virus dans System 32!!! [Résolu]
Dernière réponse : dans Sécurité
Bonjour,
l'antivirus en ligne de secuser m'a trouvé 1 virus: TROJ DELF.IPY
dans C:\\Windows\System32\nod32.dll et dans: C:\\Documents and settings\Local Settings\Application Data\MicrosoftWindows\nod32.dll
et je n'arrive pas à m'en débarrasser, ca me dit que ce n'est pas nettoyable car en cours d'utilisation...je ne sais pas quoi faire!
est ce que quelqu'un pourrait m'aider à le supprimer?!
merci beaucoup d'avance de votre aide!
l'antivirus en ligne de secuser m'a trouvé 1 virus: TROJ DELF.IPY
dans C:\\Windows\System32\nod32.dll et dans: C:\\Documents and settings\Local Settings\Application Data\MicrosoftWindows\nod32.dll
et je n'arrive pas à m'en débarrasser, ca me dit que ce n'est pas nettoyable car en cours d'utilisation...je ne sais pas quoi faire!
est ce que quelqu'un pourrait m'aider à le supprimer?!
merci beaucoup d'avance de votre aide!
Autres pages sur : virus system resolu
Lassé par la pub ? Créez un compte
Bonjour
Bonjour
Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/d...
Fais un scan et poste l'analyse ici.
Bonjour
Télécharge HijackThis v1.99.1
http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/d...
Fais un scan et poste l'analyse ici.
bonjour et merci chercheur_
ci dessous mon rapport:
Logfile of HijackThis v1.99.1
Scan saved at 19:19:32, on 14/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci encore pour ton aide!
ci dessous mon rapport:
Logfile of HijackThis v1.99.1
Scan saved at 19:19:32, on 14/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
merci encore pour ton aide!
Re
Rien d'infectieux dans ce rapport.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse
Rien d'infectieux dans ce rapport.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse
ComboFix 07-08-14.4 - "marie" 2007-08-14 22:54:59.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.681 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))
2007-08-14 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 19:19 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-13 13:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 15:29 <REP> d-------- C:\Program Files\PhotoBox
2007-08-08 20:03 <REP> d-------- C:\Program Files\Cdiscount photos
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-13 13:30 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 13:30 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-13 13:30 267845 --a------ C:\WINDOWS\tsc.exe
2007-08-13 13:30 1163344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-02 10:38 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-30 23:35 --------- d-------- C:\DOCUME~1\marie\APPLIC~1\Samsung
2007-06-30 23:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:20 --------- d-------- C:\Program Files\Samsung
2007-06-19 23:31 --------- d-------- C:\Program Files\Google
2007-06-19 23:27 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-19 23:22 --------- d-------- C:\Program Files\Yahoo!
2007-06-19 22:32 --------- d-------- C:\Program Files\MSN Messenger
2007-06-13 22:11 40036 --a------ C:\WINDOWS\expl.exe
2007-06-13 21:22 12237 --a------ C:\WINDOWS\bhookpl.dll
2006-10-10 23:20 977375 --a------ C:\Program Files\realplay.chm
2006-10-10 23:20 86065 --a------ C:\Program Files\rpplugprot.dll
2006-10-10 23:20 73439 --a------ C:\Program Files\howto.chm
2006-10-10 23:20 719360 --a------ C:\Program Files\dbghelp.dll
2006-10-10 23:20 70 --a------ C:\Program Files\strs23.dat
2006-10-10 23:20 682 --a------ C:\Program Files\realplay.exe.manifest
2006-10-10 23:20 667689 --a------ C:\Program Files\rjbres.dll
2006-10-10 23:20 654992 --a------ C:\Program Files\normal.vs
2006-10-10 23:20 64370 --a------ C:\Program Files\RealNetworks License.html
2006-10-10 23:20 64370 --a------ C:\Program Files\playrlic.html
2006-10-10 23:20 62179 --a------ C:\Program Files\RealNetworks License.txt
2006-10-10 23:20 62179 --a------ C:\Program Files\playrlic.txt
2006-10-10 23:20 61495 --a------ C:\Program Files\ssimages.vs
2006-10-10 23:20 61485 --a------ C:\Program Files\rjwmapln.dll
2006-10-10 23:20 57395 --a------ C:\Program Files\rdsf3260.dll
2006-10-10 23:20 57385 --a------ C:\Program Files\tpasdk.dll
2006-10-10 23:20 568 --a------ C:\Program Files\fpsectbl
2006-10-10 23:20 54760 --a------ C:\Program Files\rpshellsearch.dll
2006-10-10 23:20 54736 --a------ C:\Program Files\rpshell.dll
2006-10-10 23:20 53098 --a------ C:\Program Files\presets.rnx
2006-10-10 23:20 49197 --a------ C:\Program Files\ierjplug.dll
2006-10-10 23:20 49195 --a------ C:\Program Files\mmcdda32.dll
2006-10-10 23:20 480 --a------ C:\Program Files\keys.dat
2006-10-10 23:20 45109 --a------ C:\Program Files\rpau3260.dll
2006-10-10 23:20 340040 --a------ C:\Program Files\dtdr3260.dll
2006-10-10 23:20 335911 --a------ C:\Program Files\rjdlg.dll
2006-10-10 23:20 331776 --a------ C:\Program Files\CDDBRealControl.dll
2006-10-10 23:20 32812 --a------ C:\Program Files\tnetdtct.dll
2006-10-10 23:20 32809 --a------ C:\Program Files\rjprog.dll
2006-10-10 23:20 29773 --a------ C:\Program Files\Readme.html
2006-10-10 23:20 28729 --a------ C:\Program Files\rpwa3260.dll
2006-10-10 23:20 28721 --a------ C:\Program Files\wmdmhelper.dll
2006-10-10 23:20 2851 --a------ C:\Program Files\cdroms.cfg
2006-10-10 23:20 23558 --a------ C:\Program Files\freeoffers.ico
2006-10-10 23:20 221 --a------ C:\Program Files\subscription.rnx
2006-10-10 23:20 214448 --a------ C:\Program Files\realplay.exe
2006-10-10 23:20 20531 --a------ C:\Program Files\rphelperapp.exe
2006-10-10 23:20 20529 --a------ C:\Program Files\realjbox.exe
2006-10-10 23:20 20523 --a------ C:\Program Files\fixrjb.exe
2006-10-10 23:20 17846 --a------ C:\Program Files\videotest.rm
2006-10-10 23:20 177 --a------ C:\Program Files\freeoffers.rnx
2006-10-10 23:20 16296 --a------ C:\Program Files\realtfon.fon
2006-10-10 23:20 15 --a------ C:\Program Files\strs26.dat
2006-10-10 23:20 139264 --a------ C:\Program Files\DUNZIP32.dll
2006-10-10 23:20 119808 --a------ C:\Program Files\waiting.avi
2006-10-10 23:20 11444 --a------ C:\Program Files\frw.bmp
2006-10-10 23:20 1042 --a------ C:\Program Files\autoplaylist.dat
2006-10-10 23:20 102441 --a------ C:\Program Files\tsasdk.dll
--------- C:\Program Files\Hijackthis Version Française
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-05-17 15:26]
"nwiz"="nwiz.exe" [2006-05-17 15:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-05-17 15:26]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-03 21:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-19 23:31:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\System32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\SophosMEMSWEEP.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{14B8EC7A-FD63-1B91-A29D-7774FC77B0D5}]
C:\WINDOWS\System32:httpd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7DC8B093-F5FE-B2CB-B7F2-940FB2AA50A2}]
C:\WINDOWS\System32\system32\winlogin.exe s
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
C:\Documents and Settings\marie\Application Data\server123.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4300A24-AA72-D3D5-A500-B1B2C5016030}]
C:\Documents and Settings\marie\Application Data\winlogin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmxmbnqk-qpcc-lvdd-twcc-wmilgboixxqy}]
C:\WINDOWS\System32\nod32.exe
Contents of the 'Scheduled Tasks' folder
2006-12-16 07:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 22:55:48
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-14 22:56:12
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.0.1252.33.1036.18.681 [GMT 2:00]
((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))
2007-08-14 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 19:19 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-13 13:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 15:29 <REP> d-------- C:\Program Files\PhotoBox
2007-08-08 20:03 <REP> d-------- C:\Program Files\Cdiscount photos
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-13 13:30 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 13:30 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-13 13:30 267845 --a------ C:\WINDOWS\tsc.exe
2007-08-13 13:30 1163344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-02 10:38 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-30 23:35 --------- d-------- C:\DOCUME~1\marie\APPLIC~1\Samsung
2007-06-30 23:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:20 --------- d-------- C:\Program Files\Samsung
2007-06-19 23:31 --------- d-------- C:\Program Files\Google
2007-06-19 23:27 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-19 23:22 --------- d-------- C:\Program Files\Yahoo!
2007-06-19 22:32 --------- d-------- C:\Program Files\MSN Messenger
2007-06-13 22:11 40036 --a------ C:\WINDOWS\expl.exe
2007-06-13 21:22 12237 --a------ C:\WINDOWS\bhookpl.dll
2006-10-10 23:20 977375 --a------ C:\Program Files\realplay.chm
2006-10-10 23:20 86065 --a------ C:\Program Files\rpplugprot.dll
2006-10-10 23:20 73439 --a------ C:\Program Files\howto.chm
2006-10-10 23:20 719360 --a------ C:\Program Files\dbghelp.dll
2006-10-10 23:20 70 --a------ C:\Program Files\strs23.dat
2006-10-10 23:20 682 --a------ C:\Program Files\realplay.exe.manifest
2006-10-10 23:20 667689 --a------ C:\Program Files\rjbres.dll
2006-10-10 23:20 654992 --a------ C:\Program Files\normal.vs
2006-10-10 23:20 64370 --a------ C:\Program Files\RealNetworks License.html
2006-10-10 23:20 64370 --a------ C:\Program Files\playrlic.html
2006-10-10 23:20 62179 --a------ C:\Program Files\RealNetworks License.txt
2006-10-10 23:20 62179 --a------ C:\Program Files\playrlic.txt
2006-10-10 23:20 61495 --a------ C:\Program Files\ssimages.vs
2006-10-10 23:20 61485 --a------ C:\Program Files\rjwmapln.dll
2006-10-10 23:20 57395 --a------ C:\Program Files\rdsf3260.dll
2006-10-10 23:20 57385 --a------ C:\Program Files\tpasdk.dll
2006-10-10 23:20 568 --a------ C:\Program Files\fpsectbl
2006-10-10 23:20 54760 --a------ C:\Program Files\rpshellsearch.dll
2006-10-10 23:20 54736 --a------ C:\Program Files\rpshell.dll
2006-10-10 23:20 53098 --a------ C:\Program Files\presets.rnx
2006-10-10 23:20 49197 --a------ C:\Program Files\ierjplug.dll
2006-10-10 23:20 49195 --a------ C:\Program Files\mmcdda32.dll
2006-10-10 23:20 480 --a------ C:\Program Files\keys.dat
2006-10-10 23:20 45109 --a------ C:\Program Files\rpau3260.dll
2006-10-10 23:20 340040 --a------ C:\Program Files\dtdr3260.dll
2006-10-10 23:20 335911 --a------ C:\Program Files\rjdlg.dll
2006-10-10 23:20 331776 --a------ C:\Program Files\CDDBRealControl.dll
2006-10-10 23:20 32812 --a------ C:\Program Files\tnetdtct.dll
2006-10-10 23:20 32809 --a------ C:\Program Files\rjprog.dll
2006-10-10 23:20 29773 --a------ C:\Program Files\Readme.html
2006-10-10 23:20 28729 --a------ C:\Program Files\rpwa3260.dll
2006-10-10 23:20 28721 --a------ C:\Program Files\wmdmhelper.dll
2006-10-10 23:20 2851 --a------ C:\Program Files\cdroms.cfg
2006-10-10 23:20 23558 --a------ C:\Program Files\freeoffers.ico
2006-10-10 23:20 221 --a------ C:\Program Files\subscription.rnx
2006-10-10 23:20 214448 --a------ C:\Program Files\realplay.exe
2006-10-10 23:20 20531 --a------ C:\Program Files\rphelperapp.exe
2006-10-10 23:20 20529 --a------ C:\Program Files\realjbox.exe
2006-10-10 23:20 20523 --a------ C:\Program Files\fixrjb.exe
2006-10-10 23:20 17846 --a------ C:\Program Files\videotest.rm
2006-10-10 23:20 177 --a------ C:\Program Files\freeoffers.rnx
2006-10-10 23:20 16296 --a------ C:\Program Files\realtfon.fon
2006-10-10 23:20 15 --a------ C:\Program Files\strs26.dat
2006-10-10 23:20 139264 --a------ C:\Program Files\DUNZIP32.dll
2006-10-10 23:20 119808 --a------ C:\Program Files\waiting.avi
2006-10-10 23:20 11444 --a------ C:\Program Files\frw.bmp
2006-10-10 23:20 1042 --a------ C:\Program Files\autoplaylist.dat
2006-10-10 23:20 102441 --a------ C:\Program Files\tsasdk.dll
--------- C:\Program Files\Hijackthis Version Française
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-05-17 15:26]
"nwiz"="nwiz.exe" [2006-05-17 15:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-05-17 15:26]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-03 21:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-19 23:31:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\System32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
S3 GMSIPCI;GMSIPCI;\??\D:\INSTALL\GMSIPCI.SYS
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\SophosMEMSWEEP.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{14B8EC7A-FD63-1B91-A29D-7774FC77B0D5}]
C:\WINDOWS\System32:httpd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7DC8B093-F5FE-B2CB-B7F2-940FB2AA50A2}]
C:\WINDOWS\System32\system32\winlogin.exe s
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
C:\Documents and Settings\marie\Application Data\server123.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4300A24-AA72-D3D5-A500-B1B2C5016030}]
C:\Documents and Settings\marie\Application Data\winlogin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmxmbnqk-qpcc-lvdd-twcc-wmilgboixxqy}]
C:\WINDOWS\System32\nod32.exe
Contents of the 'Scheduled Tasks' folder
2006-12-16 07:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-14 22:55:48
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-14 22:56:12
--- E O F ---
Re
$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...
$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.
$$ Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.e...
$$ Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarre l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée.
$$ Double clique sur SDFix.exe et choisis Install
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Tape Y pour lancer le script.
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire
Presse une touche pour redémarrer
Le PC va mettre du temps avant de démarrer, presse une touche lorsque "Finished" s'affiche
Ouvre le dossier SDFix et copie/colle ici le contenu du fichier "Report.txt" avec un nouveau HijackThis.
j'ai téléchargé SDFix.exe sans problème, par contre, en mode sans echec, quand j'ai essayé de l'installé ca m'a dit qu'il y avait une erreur et l'installation n'a pu se faire en entier (avec un message d'erreur me demandant d'en télécharger une autre version) - aurais-tu un autre lien?
et autre question, c'est normal que ca m'installe en meme temps dans le fichier SDFix qui est sur C: un fichier (.exe) qui s'appelle "catchme"?
merci...
et autre question, c'est normal que ca m'installe en meme temps dans le fichier SDFix qui est sur C: un fichier (.exe) qui s'appelle "catchme"?
merci...
ok merci
rapport SDFix:
SDFix: Version 1.98
Run by marie on 15/08/2007 at 00:04
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\nod32.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\system32\winlogin.exe
C:\WINDOWS\LastGood.Tmp\INF\InstMed.inf
C:\WINDOWS\LastGood.Tmp\INF\InstMed.PNF
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.inf
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem20.inf
C:\WINDOWS\LastGood.Tmp\INF\oem20.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem21.inf
C:\WINDOWS\LastGood.Tmp\INF\oem21.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem22.inf
C:\WINDOWS\LastGood.Tmp\INF\oem22.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem23.inf
C:\WINDOWS\LastGood.Tmp\INF\oem23.PNF
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.inf
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.PNF
C:\WINDOWS\LastGood.Tmp\INF\wmad.inf
C:\WINDOWS\LastGood.Tmp\INF\wmad.PNF
Finished
rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 00:08:56, on 15/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
rapport SDFix:
SDFix: Version 1.98
Run by marie on 15/08/2007 at 00:04
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\system32\nod32.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\system32\winlogin.exe
C:\WINDOWS\LastGood.Tmp\INF\InstMed.inf
C:\WINDOWS\LastGood.Tmp\INF\InstMed.PNF
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.inf
C:\WINDOWS\LastGood.Tmp\INF\msxmlx.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem12.inf
C:\WINDOWS\LastGood.Tmp\INF\oem12.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem13.inf
C:\WINDOWS\LastGood.Tmp\INF\oem13.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem14.inf
C:\WINDOWS\LastGood.Tmp\INF\oem14.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem15.inf
C:\WINDOWS\LastGood.Tmp\INF\oem15.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem16.inf
C:\WINDOWS\LastGood.Tmp\INF\oem16.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem17.inf
C:\WINDOWS\LastGood.Tmp\INF\oem17.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem18.inf
C:\WINDOWS\LastGood.Tmp\INF\oem18.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem19.inf
C:\WINDOWS\LastGood.Tmp\INF\oem19.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem20.inf
C:\WINDOWS\LastGood.Tmp\INF\oem20.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem21.inf
C:\WINDOWS\LastGood.Tmp\INF\oem21.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem22.inf
C:\WINDOWS\LastGood.Tmp\INF\oem22.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem23.inf
C:\WINDOWS\LastGood.Tmp\INF\oem23.PNF
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.inf
C:\WINDOWS\LastGood.Tmp\INF\VidCtrl2.PNF
C:\WINDOWS\LastGood.Tmp\INF\wmad.inf
C:\WINDOWS\LastGood.Tmp\INF\wmad.PNF
Finished
rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 00:08:56, on 15/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
je crois que le rapport Hijackthis n'est pas passé en entier, je te le remet:
Logfile of HijackThis v1.99.1
Scan saved at 00:08:56, on 15/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 00:08:56, on 15/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/y...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://titepoulettemarie.spaces.live.com//PhotoUpload/M...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/clients/uploader_v2.2.0...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Re
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\WINDOWS\expl.exe
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\System32:httpd.exe
C:\WINDOWS\System32\system32\winlogin.exe
C:\Documents and Settings\marie\Application Data\server123.exe
C:\Documents and Settings\marie\Application Data\winlogin.exe
C:\WINDOWS\System32\nod32.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{14B8EC7A-FD63-1B91-A29D-7774FC77B0D5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7DC8B093-F5FE-B2CB-B7F2-940FB2AA50A2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4300A24-AA72-D3D5-A500-B1B2C5016030}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmxmbnqk-qpcc-lvdd-twcc-wmilgboixxqy}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
![]()
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Copie (Ctrl+C) le texte ci-dessous :
File::
C:\WINDOWS\expl.exe
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\System32:httpd.exe
C:\WINDOWS\System32\system32\winlogin.exe
C:\Documents and Settings\marie\Application Data\server123.exe
C:\Documents and Settings\marie\Application Data\winlogin.exe
C:\WINDOWS\System32\nod32.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{14B8EC7A-FD63-1B91-A29D-7774FC77B0D5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7DC8B093-F5FE-B2CB-B7F2-940FB2AA50A2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B6A807N6-42DF-4W02-93E5-B156B3FA8AL1}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4300A24-AA72-D3D5-A500-B1B2C5016030}]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{hmxmbnqk-qpcc-lvdd-twcc-wmilgboixxqy}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt
Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
alors, voici mon rapport avec combofix:
ComboFix 07-08-14.4 - "marie" 2007-08-15 19:15:59.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.657 [GMT 2:00]
Command switches used :: C:\Documents and Settings\marie\Bureau\CFScript.txt
FILE::
C:\WINDOWS\expl.exe
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\System32:httpd.exe
C:\WINDOWS\System32\system32\winlogin.exe
C:\Documents and Settings\marie\Application Data\server123.exe
C:\Documents and Settings\marie\Application Data\winlogin.exe
C:\WINDOWS\System32\nod32.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\expl.exe
((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))
2007-08-15 00:04 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-14 23:04 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-14 23:02 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-08-14 23:02 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-14 23:02 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-08-14 23:02 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-08-14 23:02 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-14 23:02 <REP> d-------- C:\Program Files\Trojan Remover
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\marie\APPLIC~1\Simply Super Software
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-08-14 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 19:19 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-13 13:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 15:29 <REP> d-------- C:\Program Files\PhotoBox
2007-08-08 20:03 <REP> d-------- C:\Program Files\Cdiscount photos
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-15 00:02 19516 --a-s---- C:\WINDOWS\system32\syslock.sys
2007-08-13 13:30 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 13:30 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-13 13:30 267845 --a------ C:\WINDOWS\tsc.exe
2007-08-13 13:30 1163344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-02 10:38 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-30 23:35 --------- d-------- C:\DOCUME~1\marie\APPLIC~1\Samsung
2007-06-30 23:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:20 --------- d-------- C:\Program Files\Samsung
2007-06-19 23:31 --------- d-------- C:\Program Files\Google
2007-06-19 23:27 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-19 23:22 --------- d-------- C:\Program Files\Yahoo!
2007-06-19 22:32 --------- d-------- C:\Program Files\MSN Messenger
2006-10-10 23:20 977375 --a------ C:\Program Files\realplay.chm
2006-10-10 23:20 86065 --a------ C:\Program Files\rpplugprot.dll
2006-10-10 23:20 73439 --a------ C:\Program Files\howto.chm
2006-10-10 23:20 719360 --a------ C:\Program Files\dbghelp.dll
2006-10-10 23:20 70 --a------ C:\Program Files\strs23.dat
2006-10-10 23:20 682 --a------ C:\Program Files\realplay.exe.manifest
2006-10-10 23:20 667689 --a------ C:\Program Files\rjbres.dll
2006-10-10 23:20 654992 --a------ C:\Program Files\normal.vs
2006-10-10 23:20 64370 --a------ C:\Program Files\RealNetworks License.html
2006-10-10 23:20 64370 --a------ C:\Program Files\playrlic.html
2006-10-10 23:20 62179 --a------ C:\Program Files\RealNetworks License.txt
2006-10-10 23:20 62179 --a------ C:\Program Files\playrlic.txt
2006-10-10 23:20 61495 --a------ C:\Program Files\ssimages.vs
2006-10-10 23:20 61485 --a------ C:\Program Files\rjwmapln.dll
2006-10-10 23:20 57395 --a------ C:\Program Files\rdsf3260.dll
2006-10-10 23:20 57385 --a------ C:\Program Files\tpasdk.dll
2006-10-10 23:20 568 --a------ C:\Program Files\fpsectbl
2006-10-10 23:20 54760 --a------ C:\Program Files\rpshellsearch.dll
2006-10-10 23:20 54736 --a------ C:\Program Files\rpshell.dll
2006-10-10 23:20 53098 --a------ C:\Program Files\presets.rnx
2006-10-10 23:20 49197 --a------ C:\Program Files\ierjplug.dll
2006-10-10 23:20 49195 --a------ C:\Program Files\mmcdda32.dll
2006-10-10 23:20 480 --a------ C:\Program Files\keys.dat
2006-10-10 23:20 45109 --a------ C:\Program Files\rpau3260.dll
2006-10-10 23:20 340040 --a------ C:\Program Files\dtdr3260.dll
2006-10-10 23:20 335911 --a------ C:\Program Files\rjdlg.dll
2006-10-10 23:20 331776 --a------ C:\Program Files\CDDBRealControl.dll
2006-10-10 23:20 32812 --a------ C:\Program Files\tnetdtct.dll
2006-10-10 23:20 32809 --a------ C:\Program Files\rjprog.dll
2006-10-10 23:20 29773 --a------ C:\Program Files\Readme.html
2006-10-10 23:20 28729 --a------ C:\Program Files\rpwa3260.dll
2006-10-10 23:20 28721 --a------ C:\Program Files\wmdmhelper.dll
2006-10-10 23:20 2851 --a------ C:\Program Files\cdroms.cfg
2006-10-10 23:20 23558 --a------ C:\Program Files\freeoffers.ico
2006-10-10 23:20 221 --a------ C:\Program Files\subscription.rnx
2006-10-10 23:20 214448 --a------ C:\Program Files\realplay.exe
2006-10-10 23:20 20531 --a------ C:\Program Files\rphelperapp.exe
2006-10-10 23:20 20529 --a------ C:\Program Files\realjbox.exe
2006-10-10 23:20 20523 --a------ C:\Program Files\fixrjb.exe
2006-10-10 23:20 17846 --a------ C:\Program Files\videotest.rm
2006-10-10 23:20 177 --a------ C:\Program Files\freeoffers.rnx
2006-10-10 23:20 16296 --a------ C:\Program Files\realtfon.fon
2006-10-10 23:20 15 --a------ C:\Program Files\strs26.dat
2006-10-10 23:20 139264 --a------ C:\Program Files\DUNZIP32.dll
2006-10-10 23:20 119808 --a------ C:\Program Files\waiting.avi
2006-10-10 23:20 11444 --a------ C:\Program Files\frw.bmp
2006-10-10 23:20 1042 --a------ C:\Program Files\autoplaylist.dat
2006-10-10 23:20 102441 --a------ C:\Program Files\tsasdk.dll
--------- C:\Program Files\Hijackthis Version Française
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-05-17 15:26]
"nwiz"="nwiz.exe" [2006-05-17 15:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-05-17 15:26]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-08-11 20:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-03 21:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-19 23:31:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\System32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\SophosMEMSWEEP.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Contents of the 'Scheduled Tasks' folder
2006-12-16 07:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 19:18:14
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-15 19:19:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-15 19:19
C:\ComboFix2.txt ... 2007-08-15 19:13
--- E O F ---
par contre, pour info, en même temps que combofix faisait son scan, mon antivirus avast m'a signalé un cheval de troie (qui s'appelle Win32:Rizo-E) et je l'ai mis en quarantaine...
ComboFix 07-08-14.4 - "marie" 2007-08-15 19:15:59.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.657 [GMT 2:00]
Command switches used :: C:\Documents and Settings\marie\Bureau\CFScript.txt
FILE::
C:\WINDOWS\expl.exe
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\System32:httpd.exe
C:\WINDOWS\System32\system32\winlogin.exe
C:\Documents and Settings\marie\Application Data\server123.exe
C:\Documents and Settings\marie\Application Data\winlogin.exe
C:\WINDOWS\System32\nod32.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\expl.exe
((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))
2007-08-15 00:04 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-14 23:04 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-14 23:02 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-08-14 23:02 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-14 23:02 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-08-14 23:02 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-08-14 23:02 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-14 23:02 <REP> d-------- C:\Program Files\Trojan Remover
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\marie\APPLIC~1\Simply Super Software
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-08-14 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 19:19 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-13 13:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 15:29 <REP> d-------- C:\Program Files\PhotoBox
2007-08-08 20:03 <REP> d-------- C:\Program Files\Cdiscount photos
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-15 00:02 19516 --a-s---- C:\WINDOWS\system32\syslock.sys
2007-08-13 13:30 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 13:30 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-13 13:30 267845 --a------ C:\WINDOWS\tsc.exe
2007-08-13 13:30 1163344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-02 10:38 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-30 23:35 --------- d-------- C:\DOCUME~1\marie\APPLIC~1\Samsung
2007-06-30 23:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:20 --------- d-------- C:\Program Files\Samsung
2007-06-19 23:31 --------- d-------- C:\Program Files\Google
2007-06-19 23:27 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-19 23:22 --------- d-------- C:\Program Files\Yahoo!
2007-06-19 22:32 --------- d-------- C:\Program Files\MSN Messenger
2006-10-10 23:20 977375 --a------ C:\Program Files\realplay.chm
2006-10-10 23:20 86065 --a------ C:\Program Files\rpplugprot.dll
2006-10-10 23:20 73439 --a------ C:\Program Files\howto.chm
2006-10-10 23:20 719360 --a------ C:\Program Files\dbghelp.dll
2006-10-10 23:20 70 --a------ C:\Program Files\strs23.dat
2006-10-10 23:20 682 --a------ C:\Program Files\realplay.exe.manifest
2006-10-10 23:20 667689 --a------ C:\Program Files\rjbres.dll
2006-10-10 23:20 654992 --a------ C:\Program Files\normal.vs
2006-10-10 23:20 64370 --a------ C:\Program Files\RealNetworks License.html
2006-10-10 23:20 64370 --a------ C:\Program Files\playrlic.html
2006-10-10 23:20 62179 --a------ C:\Program Files\RealNetworks License.txt
2006-10-10 23:20 62179 --a------ C:\Program Files\playrlic.txt
2006-10-10 23:20 61495 --a------ C:\Program Files\ssimages.vs
2006-10-10 23:20 61485 --a------ C:\Program Files\rjwmapln.dll
2006-10-10 23:20 57395 --a------ C:\Program Files\rdsf3260.dll
2006-10-10 23:20 57385 --a------ C:\Program Files\tpasdk.dll
2006-10-10 23:20 568 --a------ C:\Program Files\fpsectbl
2006-10-10 23:20 54760 --a------ C:\Program Files\rpshellsearch.dll
2006-10-10 23:20 54736 --a------ C:\Program Files\rpshell.dll
2006-10-10 23:20 53098 --a------ C:\Program Files\presets.rnx
2006-10-10 23:20 49197 --a------ C:\Program Files\ierjplug.dll
2006-10-10 23:20 49195 --a------ C:\Program Files\mmcdda32.dll
2006-10-10 23:20 480 --a------ C:\Program Files\keys.dat
2006-10-10 23:20 45109 --a------ C:\Program Files\rpau3260.dll
2006-10-10 23:20 340040 --a------ C:\Program Files\dtdr3260.dll
2006-10-10 23:20 335911 --a------ C:\Program Files\rjdlg.dll
2006-10-10 23:20 331776 --a------ C:\Program Files\CDDBRealControl.dll
2006-10-10 23:20 32812 --a------ C:\Program Files\tnetdtct.dll
2006-10-10 23:20 32809 --a------ C:\Program Files\rjprog.dll
2006-10-10 23:20 29773 --a------ C:\Program Files\Readme.html
2006-10-10 23:20 28729 --a------ C:\Program Files\rpwa3260.dll
2006-10-10 23:20 28721 --a------ C:\Program Files\wmdmhelper.dll
2006-10-10 23:20 2851 --a------ C:\Program Files\cdroms.cfg
2006-10-10 23:20 23558 --a------ C:\Program Files\freeoffers.ico
2006-10-10 23:20 221 --a------ C:\Program Files\subscription.rnx
2006-10-10 23:20 214448 --a------ C:\Program Files\realplay.exe
2006-10-10 23:20 20531 --a------ C:\Program Files\rphelperapp.exe
2006-10-10 23:20 20529 --a------ C:\Program Files\realjbox.exe
2006-10-10 23:20 20523 --a------ C:\Program Files\fixrjb.exe
2006-10-10 23:20 17846 --a------ C:\Program Files\videotest.rm
2006-10-10 23:20 177 --a------ C:\Program Files\freeoffers.rnx
2006-10-10 23:20 16296 --a------ C:\Program Files\realtfon.fon
2006-10-10 23:20 15 --a------ C:\Program Files\strs26.dat
2006-10-10 23:20 139264 --a------ C:\Program Files\DUNZIP32.dll
2006-10-10 23:20 119808 --a------ C:\Program Files\waiting.avi
2006-10-10 23:20 11444 --a------ C:\Program Files\frw.bmp
2006-10-10 23:20 1042 --a------ C:\Program Files\autoplaylist.dat
2006-10-10 23:20 102441 --a------ C:\Program Files\tsasdk.dll
--------- C:\Program Files\Hijackthis Version Française
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-05-17 15:26]
"nwiz"="nwiz.exe" [2006-05-17 15:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-05-17 15:26]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-08-11 20:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-03 21:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-19 23:31:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\System32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\SophosMEMSWEEP.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Contents of the 'Scheduled Tasks' folder
2006-12-16 07:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 19:18:14
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-15 19:19:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-15 19:19
C:\ComboFix2.txt ... 2007-08-15 19:13
--- E O F ---
par contre, pour info, en même temps que combofix faisait son scan, mon antivirus avast m'a signalé un cheval de troie (qui s'appelle Win32:Rizo-E) et je l'ai mis en quarantaine...
je remet le rapport de combofix qui n'est pas passé en entier je crois:
ComboFix 07-08-14.4 - "marie" 2007-08-15 19:15:59.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.657 [GMT 2:00]
Command switches used :: C:\Documents and Settings\marie\Bureau\CFScript.txt
FILE::
C:\WINDOWS\expl.exe
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\System32:httpd.exe
C:\WINDOWS\System32\system32\winlogin.exe
C:\Documents and Settings\marie\Application Data\server123.exe
C:\Documents and Settings\marie\Application Data\winlogin.exe
C:\WINDOWS\System32\nod32.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\expl.exe
((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))
2007-08-15 00:04 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-14 23:04 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-14 23:02 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-08-14 23:02 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-14 23:02 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-08-14 23:02 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-08-14 23:02 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-14 23:02 <REP> d-------- C:\Program Files\Trojan Remover
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\marie\APPLIC~1\Simply Super Software
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-08-14 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 19:19 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-13 13:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 15:29 <REP> d-------- C:\Program Files\PhotoBox
2007-08-08 20:03 <REP> d-------- C:\Program Files\Cdiscount photos
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-15 00:02 19516 --a-s---- C:\WINDOWS\system32\syslock.sys
2007-08-13 13:30 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 13:30 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-13 13:30 267845 --a------ C:\WINDOWS\tsc.exe
2007-08-13 13:30 1163344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-02 10:38 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-30 23:35 --------- d-------- C:\DOCUME~1\marie\APPLIC~1\Samsung
2007-06-30 23:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:20 --------- d-------- C:\Program Files\Samsung
2007-06-19 23:31 --------- d-------- C:\Program Files\Google
2007-06-19 23:27 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-19 23:22 --------- d-------- C:\Program Files\Yahoo!
2007-06-19 22:32 --------- d-------- C:\Program Files\MSN Messenger
2006-10-10 23:20 977375 --a------ C:\Program Files\realplay.chm
2006-10-10 23:20 86065 --a------ C:\Program Files\rpplugprot.dll
2006-10-10 23:20 73439 --a------ C:\Program Files\howto.chm
2006-10-10 23:20 719360 --a------ C:\Program Files\dbghelp.dll
2006-10-10 23:20 70 --a------ C:\Program Files\strs23.dat
2006-10-10 23:20 682 --a------ C:\Program Files\realplay.exe.manifest
2006-10-10 23:20 667689 --a------ C:\Program Files\rjbres.dll
2006-10-10 23:20 654992 --a------ C:\Program Files\normal.vs
2006-10-10 23:20 64370 --a------ C:\Program Files\RealNetworks License.html
2006-10-10 23:20 64370 --a------ C:\Program Files\playrlic.html
2006-10-10 23:20 62179 --a------ C:\Program Files\RealNetworks License.txt
2006-10-10 23:20 62179 --a------ C:\Program Files\playrlic.txt
2006-10-10 23:20 61495 --a------ C:\Program Files\ssimages.vs
2006-10-10 23:20 61485 --a------ C:\Program Files\rjwmapln.dll
2006-10-10 23:20 57395 --a------ C:\Program Files\rdsf3260.dll
2006-10-10 23:20 57385 --a------ C:\Program Files\tpasdk.dll
2006-10-10 23:20 568 --a------ C:\Program Files\fpsectbl
2006-10-10 23:20 54760 --a------ C:\Program Files\rpshellsearch.dll
2006-10-10 23:20 54736 --a------ C:\Program Files\rpshell.dll
2006-10-10 23:20 53098 --a------ C:\Program Files\presets.rnx
2006-10-10 23:20 49197 --a------ C:\Program Files\ierjplug.dll
2006-10-10 23:20 49195 --a------ C:\Program Files\mmcdda32.dll
2006-10-10 23:20 480 --a------ C:\Program Files\keys.dat
2006-10-10 23:20 45109 --a------ C:\Program Files\rpau3260.dll
2006-10-10 23:20 340040 --a------ C:\Program Files\dtdr3260.dll
2006-10-10 23:20 335911 --a------ C:\Program Files\rjdlg.dll
2006-10-10 23:20 331776 --a------ C:\Program Files\CDDBRealControl.dll
2006-10-10 23:20 32812 --a------ C:\Program Files\tnetdtct.dll
2006-10-10 23:20 32809 --a------ C:\Program Files\rjprog.dll
2006-10-10 23:20 29773 --a------ C:\Program Files\Readme.html
2006-10-10 23:20 28729 --a------ C:\Program Files\rpwa3260.dll
2006-10-10 23:20 28721 --a------ C:\Program Files\wmdmhelper.dll
2006-10-10 23:20 2851 --a------ C:\Program Files\cdroms.cfg
2006-10-10 23:20 23558 --a------ C:\Program Files\freeoffers.ico
2006-10-10 23:20 221 --a------ C:\Program Files\subscription.rnx
2006-10-10 23:20 214448 --a------ C:\Program Files\realplay.exe
2006-10-10 23:20 20531 --a------ C:\Program Files\rphelperapp.exe
2006-10-10 23:20 20529 --a------ C:\Program Files\realjbox.exe
2006-10-10 23:20 20523 --a------ C:\Program Files\fixrjb.exe
2006-10-10 23:20 17846 --a------ C:\Program Files\videotest.rm
2006-10-10 23:20 177 --a------ C:\Program Files\freeoffers.rnx
2006-10-10 23:20 16296 --a------ C:\Program Files\realtfon.fon
2006-10-10 23:20 15 --a------ C:\Program Files\strs26.dat
2006-10-10 23:20 139264 --a------ C:\Program Files\DUNZIP32.dll
2006-10-10 23:20 119808 --a------ C:\Program Files\waiting.avi
2006-10-10 23:20 11444 --a------ C:\Program Files\frw.bmp
2006-10-10 23:20 1042 --a------ C:\Program Files\autoplaylist.dat
2006-10-10 23:20 102441 --a------ C:\Program Files\tsasdk.dll
--------- C:\Program Files\Hijackthis Version Française
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-05-17 15:26]
"nwiz"="nwiz.exe" [2006-05-17 15:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-05-17 15:26]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-08-11 20:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-03 21:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-19 23:31:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\System32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\SophosMEMSWEEP.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Contents of the 'Scheduled Tasks' folder
2006-12-16 07:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 19:18:14
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-15 19:19:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-15 19:19
C:\ComboFix2.txt ... 2007-08-15 19:13
--- E O F ---
ComboFix 07-08-14.4 - "marie" 2007-08-15 19:15:59.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.657 [GMT 2:00]
Command switches used :: C:\Documents and Settings\marie\Bureau\CFScript.txt
FILE::
C:\WINDOWS\expl.exe
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\System32:httpd.exe
C:\WINDOWS\System32\system32\winlogin.exe
C:\Documents and Settings\marie\Application Data\server123.exe
C:\Documents and Settings\marie\Application Data\winlogin.exe
C:\WINDOWS\System32\nod32.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\bhookpl.dll
C:\WINDOWS\expl.exe
((((((((((((((((((((((((( Files Created from 2007-07-15 to 2007-08-15 )))))))))))))))))))))))))))))))
2007-08-15 00:04 <REP> d-------- C:\WINDOWS\ERUNT
2007-08-14 23:04 <REP> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-08-14 23:02 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-08-14 23:02 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-14 23:02 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-08-14 23:02 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-08-14 23:02 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-14 23:02 <REP> d-------- C:\Program Files\Trojan Remover
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\marie\APPLIC~1\Simply Super Software
2007-08-14 23:02 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-08-14 22:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-14 19:19 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-08-13 13:29 <REP> d-------- C:\WINDOWS\AU_Temp
2007-08-11 15:29 <REP> d-------- C:\Program Files\PhotoBox
2007-08-08 20:03 <REP> d-------- C:\Program Files\Cdiscount photos
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-15 00:02 19516 --a-s---- C:\WINDOWS\system32\syslock.sys
2007-08-13 13:30 86094 --a------ C:\WINDOWS\BPMNT.dll
2007-08-13 13:30 71749 --a------ C:\WINDOWS\hcextoutput.dll
2007-08-13 13:30 267845 --a------ C:\WINDOWS\tsc.exe
2007-08-13 13:30 1163344 --a------ C:\WINDOWS\vsapi32.dll
2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-07-02 10:38 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-30 23:35 --------- d-------- C:\DOCUME~1\marie\APPLIC~1\Samsung
2007-06-30 23:21 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-30 23:20 --------- d-------- C:\Program Files\Samsung
2007-06-19 23:31 --------- d-------- C:\Program Files\Google
2007-06-19 23:27 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-19 23:22 --------- d-------- C:\Program Files\Yahoo!
2007-06-19 22:32 --------- d-------- C:\Program Files\MSN Messenger
2006-10-10 23:20 977375 --a------ C:\Program Files\realplay.chm
2006-10-10 23:20 86065 --a------ C:\Program Files\rpplugprot.dll
2006-10-10 23:20 73439 --a------ C:\Program Files\howto.chm
2006-10-10 23:20 719360 --a------ C:\Program Files\dbghelp.dll
2006-10-10 23:20 70 --a------ C:\Program Files\strs23.dat
2006-10-10 23:20 682 --a------ C:\Program Files\realplay.exe.manifest
2006-10-10 23:20 667689 --a------ C:\Program Files\rjbres.dll
2006-10-10 23:20 654992 --a------ C:\Program Files\normal.vs
2006-10-10 23:20 64370 --a------ C:\Program Files\RealNetworks License.html
2006-10-10 23:20 64370 --a------ C:\Program Files\playrlic.html
2006-10-10 23:20 62179 --a------ C:\Program Files\RealNetworks License.txt
2006-10-10 23:20 62179 --a------ C:\Program Files\playrlic.txt
2006-10-10 23:20 61495 --a------ C:\Program Files\ssimages.vs
2006-10-10 23:20 61485 --a------ C:\Program Files\rjwmapln.dll
2006-10-10 23:20 57395 --a------ C:\Program Files\rdsf3260.dll
2006-10-10 23:20 57385 --a------ C:\Program Files\tpasdk.dll
2006-10-10 23:20 568 --a------ C:\Program Files\fpsectbl
2006-10-10 23:20 54760 --a------ C:\Program Files\rpshellsearch.dll
2006-10-10 23:20 54736 --a------ C:\Program Files\rpshell.dll
2006-10-10 23:20 53098 --a------ C:\Program Files\presets.rnx
2006-10-10 23:20 49197 --a------ C:\Program Files\ierjplug.dll
2006-10-10 23:20 49195 --a------ C:\Program Files\mmcdda32.dll
2006-10-10 23:20 480 --a------ C:\Program Files\keys.dat
2006-10-10 23:20 45109 --a------ C:\Program Files\rpau3260.dll
2006-10-10 23:20 340040 --a------ C:\Program Files\dtdr3260.dll
2006-10-10 23:20 335911 --a------ C:\Program Files\rjdlg.dll
2006-10-10 23:20 331776 --a------ C:\Program Files\CDDBRealControl.dll
2006-10-10 23:20 32812 --a------ C:\Program Files\tnetdtct.dll
2006-10-10 23:20 32809 --a------ C:\Program Files\rjprog.dll
2006-10-10 23:20 29773 --a------ C:\Program Files\Readme.html
2006-10-10 23:20 28729 --a------ C:\Program Files\rpwa3260.dll
2006-10-10 23:20 28721 --a------ C:\Program Files\wmdmhelper.dll
2006-10-10 23:20 2851 --a------ C:\Program Files\cdroms.cfg
2006-10-10 23:20 23558 --a------ C:\Program Files\freeoffers.ico
2006-10-10 23:20 221 --a------ C:\Program Files\subscription.rnx
2006-10-10 23:20 214448 --a------ C:\Program Files\realplay.exe
2006-10-10 23:20 20531 --a------ C:\Program Files\rphelperapp.exe
2006-10-10 23:20 20529 --a------ C:\Program Files\realjbox.exe
2006-10-10 23:20 20523 --a------ C:\Program Files\fixrjb.exe
2006-10-10 23:20 17846 --a------ C:\Program Files\videotest.rm
2006-10-10 23:20 177 --a------ C:\Program Files\freeoffers.rnx
2006-10-10 23:20 16296 --a------ C:\Program Files\realtfon.fon
2006-10-10 23:20 15 --a------ C:\Program Files\strs26.dat
2006-10-10 23:20 139264 --a------ C:\Program Files\DUNZIP32.dll
2006-10-10 23:20 119808 --a------ C:\Program Files\waiting.avi
2006-10-10 23:20 11444 --a------ C:\Program Files\frw.bmp
2006-10-10 23:20 1042 --a------ C:\Program Files\autoplaylist.dat
2006-10-10 23:20 102441 --a------ C:\Program Files\tsasdk.dll
--------- C:\Program Files\Hijackthis Version Française
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-05-17 15:26]
"nwiz"="nwiz.exe" [2006-05-17 15:26 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-05-17 15:26]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 09:54 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 12:52]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 18:47]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 18:37]
"EPSON Stylus CX3600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.exe" [2004-03-04 05:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-08-11 20:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2001-09-28 14:00]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2006-11-03 21:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-06-19 23:31:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"=0 (0x0)
R1 PQNTDrv;PQNTDrv;C:\WINDOWS\System32\drivers\PQNTDrv.sys
R2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\System32\Drivers\ousbehci.sys
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\System32\DRIVERS\ousb2hub.sys
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\WINDOWS\System32\SophosMEMSWEEP.SYS
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ssm_bus.sys
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ssm_mdfl.sys
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ssm_mdm.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Contents of the 'Scheduled Tasks' folder
2006-12-16 07:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-15 19:18:14
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-15 19:19:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-15 19:19
C:\ComboFix2.txt ... 2007-08-15 19:13
--- E O F ---
Bien.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, August 15, 2007 10:17:51 PM
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 15/08/2007
Enregistrements dans la base antivirus Kaspersky : 357965
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
Statistiques de l'analyse
Total d'objets analysés 39339
Nombre de virus trouvés 2
Nombre d'objets infectés 6 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:28:58
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll Infecté : Trojan.Win32.Delf.ada ignoré
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.exe Infecté : Trojan.Win32.Delf.ada ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Historique\History.IE5\MSHist012007081520070816\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\marie\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\BWDocMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\BWInfopakMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\L0000014.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\storydb.idx L'objet est verrouillé ignoré
C:\SDFix\backups\backups.zip/backups/nod32.exe Infecté : Trojan.Win32.Delf.ada ignoré
C:\SDFix\backups\backups.zip ZIP: infecté - 1 ignoré
C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\MARIE-09EM1D6L9.ldb L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\nod32.dll Infecté : Trojan.Win32.Delf.ada ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT025d8.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT025dc.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\system32\winlogin.exe Infecté : Trojan.Win32.Agent.aqa ignoré
Analyse terminée.
Wednesday, August 15, 2007 10:17:51 PM
Système d'exploitation : Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 15/08/2007
Enregistrements dans la base antivirus Kaspersky : 357965
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
Statistiques de l'analyse
Total d'objets analysés 39339
Nombre de virus trouvés 2
Nombre d'objets infectés 6 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:28:58
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll Infecté : Trojan.Win32.Delf.ada ignoré
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.exe Infecté : Trojan.Win32.Delf.ada ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Historique\History.IE5\MSHist012007081520070816\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\marie\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\marie\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\BWDocMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\BWInfopakMap.pht L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\L0000014.FCS L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\marie\Data\storydb.idx L'objet est verrouillé ignoré
C:\SDFix\backups\backups.zip/backups/nod32.exe Infecté : Trojan.Win32.Delf.ada ignoré
C:\SDFix\backups\backups.zip ZIP: infecté - 1 ignoré
C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwdbglog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\fwpktlog.txt L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\IAMDB.RDB L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\MARIE-09EM1D6L9.ldb L'objet est verrouillé ignoré
C:\WINDOWS\Internet Logs\tvDebug.log L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\nod32.dll Infecté : Trojan.Win32.Delf.ada ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT025d8.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\ZLT025dc.TMP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\system32\winlogin.exe Infecté : Trojan.Win32.Agent.aqa ignoré
Analyse terminée.
Bien.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt![:p]( ":p")
aste List of Files/Folders to be moved.
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.exe
C:\WINDOWS\system32\nod32.dll
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous, et colle-la dans le cadre de gauche de OTMoveIt
aste List of Files/Folders to be moved.C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.exe
C:\WINDOWS\system32\nod32.dll
Clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre Results.
Clique sur Exit pour fermer.
Il te sera peut-être demander de redémarrer le PC pour achever la suppression. Si c'est le cas accepte par Yes.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Tu ne l'as plus, mais tu l'a déja utilisé.
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt....
merci!
DllUnregisterServer procedure not found in C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll NOT unregistered.
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll moved successfully.
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nod32.dll
C:\WINDOWS\system32\nod32.dll NOT unregistered.
C:\WINDOWS\system32\nod32.dll moved successfully.
Created on 08/15/2007 22:47:12
DllUnregisterServer procedure not found in C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll NOT unregistered.
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.dll moved successfully.
C:\Documents and Settings\amis\Local Settings\Application Data\Microsoft\Windows\nod32.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nod32.dll
C:\WINDOWS\system32\nod32.dll NOT unregistered.
C:\WINDOWS\system32\nod32.dll moved successfully.
Created on 08/15/2007 22:47:12
non, apparemment pour le moment mon ordi fonctionne mieux: pas de plantages ni de ralentissements... mon problème a l'air résolu!!!
merci beaucoup!
une dernière question: les logiciels que j'ai téléchargé (OTMoveIT, ComboFix, SDFix etc...) et les dossiers qui leur sont associés dans C: je dois les garder ou les supprimer?
merci encore de ton aide chercheur_ !!
merci beaucoup!
une dernière question: les logiciels que j'ai téléchargé (OTMoveIT, ComboFix, SDFix etc...) et les dossiers qui leur sont associés dans C: je dois les garder ou les supprimer?
merci encore de ton aide chercheur_ !!
On supprime tout les outils en faisant ceci.
Lance OTmoveIT.
Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
Une liste apparait dans la partie gauche d'OTmoveIT.
Un message apparait pour confirmer le nettoyage. Confirme
Encore deux choses.
Va sur ce lien pour mieux sécuriser ton PC
http://www.infos-du-net.com/forum/267223-11-securiser-o...
Edite ton premier message et ajoute Résolu à côté de ton titre.
Lance OTmoveIT.
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
Encore deux choses.
Va sur ce lien pour mieux sécuriser ton PC
http://www.infos-du-net.com/forum/267223-11-securiser-o...
Edite ton premier message et ajoute Résolu à côté de ton titre.
Logfile of HijackThis v1.99.1
Scan saved at 18:19:08, on 23/06/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\acer auchan\Downloads\hijackthis_199\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (HNM) (RPCER) - Unknown owner - C:\Program Files\Common Files\ODBC\comp.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Scan saved at 18:19:08, on 23/06/2009
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\windows sidebar\sidebar.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Users\acer auchan\Downloads\hijackthis_199\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: PHPNukeFR Toolbar - {1c491116-c175-45e1-a570-6fb14fea8b7b} - C:\Program Files\PHPNukeFR\tbPHPN.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - Startup: .security
O4 - Global Startup: .security
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdd_device - - C:\Windows\system32\lxddcoms.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Procedure Call (HNM) (RPCER) - Unknown owner - C:\Program Files\Common Files\ODBC\comp.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 14:37:29, on 13/06/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Temp\Temp1_hijackthis_199.zip\HijackThis.exe
C:\Windows\Temp\Temp1_hijackthis_199-1.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Windows\ehome\ehtray.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files\Windows Defender\MSASCui.exe -Hide
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\DartyBox_v3\Bewan\NetAgent\jswpsapi.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Scan saved at 14:37:29, on 13/06/2010
Platform: Unknown Windows (WinNT 6.00.1906 SP2)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Temp\Temp1_hijackthis_199.zip\HijackThis.exe
C:\Windows\Temp\Temp1_hijackthis_199-1.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dartybox.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [Assistant DartyBox] C:\Program Files\DartyBox_v3\Bewan\AssistantDB\AssistantDB_Bewan.exe -m
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [OfferBox] C:\Program Files\OfferBox\OfferBox.exe
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Windows\ehome\ehtray.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] C:\Program Files\Windows Defender\MSASCui.exe -Hide
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: PHOTOfunSTUDIO HD Edition.lnk = C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - igfxdev.dll (file missing)
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\Windows\System32\bgsvcgen.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe" Start=service (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\DartyBox_v3\Bewan\NetAgent\jswpsapi.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus system 32
- ForumVirus system 32 cmd.exe etccc
- ForumVirus dans mon system 32
- ForumHelp virus system 32
- ForumVirus dans system 32
- ForumProbleme avast virus, system 32 help
- ForumVirus system 32 doit-on le supprimer
- ForumVirus windows system 32
- ForumVirus sur windows system 32
- ForumSystem 32 virus
- Voir plus
