systeme doctor
Dernière réponse : dans Sécurité
bonsoir a tous j'ai un petit soucis avec system doctor qui s'affiche tout le temps merci de vos reponses
mag
mag
Autres pages sur : systeme doctor
Lassé par la pub ? Créez un compte
Logfile of HijackThis v1.99.1
Scan saved at 20:13:53, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.c...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Scan saved at 20:13:53, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.c...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Bonjour
Télécharge Navilog sur lr Bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Télécharge Navilog sur lr Bureau
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).
Laisse-toi guider. Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
Search Navipromo version 3.0.4 commencé le 19/09/2007 à 0:50:49,50
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 16.09.2007 a 13h00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 09/19/07 at 00:50:51.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .......................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 09/19/07 at 00:54:27 (return code = 0).
*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
* Scan C:\WINDOWS\system32 *
Fichiers trouvés :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Recherche fichiers ***
*** Recherche cles registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
3)Recherche Certificats :
Certificat Egroup absent !
*** Analyse Terminé le 19/09/2007 à 0:54:44,04 ***
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!
Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 16.09.2007 a 13h00 by IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
*** Recherche Programmes installes ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***
*** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***
*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html
F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================
Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.
[+] Started on 09/19/07 at 00:50:51.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .......................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 09/19/07 at 00:54:27 (return code = 0).
*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!
* Scan C:\WINDOWS\system32 *
Fichiers trouvés :
Aucun Fichier trouvé !
Fichiers suspects :
Aucun Fichier suspect trouvé !
*** Recherche fichiers ***
*** Recherche cles registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche fichiers connus:
2)Recherche Heuristique :
3)Recherche Certificats :
Certificat Egroup absent !
*** Analyse Terminé le 19/09/2007 à 0:54:44,04 ***
Re
Désinstalle Navilog, il ne trouve rien.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
Désinstalle Navilog, il ne trouve rien.
Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.
Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
ComboFix 07-09-18.4 - "Administrateur" 2007-09-19 19:08:26.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.320 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-08-19 to 2007-09-19 ))))))))))))))))))))))))))))))))))))
.
2007-09-19 19:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-19 11:35 <REP> d-------- C:\Program Files\BarreConfCMCIC
2007-09-19 11:22 <REP> d-------- C:\WINDOWS\LastGood
2007-09-19 00:49 <REP> d-------- C:\Program Files\Navilog1
2007-09-18 20:12 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-17 21:40 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-09-17 12:21 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-17 12:20 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-09-17 12:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-17 11:07 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-09-16 22:48 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-16 22:15 656,542 --a------ C:\204_icol.dll
2007-09-16 22:07 54,284 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-09-16 22:03 <REP> d-------- C:\WINDOWS\BricoPacks
2007-09-16 17:10 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-09-16 17:09 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-09-16 17:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-16 17:08 <REP> d-------- C:\Program Files\CyberLink
2007-09-16 14:58 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-09-16 12:04 <REP> d-------- C:\Program Files\Lavasoft
2007-09-16 11:35 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuxPaint
2007-09-14 23:08 10 --a------ C:\WINDOWS\popcinfo.dat
2007-09-14 00:28 <REP> d-------- C:\Program Files\IncrediMail
2007-09-12 21:54 <REP> d-------- C:\Program Files\MSI
2007-09-12 21:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
2007-09-12 18:39 <REP> d-------- C:\WINDOWS\SoftR
2007-09-12 15:22 <REP> d-------- C:\WINDOWS\ShellNew
2007-09-12 10:54 <REP> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-09-12 09:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-09-11 14:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Hewlett-Packard
2007-09-10 21:36 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-09-10 21:01 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-10 21:01 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-10 21:00 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-09-10 21:00 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-09-10 21:00 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-09-10 21:00 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-09-10 21:00 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-10 21:00 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-09-09 23:31 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-09 23:31 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-09 23:31 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-09 23:24 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-09-09 23:24 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-09-09 23:24 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-09 23:24 <REP> d-------- C:\Program Files\Ahead
2007-09-09 23:09 <REP> d-------- C:\Program Files\MSECache
2007-09-09 22:59 <REP> d--h----- C:\WINDOWS\PIF
2007-09-09 22:36 <REP> d-------- C:\Program Files\QuickTime
2007-09-09 22:36 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-09 22:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-09 22:35 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Mindscape
2007-09-09 22:28 <REP> d-------- C:\Program Files\Mindscape
2007-09-09 22:13 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-09-09 21:40 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-09 21:39 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-09 21:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-09 21:39 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-09-09 21:39 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-09-09 21:39 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-09-09 21:37 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-09-09 21:37 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-09-09 21:37 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-09-09 21:37 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-09-09 21:37 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-09-09 21:36 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-09 21:36 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-09-09 20:52 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 20:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
2007-09-09 20:47 <REP> d-------- C:\Program Files\Hewlett-Packard
2007-09-09 20:39 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-09 20:39 <REP> d-------- C:\Program Files\Multimedia V3.54
2007-09-09 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-09 20:38 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-09-09 20:37 <REP> d-------- C:\Program Files\C-Media 3D Audio
2007-09-09 20:36 <REP> d-------- C:\Program Files\SiSLan
2007-09-09 20:35 36,992 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS
2007-09-09 20:35 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-09-09 20:35 32,768 --a------ C:\WINDOWS\SIS_LIB.DLL
2007-09-09 20:35 3,583 --a------ C:\WINDOWS\SiSport.sys
2007-09-09 20:35 106,496 --a------ C:\WINDOWS\SiSUSBrg.exe
2007-09-09 20:35 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-09-09 20:34 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-09-09 20:31 <REP> d-------- C:\Program Files\eMule
2007-09-09 20:23 <REP> d-------- C:\Program Files\Alwil Software
2007-09-09 20:23 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-09-09 20:20 <REP> d-------- C:\Program Files\Skype
2007-09-09 20:20 <REP> d-------- C:\Program Files\Google
2007-09-09 20:20 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-09-09 20:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-09 20:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 19:57 --------- d-------- C:\Program Files\Wanadoo
2007-09-09 19:55 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-09-09 19:54 --------- d-------- C:\Program Files\Inventel
2007-09-09 19:53 81920 --a------ C:\WINDOWS\system32\W32N50.dll
2007-09-09 19:53 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2007-09-09 19:47 --------- d-------- C:\Program Files\microsoft frontpage
2007-09-09 19:44 --------- d-------- C:\Program Files\Services en ligne
2007-09-09 19:43 --------- d-------- C:\Program Files\Fichiers communs\MSSoap
2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
--------- C:\Program Files\Hijackthis Version Française
--------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de téléchargement Share-to-Web
--------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de téléchargement Share-to-Web
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 14:10]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2003-10-30 14:09]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 21:15]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 11:44]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"XPPro4.0"=%systemroot%\REG\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-01-11 23:32:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-17 15:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 19:09:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-19 19:10:45
.
--- E O F ---
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.320 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-08-19 to 2007-09-19 ))))))))))))))))))))))))))))))))))))
.
2007-09-19 19:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-19 11:35 <REP> d-------- C:\Program Files\BarreConfCMCIC
2007-09-19 11:22 <REP> d-------- C:\WINDOWS\LastGood
2007-09-19 00:49 <REP> d-------- C:\Program Files\Navilog1
2007-09-18 20:12 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-09-17 21:40 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM
2007-09-17 12:21 <REP> d-------- C:\Program Files\Windows Media Connect 2
2007-09-17 12:20 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-09-17 12:20 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-17 11:07 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-09-16 22:48 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2007-09-16 22:15 656,542 --a------ C:\204_icol.dll
2007-09-16 22:07 54,284 --a------ C:\WINDOWS\BricoPackUninst.cmd
2007-09-16 22:03 <REP> d-------- C:\WINDOWS\BricoPacks
2007-09-16 17:10 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\CyberLink
2007-09-16 17:09 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2007-09-16 17:09 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-09-16 17:08 <REP> d-------- C:\Program Files\CyberLink
2007-09-16 14:58 <REP> d-------- C:\Program Files\Windows Live Safety Center
2007-09-16 12:04 <REP> d-------- C:\Program Files\Lavasoft
2007-09-16 11:35 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\TuxPaint
2007-09-14 23:08 10 --a------ C:\WINDOWS\popcinfo.dat
2007-09-14 00:28 <REP> d-------- C:\Program Files\IncrediMail
2007-09-12 21:54 <REP> d-------- C:\Program Files\MSI
2007-09-12 21:30 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
2007-09-12 18:39 <REP> d-------- C:\WINDOWS\SoftR
2007-09-12 15:22 <REP> d-------- C:\WINDOWS\ShellNew
2007-09-12 10:54 <REP> d---s---- C:\DOCUME~1\ADMINI~1\UserData
2007-09-12 09:06 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Talkback
2007-09-11 14:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Hewlett-Packard
2007-09-10 21:36 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Ahead
2007-09-10 21:01 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-09-10 21:01 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-09-10 21:00 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-09-10 21:00 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-09-10 21:00 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-09-10 21:00 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-09-10 21:00 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-09-10 21:00 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-09-09 23:31 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2007-09-09 23:31 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2007-09-09 23:31 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2007-09-09 23:24 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-09-09 23:24 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-09-09 23:24 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-09-09 23:24 <REP> d-------- C:\Program Files\Ahead
2007-09-09 23:09 <REP> d-------- C:\Program Files\MSECache
2007-09-09 22:59 <REP> d--h----- C:\WINDOWS\PIF
2007-09-09 22:36 <REP> d-------- C:\Program Files\QuickTime
2007-09-09 22:36 <REP> d-------- C:\Program Files\Apple Software Update
2007-09-09 22:36 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-09-09 22:35 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Mindscape
2007-09-09 22:28 <REP> d-------- C:\Program Files\Mindscape
2007-09-09 22:13 <REP> d-------- C:\DOCUME~1\ADMINI~1\Contacts
2007-09-09 21:40 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-09 21:39 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2007-09-09 21:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-09 21:39 44,672 --a------ C:\WINDOWS\system32\drivers\UAGP35.SYS
2007-09-09 21:39 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2007-09-09 21:39 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-09-09 21:37 <REP> dr------- C:\DOCUME~1\DEFAUL~1\Menu D‚marrer
2007-09-09 21:37 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Menu D‚marrer
2007-09-09 21:37 <REP> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage r‚seau
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\Voisinage d'impression
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\DEFAUL~1\ModŠles
2007-09-09 21:37 <REP> d--h----- C:\DOCUME~1\ALLUSE~1\ModŠles
2007-09-09 21:37 <REP> d-------- C:\Program Files\Fichiers communs\SpeechEngines
2007-09-09 21:37 <REP> d-------- C:\Program Files\Fichiers communs\ODBC
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Mes documents
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Favoris
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\DEFAUL~1\Bureau
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Favoris
2007-09-09 21:37 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Bureau
2007-09-09 21:36 <REP> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-09 21:36 <REP> d-------- C:\WINDOWS\system32\CatRoot
2007-09-09 20:52 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-09-09 20:48 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de t‚l‚chargement Share-to-Web
2007-09-09 20:47 <REP> d-------- C:\Program Files\Hewlett-Packard
2007-09-09 20:39 <REP> d--h----- C:\Program Files\InstallShield Installation Information
2007-09-09 20:39 <REP> d-------- C:\Program Files\Multimedia V3.54
2007-09-09 20:39 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2007-09-09 20:38 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield
2007-09-09 20:37 <REP> d-------- C:\Program Files\C-Media 3D Audio
2007-09-09 20:36 <REP> d-------- C:\Program Files\SiSLan
2007-09-09 20:35 36,992 -ra------ C:\WINDOWS\system32\drivers\SISAGPX.SYS
2007-09-09 20:35 327,168 --a------ C:\WINDOWS\IsUn040c.exe
2007-09-09 20:35 32,768 --a------ C:\WINDOWS\SIS_LIB.DLL
2007-09-09 20:35 3,583 --a------ C:\WINDOWS\SiSport.sys
2007-09-09 20:35 106,496 --a------ C:\WINDOWS\SiSUSBrg.exe
2007-09-09 20:35 <REP> d-------- C:\DOCUME~1\ADMINI~1\WINDOWS
2007-09-09 20:34 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-09-09 20:31 <REP> d-------- C:\Program Files\eMule
2007-09-09 20:23 <REP> d-------- C:\Program Files\Alwil Software
2007-09-09 20:23 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-09-09 20:20 <REP> d-------- C:\Program Files\Skype
2007-09-09 20:20 <REP> d-------- C:\Program Files\Google
2007-09-09 20:20 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-09-09 20:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
2007-09-09 20:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-09 19:57 --------- d-------- C:\Program Files\Wanadoo
2007-09-09 19:55 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-09-09 19:54 --------- d-------- C:\Program Files\Inventel
2007-09-09 19:53 81920 --a------ C:\WINDOWS\system32\W32N50.dll
2007-09-09 19:53 17134 --a------ C:\WINDOWS\system32\PCANDIS5.sys
2007-09-09 19:47 --------- d-------- C:\Program Files\microsoft frontpage
2007-09-09 19:44 --------- d-------- C:\Program Files\Services en ligne
2007-09-09 19:43 --------- d-------- C:\Program Files\Fichiers communs\MSSoap
2007-09-06 12:09 801144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
--------- C:\Program Files\Hijackthis Version Française
--------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de téléchargement Share-to-Web
--------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Dossier de téléchargement Share-to-Web
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
"Cmaudio"="cmicnfg.cpl" []
"SiS Tray"="C:\WINDOWS\system32\sistray.EXE" [2003-10-30 14:10]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2003-10-30 14:09]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 15:32]
"CamMonitor"="C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 00:23]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 10:42]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-08-31 17:40]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 21:15]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35]
"Magentic"="C:\PROGRA~1\Magentic\bin\Magentic.exe" []
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-08-21 11:44]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" []
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"XPPro4.0"=%systemroot%\REG\run.cmd
"nlsf"=cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
"tscuninstall"=%systemroot%\system32\tscupgrd.exe
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2005-01-11 23:32:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=1 (0x1)
"NoSMHelp"=1 (0x1)
"MemCheckBoxInRunDlg"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoAutoUpdate"=1 (0x1)
R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-17 15:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 19:09:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-19 19:10:45
.
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 19:13:52, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.c...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Scan saved at 19:13:52, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\sistray.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdS7_0_0
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.c...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/fichiers/hardwaredetectio...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumTelecharger winmend system doctor
- ForumVirus pubs s'affichent system doctor, .
- ForumImpossible d'ouvrir norton system doctor
- ForumVirus system doctor
- ForumDrive cleaner et autres system doctor
- ForumVirus infectee par system doctor pubs
- ForumSpyware winantivirus navisearch system doctor
- ForumPubs drive cleaner et system doctor
- ForumAide pour system doctor et autres virus
- ForumProbleme virus protect system doctor
- Voir plus
