Cheval de troie Sos :p - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Cheval de troie Sos :p
 
Essoulefou
Profil : IDNaute
Plus d'informations
n°276487
25-01-2008 à 17:15:20

Bonjour tout le monde,
Bon pour commencer merci d'accorder un peu de votre temps pour moi :)
J'vous explique mon probleme
Depuis quelques jours un(ou des)cheval(ou chevaux !!)prennent mon pc pour un ranch >_<
J'ai beau suprimmé mais toujours la meme chose...
http://img518.imageshack.us/img518/9572/dadade3ee1.jpg
C'est pas super donc si quelqu'un pouvait m'aider j'ai vu que plusieurs personnes on eu ce probleme mais je voudrais une aide perso j'ai vraiment du mal...
J'suis protegé avec manix !euh... non Avec Avast, Sunbelt Personal Firewall (Kerio j'crois)et j'ai spybot terminator (qui cherch and destroy ~~')
Bon merci d'avance pour votre aide
Au pire j'fais un ranch de troie officiel et j'apprend l'équitation sur dada de troie *sort*

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

Angeldark
Profil : Helper
Plus d'informations
n°276520
25-01-2008 à 19:09:24

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Essoulefou
Profil : IDNaute
Plus d'informations
n°276564
25-01-2008 à 20:28:20

C'est jolie :ouch: *comprend rien*
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:27:32, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
M:\WINDOWS\System32\smss.exe
M:\WINDOWS\system32\winlogon.exe
M:\WINDOWS\system32\services.exe
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
M:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
M:\Program Files\Alwil Software\Avast4\ashServ.exe
M:\WINDOWS\system32\spoolsv.exe
M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
M:\Program Files\Bonjour\mDNSResponder.exe
M:\Program Files\Microsoft LifeCam\MSCamS32.exe
M:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
M:\WINDOWS\system32\svchost.exe
M:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\Explorer.EXE
M:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
M:\Program Files\Alwil Software\Avast4\ashWebSv.exe
M:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
M:\WINDOWS\vVX1000.exe
M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
M:\Program Files\MessengerPlus! 3\MsgPlus.exe
M:\WINDOWS\System32\svchost.exe
M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
M:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
M:\Program Files\MSN Messenger\usnsvc.exe
M:\Program Files\iPod\bin\iPodService.exe
M:\Program Files\Azureus\Azureus.exe
M:\PROGRA~1\MOZILL~1\FIREFOX.EXE
M:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
M:\WINDOWS\system32\wscntfy.exe
M:\Program Files\DAP\DAP.EXE
M:\Documents and Settings\Essou\Mes documents\My Completed Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - M:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: 193.34.17.158
O1 - Hosts: L2authd.lineage2.com
O1 - Hosts: 193.34.17.158
O1 - Hosts: L2testauthd.lineage2.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - M:\WINDOWS\system32\iifebab.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - m:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - M:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - m:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] M:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avast!] M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "M:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "M:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "M:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Clean Traces - M:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - M:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - M:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - M:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - M:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.linnea.net/activex/AxisCamControl.cab
O20 - Winlogon Notify: Antiwpa - M:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: iifebab - M:\WINDOWS\SYSTEM32\iifebab.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - M:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - M:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - M:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - M:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - M:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - M:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - M:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - M:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - M:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - M:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - M:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 7482 bytes

Angeldark
Profil : Helper
Plus d'informations
n°276571
25-01-2008 à 20:37:06

Bonjour,

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Essoulefou
Profil : IDNaute
Plus d'informations
n°276661
25-01-2008 à 23:16:18

Alors alors !

Pour le VundoFix.txt :

VundoFix V6.7.7

Checking Java version...

Scan started at 22:32:03 25/01/2008

Listing files found while scanning....

M:\WINDOWS\system32\iifebab.dll
M:\WINDOWS\system32\ssqrqqp.dll

Beginning removal...

Attempting to delete M:\WINDOWS\system32\iifebab.dll
M:\WINDOWS\system32\iifebab.dll Could not be deleted.

Attempting to delete M:\WINDOWS\system32\ssqrqqp.dll
M:\WINDOWS\system32\ssqrqqp.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete M:\WINDOWS\system32\iifebab.dll
M:\WINDOWS\system32\iifebab.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Et pour le HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:06, on 25/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
M:\WINDOWS\System32\smss.exe
M:\WINDOWS\system32\winlogon.exe
M:\WINDOWS\system32\services.exe
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
M:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
M:\Program Files\Alwil Software\Avast4\ashServ.exe
M:\WINDOWS\system32\spoolsv.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\Explorer.EXE
M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
M:\Program Files\Bonjour\mDNSResponder.exe
M:\Program Files\Microsoft LifeCam\MSCamS32.exe
M:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
M:\WINDOWS\system32\svchost.exe
M:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
M:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
M:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
M:\Program Files\Alwil Software\Avast4\ashWebSv.exe
M:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
M:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
M:\WINDOWS\System32\svchost.exe
M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
M:\WINDOWS\vVX1000.exe
M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
M:\Program Files\MessengerPlus! 3\MsgPlus.exe
M:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
M:\WINDOWS\system32\wuauclt.exe
M:\Documents and Settings\Essou\Mes documents\My Completed Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - M:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
O1 - Hosts: 193.34.17.158
O1 - Hosts: L2authd.lineage2.com
O1 - Hosts: 193.34.17.158
O1 - Hosts: L2testauthd.lineage2.com
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - M:\WINDOWS\system32\iifebab.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - m:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - M:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - m:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] M:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avast!] M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "M:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "M:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "M:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Clean Traces - M:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - M:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - M:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - M:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - M:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.linnea.net/activex/AxisCamControl.cab
O20 - Winlogon Notify: Antiwpa - M:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: iifebab - M:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - M:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - M:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - M:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - M:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - M:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - M:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - M:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - M:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - M:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - M:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - M:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

--
End of file - 7340 bytes

Angeldark
Profil : Helper
Plus d'informations
n°276731
26-01-2008 à 13:14:36

Re,

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Essoulefou
Profil : IDNaute
Plus d'informations
n°276907
27-01-2008 à 03:51:00

ComboFix 08-01-23.1C - Essou 2008-01-27 3:22:47.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.562 [GMT 1:00]
Endroit: M:\Documents and Settings\Essou\Mes documents\My Completed Downloads\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

M:\WINDOWS\system32\drivers\npf.sys
M:\WINDOWS\system32\iifebab.dll
M:\WINDOWS\system32\packet.dll
M:\WINDOWS\system32\pthreadVC.dll
M:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-27 to 2008-01-27 ))))))))))))))))))))))))))))))))))))
.

2008-01-27 03:20 . 2000-08-31 08:00 51,200 --a------ M:\WINDOWS\Nircmd.exe
2008-01-27 00:27 . 2008-01-27 00:28 <REP> d-------- M:\Program Files\EA GAMES
2008-01-26 20:00 . 2006-10-26 19:56 32,592 --a------ M:\WINDOWS\system32\msonpmon.dll
2008-01-26 19:57 . 2008-01-26 19:57 <REP> d-------- M:\Program Files\MSBuild
2008-01-26 19:57 . 2008-01-26 19:57 <REP> d-------- M:\Program Files\Microsoft Works
2008-01-26 19:55 . 2008-01-26 19:55 <REP> d-------- M:\Program Files\Microsoft.NET
2008-01-26 19:52 . 2008-01-26 19:56 <REP> d-------- M:\WINDOWS\SHELLNEW
2008-01-25 23:46 . 2008-01-25 23:46 <REP> d-------- M:\Program Files\Fichiers communs\DirectX
2008-01-25 22:32 . 2008-01-25 23:07 <REP> d-------- M:\VundoFix Backups
2008-01-23 19:17 . 2008-01-23 19:17 <REP> dr-h----- M:\MSOCache
2008-01-21 17:42 . 2008-01-21 17:42 <REP> d-------- M:\Program Files\Codemasters
2008-01-19 22:29 . 2008-01-19 22:29 <REP> d-------- M:\Program Files\iPod
2008-01-19 01:06 . 2008-01-19 01:07 <REP> d-------- M:\Program Files\SpeedBit Video Accelerator
2008-01-18 14:38 . 2008-01-23 15:02 <REP> d-------- M:\Program Files\Orange
2008-01-18 14:38 . 2006-03-01 19:53 94,208 --a------ M:\WINDOWS\system32\w32n50.dll
2008-01-18 14:38 . 2003-09-23 11:38 34,688 --a------ M:\WINDOWS\system32\pcampr5.sys
2008-01-18 14:38 . 2006-03-01 19:53 32,128 --a------ M:\WINDOWS\system32\pcandis5.sys
2008-01-18 14:37 . 2003-03-19 04:05 89,088 --a------ M:\WINDOWS\system32\atl71.dll
2008-01-18 14:07 . 2008-01-18 14:07 <REP> d-------- M:\Program Files\Inventel
2008-01-16 19:33 . 2008-01-16 19:33 <REP> d-------- M:\Program Files\Macromedia
2008-01-16 19:33 . 2008-01-16 19:33 <REP> d-------- M:\Program Files\Fichiers communs\Macromedia
2008-01-16 19:17 . 2008-01-16 19:17 <REP> d-------- M:\Program Files\PowerISO
2008-01-15 21:34 . 2008-01-18 14:39 <REP> d-------- M:\Program Files\e-anim701
2008-01-13 23:08 . 2008-01-26 23:10 425,770 --a------ M:\WINDOWS\system32\drivers\fwdrv.err
2008-01-13 22:45 . 2008-01-13 22:45 <REP> d-------- M:\Program Files\Sunbelt Software
2008-01-13 18:09 . 2008-01-13 18:10 <REP> d-------- M:\WINDOWS\system32\NtmsData
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ M:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ M:\WINDOWS\system32\QuickTime.qts
2008-01-07 17:23 . 2008-01-07 17:23 <REP> d-------- M:\Program Files\Eltima Software
2008-01-07 17:10 . 2008-01-19 22:27 <REP> d-------- M:\Program Files\QuickTime
2008-01-07 17:10 . 2008-01-19 22:29 <REP> d-------- M:\Program Files\iTunes
2008-01-07 17:09 . 2008-01-07 17:09 <REP> d-------- M:\Program Files\Fichiers communs\Apple
2008-01-07 17:09 . 2008-01-07 17:09 <REP> d-------- M:\Program Files\Apple Software Update
2007-12-29 19:08 . 2008-01-18 14:29 <REP> d-------- M:\Program Files\Kit ADSL
2007-12-29 19:08 . 1997-03-05 09:53 48,128 --a------ M:\WINDOWS\system32\SMMSCRPT.DLL
2007-12-29 19:08 . 2003-01-27 02:45 22,528 --a------ M:\WINDOWS\system32\borlndmm.dll
2007-12-29 19:08 . 1996-10-15 09:40 9,728 --a------ M:\WINDOWS\system32\RNAPH.DLL
2007-12-28 16:14 . 2008-01-27 03:07 116 --a------ M:\WINDOWS\NeroDigital.ini
2007-12-28 16:11 . 2004-07-20 17:24 1,568,768 --------- M:\WINDOWS\system32\ImagX7.dll
2007-12-28 16:11 . 2004-07-20 17:24 476,320 --------- M:\WINDOWS\system32\ImagXpr7.dll
2007-12-28 16:11 . 2004-07-20 17:24 471,040 --------- M:\WINDOWS\system32\ImagXRA7.dll
2007-12-28 16:11 . 2004-07-09 09:43 364,544 --------- M:\WINDOWS\system32\TwnLib4.dll
2007-12-28 16:11 . 2004-07-20 17:24 262,144 --------- M:\WINDOWS\system32\ImagXR7.dll
2007-12-28 16:11 . 2000-06-26 11:45 106,496 --a------ M:\WINDOWS\system32\TwnLib20.dll
2007-12-28 16:11 . 2001-06-26 08:15 38,912 --------- M:\WINDOWS\system32\picn20.dll
2007-12-28 16:10 . 2007-12-28 16:13 <REP> d-------- M:\Program Files\Fichiers communs\Ahead
2007-12-28 16:10 . 2007-12-28 16:11 <REP> d-------- M:\Program Files\Ahead
2007-12-28 16:10 . 2001-07-09 11:50 155,648 --a------ M:\WINDOWS\system32\NeroCheck.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 23:34 --------- d--h--w M:\Program Files\InstallShield Installation Information
2008-01-23 14:09 --------- d-----w M:\Program Files\Dofus
2008-01-23 14:07 --------- d-----w M:\Program Files\PMsn Paraiso v1.2.05
2008-01-18 13:38 --------- d-----w M:\Program Files\Active WebCam
2008-01-16 18:32 --------- d-----w M:\Program Files\Fichiers communs\InstallShield
2008-01-14 20:01 --------- d-----w M:\Program Files\mIRC
2008-01-11 16:33 --------- d-----w M:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-28 16:25 --------- d-----w M:\Program Files\Azureus
2007-12-24 21:03 --------- d-----w M:\Program Files\Audacity
2007-12-19 23:46 --------- d-----w M:\Program Files\Super macro
2007-12-14 10:32 12,632 ----a-w M:\WINDOWS\system32\lsdelete.exe
2007-12-10 21:22 --------- d-----w M:\Program Files\Cheat Engine
2007-12-05 00:06 --------- d-----w M:\Program Files\MessengerPlus! 3
2007-12-04 23:43 --------- d-----w M:\Program Files\WinPcap
2007-12-04 23:36 --------- d-----w M:\Program Files\Fake Webcam
2007-12-02 13:01 --------- d-----w M:\Program Files\FLV Player
2007-11-19 21:39 74,752 ----a-w M:\WINDOWS\ST6UNST.EXE
2007-11-19 21:39 290,816 ------w M:\WINDOWS\Setup1.exe
2007-11-07 09:28 728,576 ----a-w M:\WINDOWS\system32\lsasrv.dll
2007-11-03 04:13 5,376 ----a-w M:\WINDOWS\system32\antiwpa.dll
2007-11-02 17:21 50,688 ----a-w M:\WINDOWS\system32\wbhelp2.dll
2007-10-29 22:43 1,293,824 ----a-w M:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"swg"="M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-09 20:18 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX1000"="M:\WINDOWS\vVX1000.exe" [2006-10-13 17:04 707376]
"avast!"="M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06 79224]
"LifeCam"="M:\Program Files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 17:01 277296]
"MessengerPlus3"="M:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-12-05 01:06 190024]
"SpeedBitVideoAccelerator"="M:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2008-01-19 01:06 2283120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Antiwpa]
antiwpa.dll 2007-11-03 05:13 5376 M:\WINDOWS\system32\antiwpa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifebab]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 M:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2007-11-02 18:21 4568576 M:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEMO]
M:\Program Files\EZ Emoticons\EZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 M:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 M:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:55 5674352 M:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 M:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-04-09 13:23 200704 M:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 M:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-03-08 04:54 16010240 M:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-09 20:18 68856 M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-13 12:54 185632 M:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

R1 fwdrv;Firewall Driver;M:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;M:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 MSCamSvc;MSCamSvc;"M:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R2 sbbotdi;sbbotdi;M:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2008-01-19 01:06]
R2 VideoAcceleratorService;VideoAcceleratorService;M:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start []
S2 SPF4;Sunbelt Personal Firewall 4;"M:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 VX1000;VX-1000;M:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-10-13 17:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{988ceabc-878e-11dc-997d-0016ec8ca2c0}]
\Shell\AutoRun\command - N:\setupSNK.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-21 07:54:12 M:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- M:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 03:32:33
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Temps d'accomplissement: 2008-01-27 3:35:58 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 02:35:52
.
2008-01-13 19:13:50 --- E O F ---


C'est beau mais sa sert a quoi?:p

Angeldark
Profil : Helper
Plus d'informations
n°277052
27-01-2008 à 19:15:54

Ca fait le ménage :)
Reposte un rapport Hijackthis.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
Essoulefou
Profil : IDNaute
Plus d'informations
n°277211
28-01-2008 à 16:41:24

huhu :o
Tiens du hieroglyphe ! :ange: :) j'sais que t'aime sa :p

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:58, on 28/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
M:\WINDOWS\System32\smss.exe
M:\WINDOWS\system32\winlogon.exe
M:\WINDOWS\system32\services.exe
M:\WINDOWS\system32\lsass.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\system32\svchost.exe
M:\WINDOWS\System32\svchost.exe
M:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
M:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
M:\Program Files\Alwil Software\Avast4\ashServ.exe
M:\WINDOWS\system32\spoolsv.exe
M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
M:\Program Files\Bonjour\mDNSResponder.exe
M:\Program Files\Microsoft LifeCam\MSCamS32.exe
M:\WINDOWS\system32\Ati2evxx.exe
M:\WINDOWS\Explorer.EXE
M:\WINDOWS\system32\svchost.exe
M:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
M:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
M:\Program Files\Alwil Software\Avast4\ashWebSv.exe
M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
M:\WINDOWS\vVX1000.exe
M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
M:\Program Files\MessengerPlus! 3\MsgPlus.exe
M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
M:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
M:\WINDOWS\system32\ctfmon.exe
M:\WINDOWS\System32\svchost.exe
M:\Program Files\Azureus\Azureus.exe
M:\Program Files\DAP\DAP.EXE
M:\Program Files\iPod\bin\iPodService.exe
M:\Program Files\iTunes\iTunes.exe
M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
M:\PROGRA~1\MOZILL~1\FIREFOX.EXE
M:\Documents and Settings\Essou\Mes documents\My Completed Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - M:\Program Files\Orange\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - m:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - M:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - m:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "M:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX1000] M:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [avast!] M:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "M:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "M:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "M:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] M:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] M:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Clean Traces - M:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - M:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - M:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - M:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - M:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - M:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - M:\Program Files\Eltima Software\Flash Decompiler Trillix\saveflash\iebt.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - M:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - M:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.linnea.net/activex/AxisCamControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - M:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: Antiwpa - M:\WINDOWS\SYSTEM32\antiwpa.dll
O20 - Winlogon Notify: iifebab - M:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - M:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - M:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - M:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - M:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - M:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - M:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - M:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avas