program Files\\E-DealityClient-V1\\mIRC.exe"="E:\\Program Files\\E-DealityClient-V1\\mIRC.exe:*:Enabled:mIRC"
"D:\\script\\mirc.exe"="D:\\script\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\e-deality-client2\\mIRC.exe"="D:\\script\\e-deality-client2\\mIRC.exe:*![:D]( ":D")
isabled:mIRC"
"E:\\Ddidier\\mIRC\\slach v.2\\Sl@ch-script\\sl@ch-script.exe"="E:\\Ddidier\\mIRC\\slach v.2\\Sl@ch-script\\sl@ch-script.exe:*:Enabled:mIRC"
"E:\\Ddidier\\mIRC\\mirc6.2\\mIRC\\mirc.exe"="E:\\Ddidier\\mIRC\\mirc6.2\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\IM\\mirc.exe"="D:\\script\\IM\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\né\\Né Pour Dértruire V.3\\mIRC.exe"="D:\\script\\né\\Né Pour Dértruire V.3\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX07.734\\Sommer-live Script V4\\Sommer-live Script 4.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX07.734\\Sommer-live Script V4\\Sommer-live Script 4.exe:*:Enabled![:D]( ":D")
ream Script Version 4"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\script\\digital\\mirc.exe"="D:\\script\\digital\\mirc.exe:*:Enabled:mIRC"
"E:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="E:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="E:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\script\\nirc\\mirc.exe"="D:\\script\\nirc\\mirc.exe:*:Enabled:mIRC"
"E:\\didier\\Nouveau dossier (2)\\FTP Expert 3\\ftpxpert3.exe"="E:\\didier\\Nouveau dossier (2)\\FTP Expert 3\\ftpxpert3.exe:*:Enabled:AceFTP v3"
"D:\\script\\Txscript\\mIRC.exe"="D:\\script\\Txscript\\mIRC.exe:*:Enabled:mIRC"
"D:\\script\\tx\\mirc.exe"="D:\\script\\tx\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.875\\CyborgScript\\CyborgScript.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.875\\CyborgScript\\CyborgScript.exe:*:Enabled:[-Cyborg-Script-] v0.2"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.281\\r0x 2 evolution\\-=[r0x v2]=-.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.281\\r0x 2 evolution\\-=[r0x v2]=-.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.344\\mIRC.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.344\\mIRC.exe:*:Enabled:mIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\script\\ircap\\mirc.exe"="D:\\script\\ircap\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\girc\\mirc.exe"="D:\\script\\girc\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\Alse\\mirc.exe"="D:\\script\\Alse\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\EvAscript2.0\\mirc.exe"="D:\\script\\EvAscript2.0\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.406\\Finally Script\\Finally Script.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.406\\Finally Script\\Finally Script.exe:*:Enabled:Finally Script"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.657\\Finally Script\\Finally Script.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.657\\Finally Script\\Finally Script.exe:*:Enabled:Finally Script"
"D:\\script\\nsrn\\mirc.exe"="D:\\script\\nsrn\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.672\\Zygomatik\\Zygomatik.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.672\\Zygomatik\\Zygomatik.exe:*:Enabled:ressources Application"
"D:\\script\\Finally Script\\Finally Script.exe"="D:\\script\\Finally Script\\Finally Script.exe:*:Enabled:Finally Script"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX92.344\\mirc.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX92.344\\mirc.exe:*:Enabled:mIRC"
"D:\\Jeux\\warcraft\\Warcraft III\\Warcraft III.exe"="D:\\Jeux\\warcraft\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Jeux\\warcraft\\Warcraft III\\Frozen Throne.exe"="D:\\Jeux\\warcraft\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"D:\\script\\oxygen\\OxyGenE.exe"="D:\\script\\oxygen\\OxyGenE.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.766\\mirc32.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.766\\mirc32.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.969\\Angel_Script_2.1\\Mirc.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.969\\Angel_Script_2.1\\Mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\CannaScript\\CannaScript.exe"="C:\\Program Files\\CannaScript\\CannaScript.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\21exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\21exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\28exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\28exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\55exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\55exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\59exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\59exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\4exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\4exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\87exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\87exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\90exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\90exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\45exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\45exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\16exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\16exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\12exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\12exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\68exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\68exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\3exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\3exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\2exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\2exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\24exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\24exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\49exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\49exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\80exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\80exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\97exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\97exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\8exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\8exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\60exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\60exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\13exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\13exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\35exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\35exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\1exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\1exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\26exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\26exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\18exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\18exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\7exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\7exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\73exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\73exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\86exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\86exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\61exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\61exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\81exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\81exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\82exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\82exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\32exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\32exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\92exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\92exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\94exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\94exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\95exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\95exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\84exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\84exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\78exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\78exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\9exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\9exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\66exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\66exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\33exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\33exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\74exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\74exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\39exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\39exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\48exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\48exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\11exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\11exinjs.a2.exe:*:Enabled:Microsoft Update"
"D:\\script\\irctruc\\mirc.exe"="D:\\script\\irctruc\\mirc.exe:*:Enabled:mIRC"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\50exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\50exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\37exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\37exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\38exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\38exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\54exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\54exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a2.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT11.tmp
Add/Remove Programs List:
Adobe Shockwave Player
Anti-Virus
Audacity 1.2.6
AVG Anti-Spyware 7.5
CCleaner (remove only)
Combined Community Codec Pack 2006-07-28 (Remove Only)
EF CheckSum Manager
Microsoft Office Enterprise 2007
HijackThis 1.99.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
ASUS nVIDIA Driver
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Microsoft Compression Client Pack 1.0 for Windows XP
Messenger Plus! 3
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
PremiuM ScripT
RealPlayer
Macromedia Flash Player 8
Lecteur Windows Mediaÿ11
GTK+ 2.4.14 runtime environment
Archiveur WinRAR
World of Warcraft
Microsoft User-Mode Driver Framework Feature Pack 1.0
Anti-Hacker
AutoUpdate
Anti-Spam
Mashed
ASUS Enhanced Display Driver
Macromedia Extension Manager
Macromedia Dreamweaver 8
DivX
DivX Player
MP3 Player Utilities 4.03
Microsoft Software Update for Web Folders (French) 12
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Samsung E360 USB - Handset Manager V9.2
Echantillons mutlim‚dia
DivX Converter
DivX Web Player
MSN Messenger 7.5
Adobe Photoshop CS
QuickTime
ÿnIRC v6.0
Finished
et voici celui de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:22:34, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
SDFix: Version 1.67
Run by diego - 21/02/2007 @ 18:14:32,31
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\WINDOWS\system\smss.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"E:\\Program Files\\eChanblard\\emule.exe"="E:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"
"E:\\Ddidier\\mIRC\\MIRC Fr\\mIRC.exe"="E:\\Ddidier\\mIRC\\MIRC Fr\\mIRC.exe:*:Enabled:mIRC"
"E:\\Program Files\\E-DealityClient-V1\\mIRC.exe"="E:\\Program Files\\E-DealityClient-V1\\mIRC.exe:*:Enabled:mIRC"
"D:\\script\\mirc.exe"="D:\\script\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\e-deality-client2\\mIRC.exe"="D:\\script\\e-deality-client2\\mIRC.exe:*
isabled:mIRC""E:\\Ddidier\\mIRC\\slach v.2\\Sl@ch-script\\sl@ch-script.exe"="E:\\Ddidier\\mIRC\\slach v.2\\Sl@ch-script\\sl@ch-script.exe:*:Enabled:mIRC"
"E:\\Ddidier\\mIRC\\mirc6.2\\mIRC\\mirc.exe"="E:\\Ddidier\\mIRC\\mirc6.2\\mIRC\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\IM\\mirc.exe"="D:\\script\\IM\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\né\\Né Pour Dértruire V.3\\mIRC.exe"="D:\\script\\né\\Né Pour Dértruire V.3\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX07.734\\Sommer-live Script V4\\Sommer-live Script 4.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX07.734\\Sommer-live Script V4\\Sommer-live Script 4.exe:*:Enabled
ream Script Version 4""C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\\script\\digital\\mirc.exe"="D:\\script\\digital\\mirc.exe:*:Enabled:mIRC"
"E:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="E:\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"E:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe"="E:\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\\script\\nirc\\mirc.exe"="D:\\script\\nirc\\mirc.exe:*:Enabled:mIRC"
"E:\\didier\\Nouveau dossier (2)\\FTP Expert 3\\ftpxpert3.exe"="E:\\didier\\Nouveau dossier (2)\\FTP Expert 3\\ftpxpert3.exe:*:Enabled:AceFTP v3"
"D:\\script\\Txscript\\mIRC.exe"="D:\\script\\Txscript\\mIRC.exe:*:Enabled:mIRC"
"D:\\script\\tx\\mirc.exe"="D:\\script\\tx\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.875\\CyborgScript\\CyborgScript.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.875\\CyborgScript\\CyborgScript.exe:*:Enabled:[-Cyborg-Script-] v0.2"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.281\\r0x 2 evolution\\-=[r0x v2]=-.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.281\\r0x 2 evolution\\-=[r0x v2]=-.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.344\\mIRC.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.344\\mIRC.exe:*:Enabled:mIRC"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\\script\\ircap\\mirc.exe"="D:\\script\\ircap\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\girc\\mirc.exe"="D:\\script\\girc\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\Alse\\mirc.exe"="D:\\script\\Alse\\mirc.exe:*:Enabled:mIRC"
"D:\\script\\EvAscript2.0\\mirc.exe"="D:\\script\\EvAscript2.0\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.406\\Finally Script\\Finally Script.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.406\\Finally Script\\Finally Script.exe:*:Enabled:Finally Script"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.657\\Finally Script\\Finally Script.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.657\\Finally Script\\Finally Script.exe:*:Enabled:Finally Script"
"D:\\script\\nsrn\\mirc.exe"="D:\\script\\nsrn\\mirc.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.672\\Zygomatik\\Zygomatik.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.672\\Zygomatik\\Zygomatik.exe:*:Enabled:ressources Application"
"D:\\script\\Finally Script\\Finally Script.exe"="D:\\script\\Finally Script\\Finally Script.exe:*:Enabled:Finally Script"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX92.344\\mirc.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX92.344\\mirc.exe:*:Enabled:mIRC"
"D:\\Jeux\\warcraft\\Warcraft III\\Warcraft III.exe"="D:\\Jeux\\warcraft\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\\Jeux\\warcraft\\Warcraft III\\Frozen Throne.exe"="D:\\Jeux\\warcraft\\Warcraft III\\Frozen Throne.exe:*:Enabled:Warcraft III - The Frozen Throne"
"D:\\script\\oxygen\\OxyGenE.exe"="D:\\script\\oxygen\\OxyGenE.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.766\\mirc32.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.766\\mirc32.exe:*:Enabled:mIRC"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.969\\Angel_Script_2.1\\Mirc.exe"="C:\\Documents and Settings\\diego\\Local Settings\\Temp\\Rar$EX00.969\\Angel_Script_2.1\\Mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\CannaScript\\CannaScript.exe"="C:\\Program Files\\CannaScript\\CannaScript.exe:*:Enabled:mIRC"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\21exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\21exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\28exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\28exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\55exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\55exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\59exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\59exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\4exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\4exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\87exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\87exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\90exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\90exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\45exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\45exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\16exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\16exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a1.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\12exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\12exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\98exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\68exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\68exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\3exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\3exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\89exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\2exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\2exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\24exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\24exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\49exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\49exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\80exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\80exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\5exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\23exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\42exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\42exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\97exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\97exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\8exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\8exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\53exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\60exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\60exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\13exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\13exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\35exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\35exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\1exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\1exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\26exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\26exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\40exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\18exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\18exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\7exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\7exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\73exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\73exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\17exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\27exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\30exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\86exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\86exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\56exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\61exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\61exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\81exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\81exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\34exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\34exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\88exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\52exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\82exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\82exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\32exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\32exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\6exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\93exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\92exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\92exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\77exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\94exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\94exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\75exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\95exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\95exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\44exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\84exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\84exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\15exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\15exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\78exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\78exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\9exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\9exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\66exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\66exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\33exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\33exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\74exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\74exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\39exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\39exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\10exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\48exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\48exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\29exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\85exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\11exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\11exinjs.a2.exe:*:Enabled:Microsoft Update"
"D:\\script\\irctruc\\mirc.exe"="D:\\script\\irctruc\\mirc.exe:*:Enabled:mIRC"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\50exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\50exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\37exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\37exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\38exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\38exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\54exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\54exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\57exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\43exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\71exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\65exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\65exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\69exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a2.exe"="C:\\DOCUME~1\\diego\\LOCALS~1\\Temp\\63exinjs.a2.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT11.tmp
Add/Remove Programs List:
Adobe Shockwave Player
Anti-Virus
Audacity 1.2.6
AVG Anti-Spyware 7.5
CCleaner (remove only)
Combined Community Codec Pack 2006-07-28 (Remove Only)
EF CheckSum Manager
Microsoft Office Enterprise 2007
HijackThis 1.99.1
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
ASUS nVIDIA Driver
Correctif Windows XP - KB873339
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB888302
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Microsoft Compression Client Pack 1.0 for Windows XP
Messenger Plus! 3
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
PremiuM ScripT
RealPlayer
Macromedia Flash Player 8
Lecteur Windows Mediaÿ11
GTK+ 2.4.14 runtime environment
Archiveur WinRAR
World of Warcraft
Microsoft User-Mode Driver Framework Feature Pack 1.0
Anti-Hacker
AutoUpdate
Anti-Spam
Mashed
ASUS Enhanced Display Driver
Macromedia Extension Manager
Macromedia Dreamweaver 8
DivX
DivX Player
MP3 Player Utilities 4.03
Microsoft Software Update for Web Folders (French) 12
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Enterprise 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office OneNote MUI (French) 2007
Microsoft Office Groove MUI (French) 2007
Samsung E360 USB - Handset Manager V9.2
Echantillons mutlim‚dia
DivX Converter
DivX Web Player
MSN Messenger 7.5
Adobe Photoshop CS
QuickTime
ÿnIRC v6.0
Finished
et voici celui de Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 18:22:34, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Evite le SMS...
Un antispyware ne protège pas des virus !
Installe un antivirus comme Antivir :
http://www.malekal.com/tutorial_antivir.php
Fais un scan complet puis poste le rapport.
Un antispyware ne protège pas des virus !
Installe un antivirus comme Antivir :
http://www.malekal.com/tutorial_antivir.php
Fais un scan complet puis poste le rapport.
Logfile of HijackThis v1.99.1
Scan saved at 22:09:02, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\eChanblard\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Scan saved at 22:09:02, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Program Files\eChanblard\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\diego\LOCALS~1\Temp\Rar$EX00.203\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OESpamTest] E:\PROGRA~1\ANTIVI~1\ANTI-V~1\ANTI-S~1\OESpamTest.ExE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Anti-Hacker.lnk = E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Hacker\KAVPF.exe
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{595BE5F2-78FC-47C3-8BA3-D21825376DFD}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Anti-Virus Service (kavsvc) - Kaspersky Labs Ltd. - E:\Program Files\antivirus\Anti-Virus Perso & Pro\Anti-Virus\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Bonsoir à tous!!!
J'ai malheureusement eu le même soucis que le forumiste plus haut.
J'ai donc suivi les conseils, à priori ca a disparu, mais je préfère poster mes derniers rapports afin que l'on puisse me dire si je suis toujours infecté, et si c'est le cas avoir la marche à suivre![:)]( ":)")
Merci d'avance!!!!
Jeanrech
SmitFraudFix v2.145
Rapport fait à 0:35:07,26, 01/03/2007
Executé à partir de C:\Documents and Settings\Reg\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Reg
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Reg\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Reg\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of HijackThis v1.99.1
Scan saved at 00:37:40, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Reg\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.mairie-brest.fr/activex/AxisCamControl.c...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: bw+0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
J'ai malheureusement eu le même soucis que le forumiste plus haut.
J'ai donc suivi les conseils, à priori ca a disparu, mais je préfère poster mes derniers rapports afin que l'on puisse me dire si je suis toujours infecté, et si c'est le cas avoir la marche à suivre
Merci d'avance!!!!
Jeanrech
SmitFraudFix v2.145
Rapport fait à 0:35:07,26, 01/03/2007
Executé à partir de C:\Documents and Settings\Reg\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Reg
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Reg\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Reg\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Logfile of HijackThis v1.99.1
Scan saved at 00:37:40, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\STDSB.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Reg\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wanadoo.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\drivers\STDSB.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://camera1.mairie-brest.fr/activex/AxisCamControl.c...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: bw+0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {A02A06D4-AB52-440E-BFC8-D9BE5FF06F3F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Voici un rapport Kaspersky suite aux deux rapports précédents, je vois un virus detecté correspond à mon soucis
J'ai fais un coup de CCleaner, est suffisant?
Merci
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 01, 2007 1:42:38 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 1/03/2007
Enregistrements dans la base antivirus Kaspersky : 259549
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
Statistiques de l'analyse
Total d'objets analysés 45920
Nombre de virus trouvés 1
Nombre d'objets infectés 1 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:42:16
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_REGIS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_REGIS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Données d'applications\Network Associates\VirusScan\OnAccessScanLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Historique\History.IE5\MSHist012007030120070302\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Temporary Internet Files\Content.IE5\6R34KII2\protectionband[1].htm Infecté : not-virus:Hoax.JS.Agent.a ignoré
C:\Documents and Settings\Reg\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\BWDocMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\BWInfopakMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\L0000031.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\storydb.idx L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP263\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
J'ai fais un coup de CCleaner, est suffisant?
Merci
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 01, 2007 1:42:38 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 1/03/2007
Enregistrements dans la base antivirus Kaspersky : 259549
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
Statistiques de l'analyse
Total d'objets analysés 45920
Nombre de virus trouvés 1
Nombre d'objets infectés 1 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:42:16
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_REGIS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_REGIS.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Données d'applications\Network Associates\VirusScan\OnAccessScanLog.txt L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Historique\History.IE5\MSHist012007030120070302\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\Local Settings\Temporary Internet Files\Content.IE5\6R34KII2\protectionband[1].htm Infecté : not-virus:Hoax.JS.Agent.a ignoré
C:\Documents and Settings\Reg\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Reg\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\BWDocMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\BWInfopakMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\L0000031.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Reg\Data\storydb.idx L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP263\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
Lassé par la pub ? Créez un compte
