au secours multitude de menaces tj et autres!!! - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : au secours multitude de menaces tj et autres!!!
 
scanluc
Profil : IDNaute
Plus d'informations
n°309178
14-05-2008 à 00:49:55

bonjour à tous ! Je suis perdu! aprés un mois de vaccances bien gagnées , je retrouve mon pc laissé à la merci de qq potes ( vont ils le rester !!??) et voila ce que je trouve aprés un scan avec antivir:
Starting to scan the registry.
C:\Users\SCAN\AppData\Local\Temp\hgGyaxXP.dll
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4870f354.qua'!
C:\Users\SCAN\AppData\Local\Temp\ddcDuSll.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '488cf353.qua'!
C:\Users\SCAN\AppData\Local\Temp\xihnnuop.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4891f35b.qua'!
C:\Users\SCAN\AppData\Local\Temp\yjktcglk.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4894f35f.qua'!
 
The registry was scanned ( '26' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\' <HP>
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\Users\SCAN\AppData\Local\Temp\aujqvipk.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4893fe6e.qua'!
C:\Users\SCAN\AppData\Local\Temp\dhsqsxiu.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '489cfe65.qua'!
C:\Users\SCAN\AppData\Local\Temp\drnohnep.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4897fe71.qua'!
C:\Users\SCAN\AppData\Local\Temp\eeuagjjs.dll
      [DETECTION] Is the Trojan horse TR/Monder.DJ
      [NOTE]      The file was moved to '489efe6c.qua'!
C:\Users\SCAN\AppData\Local\Temp\ejracydl.exe
      [DETECTION] Is the Trojan horse TR/PrivacySet.A
      [NOTE]      The file was moved to '489bfe7a.qua'!
C:\Users\SCAN\AppData\Local\Temp\gbxfiepc.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '48a1fe75.qua'!
C:\Users\SCAN\AppData\Local\Temp\herabncf.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '489bfe7b.qua'!
C:\Users\SCAN\AppData\Local\Temp\jtbnpcai.dll
      [DETECTION] Is the Trojan horse TR/Monder.DF
      [NOTE]      The file was moved to '488bfe8c.qua'!
C:\Users\SCAN\AppData\Local\Temp\mkrmpoar.exe
      [DETECTION] Is the Trojan horse TR/PrivacySet.A
      [NOTE]      The file was moved to '489bfe86.qua'!
C:\Users\SCAN\AppData\Local\Temp\mktnswld.dll
      [DETECTION] Is the Trojan horse TR/Agent.3648.1
      [NOTE]      The file was moved to '489dfe88.qua'!
C:\Users\SCAN\AppData\Local\Temp\mpilcwly.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4892fe91.qua'!
C:\Users\SCAN\AppData\Local\Temp\odsswbml.dll
      [DETECTION] Is the Trojan horse TR/Monder.DE
      [NOTE]      The file was moved to '489cfe87.qua'!
C:\Users\SCAN\AppData\Local\Temp\pbjraevt.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4893fe88.qua'!
C:\Users\SCAN\AppData\Local\Temp\qcodgkbw.exe
      [DETECTION] Is the Trojan horse TR/PrivacySet.A
      [NOTE]      The file was moved to '4898fe8f.qua'!
C:\Users\SCAN\AppData\Local\Temp\qnjuiiji.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '4893fe9d.qua'!
C:\Users\SCAN\AppData\Local\Temp\qpsojbfy.exe
      [DETECTION] Is the Trojan horse TR/PrivacySet.A
      [NOTE]      The file was moved to '489cfec3.qua'!
C:\Users\SCAN\AppData\Local\Temp\rfhpjwjp.dll
      [DETECTION] Is the Trojan horse TR/Monder.DI
      [NOTE]      The file was moved to '4891feba.qua'!
C:\Users\SCAN\AppData\Local\Temp\sakcmexv.exe
      [DETECTION] Is the Trojan horse TR/PrivacySet.A
      [NOTE]      The file was moved to '4894feb5.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp0001bcb9
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4899fec1.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000213ed
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4899fec2.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000243c3
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0b6c13.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000269ba
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4899fec4.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000277ed
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0b6c15.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp00031296
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4899fec3.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp0003d7f6
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0b6c14.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000950cd
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4899fec5.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000cb0c8
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0b6c16.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp000d4c1c
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0b659d.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp001062c8
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0caa25.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp001616ca
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4899fec6.qua'!
C:\Users\SCAN\AppData\Local\Temp\tmp00174ca9
      [DETECTION] Is the Trojan horse TR/Spy.Gen
      [NOTE]      The file was moved to '4a0caa27.qua'!
C:\Users\SCAN\AppData\Local\Temp\urdtbowf.dll
      [DETECTION] Is the Trojan horse TR/Vundo.Gen
      [NOTE]      The file was moved to '488dfeca.qua'!
C:\Users\SCAN\AppData\Local\Temp\vynjvuwt.dll
      [DETECTION] Is the Trojan horse TR/Monder.DI
      [NOTE]      The file was moved to '4897fed1.qua'!
C:\Users\SCAN\AppData\Local\Temp\wlxtkaoi.dll
      [DETECTION] Is the Trojan horse TR/Monder.DJ
      [NOTE]      The file was moved to '48a1fec4.qua'!
C:\Users\SCAN\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\1DOKF4BM\yaypalassamosvala[1]
      [DETECTION] Is the Trojan horse TR/PrivacySet.A
      [NOTE]      The file was moved to '48a2fecb.qua'!
C:\Users\SCAN\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\TG96NKCG\hlp[1]
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '4899fef4.qua'!
C:\Users\SCAN\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\TG96NKCG\index[1]
      [DETECTION] Is the Trojan horse TR/Monder.DJ
      [NOTE]      The file was moved to '488dfef6.qua'!
C:\Users\SCAN\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\TG96NKCG\moorate[1]
      [DETECTION] Is the Trojan horse TR/Agent.3648.1
      [NOTE]      The file was moved to '4898fef8.qua'!
C:\Users\SCAN\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\UVUM3I6V\idkfa[1]
      [DETECTION] Is the Trojan horse TR/Monder.DI
      [NOTE]      The file was moved to '4894fef2.qua'!
C:\Users\SCAN\CONTROLE\C3D EXEXCICES CTL\ESSAR2\essar2.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '489cffa3.qua'!
C:\Users\SCAN\CONTROLE\C3D EXEXCICES CTL\ESSAR2\Package\essar2.CAB
  [0] Archive type: CAB (Microsoft)
  --> essar2.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '489cffa5.qua'!
C:\Users\SCAN\CONTROLE\C3D EXEXCICES CTL\ESSAR2\Package\Support\essar2.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [NOTE]      The file was moved to '489cffa6.qua'!
C:\Users\SCAN\Documents\cc_20080314_2226.reg
      [DETECTION] Contains detection pattern of the HTML script virus HTML/Rce.Gen
      [NOTE]      The file was moved to '4889003c.qua'!
que dois je faire ?

Liens

XmichouX
Profil : Helper
Plus d'informations
n°309183
14-05-2008 à 07:09:58

Re,
 
Vide tes fichiers temporaires :
 
Sélectionne l’intégralité du cadre ci-dessous :

@echo off & cls
CD \
del /q "%windir%\Temp\*.*"
del /q "%windir%\Prefetch\*.*"
del /q "%userprofile%\Cookies\*.*"
del /s /q "%temp%\*.*"
del /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /s /q "%userprofile%\Local Settings\Historique\*.*"
exit


Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.bat
Double-clique dessus. Poste le rapport généré (si présent).
 
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
 

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
  • Accepte la licence en cliquant sur Yes.
  • Clique sur "Do a system scan and save a logfile".
  • Poste ici le rapport généré.


Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
 
Aide : Comment utiliser HijackThis.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.
 
Sécurité/Prévention
scanluc
Profil : IDNaute
Plus d'informations
n°309328
14-05-2008 à 21:34:02

Salut ! thanks pour le coup de main!
Petite précision de dernière minute, hier soir comme je n'avait rien à faire que d'attendre j'ai lancé un scan complet avec antivir en mode sans échec et avec restor desactivé...
voici mon rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:57, on 14/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
 
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Common Files\AOL\1180218176\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\program files\avira\antivir personaledition classic\avcenter.exe
C:\hp\kbd\kbd.exe
C:\Program Files\AOL 9.0 VRb\waol.exe
C:\Program Files\AOL 9.0 VRb\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\conime.exe
C:\Users\SCAN\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180218176\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [TQ566808] "E:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VRb\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Download pictires with GetWebPics - {4B51A27A-6F76-49E5-BC45-06AE2DDD2A1A} - (no file) (HKCU)
O13 - Gopher Prefix:  
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framewo [...] mHcmsX.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmana [...] .2.3.5.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://bobtv.fr/download/cfweb_www [...] module.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{874985EB-A1EB-41AF-856A-B43CF6DC025D}: NameServer = 86.64.145.147 84.103.237.147
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson/ST330/service/st330service.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
 
--
End of file - 12404 bytes

scanluc
Profil : IDNaute
Plus d'informations
n°309334
14-05-2008 à 21:36:56

au fait pas de rapport pour correction.bat!!

XmichouX
Profil : Helper
Plus d'informations
n°309373
15-05-2008 à 10:41:42

Oui, normal.
 
Pas de trace, mais j'aimerais vérifier des choses pour ton infection que montre AntiVir..
 
Télécharge ComboFix (de sUBs) sur ton Bureau.  
 

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.  
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.  


Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
 
Aide : Comment utiliser ComboFix.


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.
 
Sécurité/Prévention
scanluc
Profil : IDNaute
Plus d'informations
n°309475
15-05-2008 à 18:57:11

re! merci ca soulage...
voici mon rapport combo :
ComboFix 08-05-12.1 - SCAN 2008-05-15 18:40:43.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.160 [GMT 2:00]
Endroit: C:\Users\SCAN\Desktop\ComboFix.exe
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\Users\SCAN\AppData\Roaming\inst.exe
C:\Windows\system32\x64
 
.
(((((((((((((((((((((((((((((   Fichiers créés 2008-04-15 to 2008-05-15  ))))))))))))))))))))))))))))))))))))
.
 
Pas de nouveau fichier créé dans cet espace de temps
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 16:41 117,086,240 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-15 06:24 1,375,964 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-14 21:21 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 22:10 --------- d-----w C:\Users\SCAN\AppData\Roaming\Download Manager
2008-05-13 19:39 --------- d-----w C:\ProgramData\Avira
2008-05-13 19:39 --------- d-----w C:\Program Files\Avira
2008-05-12 16:37 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-12 08:14 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 15:56 --------- d-----w C:\Program Files\Maya
2008-05-11 15:26 0 ----a-w C:\ntuser.dat
2008-05-10 09:56 --------- d-----w C:\ProgramData\Lavasoft
2008-05-10 09:22 --------- d-----w C:\Program Files\Lavasoft
2008-05-08 16:23 --------- d-----w C:\ProgramData\BVRP Software
2008-05-08 16:16 --------- d-----w C:\Users\SCAN\AppData\Roaming\VCOM
2008-05-08 16:16 --------- d-----w C:\ProgramData\VCOM
2008-05-08 16:14 --------- d-----w C:\Program Files\VCOM
2008-05-08 14:40 --------- d---a-w C:\ProgramData\TEMP
2008-05-05 22:28 --------- d-----w C:\Program Files\DAEMON Tools
2008-05-04 09:12 --------- d-----w C:\ProgramData\FLEXnet
2008-05-04 09:12 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-04 09:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-30 16:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 16:50 --------- d-----w C:\Program Files\IGC
2008-04-26 15:34 --------- d-----w C:\Program Files\Java
2008-04-15 08:00 --------- d-----w C:\ProgramData\TomTom
2008-04-15 07:58 --------- d-----w C:\Users\SCAN\AppData\Roaming\TomTom
2008-04-15 07:58 --------- d-----w C:\Program Files\TomTom HOME 2
2008-04-15 07:58 --------- d-----w C:\Program Files\TomTom HOME
2008-04-06 09:38 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-06 09:38 --------- d-----w C:\Program Files\Realtek
2008-04-06 09:23 --------- d-----w C:\Users\SCAN\AppData\Roaming\Image Zone Express
2008-04-02 16:58 --------- d-----w C:\Program Files\MSN Messenger
2008-04-02 16:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-31 19:29 --------- d-----w C:\Program Files\iTunes
2008-03-31 19:29 --------- d-----w C:\Program Files\iPod
2008-03-31 19:25 --------- d-----w C:\Program Files\Bonjour
2008-03-31 19:24 --------- d-----w C:\Program Files\QuickTime
2008-03-31 19:19 --------- d-----w C:\Program Files\Apple Software Update
2008-03-31 19:17 --------- d-----w C:\Program Files\Common Files\Apple
2008-03-30 12:25 --------- d-----w C:\Users\SCAN\AppData\Roaming\GetRight
2008-03-29 21:30 --------- d-----w C:\Program Files\SpyShot
2008-03-29 10:49 --------- d-----w C:\Program Files\Toshiba
2008-03-28 20:28 --------- d-----w C:\Program Files\VisualRoute 5
2008-03-26 17:33 --------- d-----w C:\Program Files\MapInfo
2008-03-25 15:07 920,088 ----a-w C:\Windows\System32\igxpun.exe
2008-03-25 15:07 539,160 ----a-w C:\Windows\System32\igfxcfg.exe
2008-03-25 15:07 256,536 ----a-w C:\Windows\System32\igfxsrvc.exe
2008-03-25 15:07 170,520 ----a-w C:\Windows\System32\igfxzoom.exe
2008-03-25 15:07 170,520 ----a-w C:\Windows\System32\igfxext.exe
2008-03-25 15:07 166,424 ----a-w C:\Windows\System32\hkcmd.exe
2008-03-25 15:07 141,848 ----a-w C:\Windows\System32\igfxtray.exe
2008-03-25 15:07 133,656 ----a-w C:\Windows\System32\igfxpers.exe
2008-03-25 14:56 147,456 ----a-w C:\Windows\System32\igfxCoIn_v1461.dll
2008-03-25 14:44 3,301,376 ----a-w C:\Windows\System32\igdumd32.dll
2008-03-25 14:44 2,307,072 ----a-w C:\Windows\system32\drivers\igdkmd32.sys
2008-03-25 14:33 2,420,736 ----a-w C:\Windows\System32\ig4icd32.dll
2008-03-25 14:33 2,174,976 ----a-w C:\Windows\System32\ig4dev32.dll
2008-03-25 14:26 241,664 ----a-w C:\Windows\System32\igfxTMM.dll
2008-03-25 14:25 69,632 ----a-w C:\Windows\System32\oemdspif.dll
2008-03-25 14:25 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll
2008-03-25 14:25 24,576 ----a-w C:\Windows\System32\igfxexps.dll
2008-03-25 14:25 204,800 ----a-w C:\Windows\System32\igfxpph.dll
2008-03-25 14:25 135,168 ----a-w C:\Windows\System32\igfxdo.dll
2008-03-25 14:25 106,496 ----a-w C:\Windows\System32\hccutils.dll
2008-03-25 14:24 3,293,184 ----a-w C:\Windows\System32\igfxress.dll
2008-03-25 14:24 204,800 ----a-w C:\Windows\System32\igfxdev.dll
2008-03-24 13:38 --------- d-----w C:\Program Files\DecoTech
2008-03-24 09:37 --------- d-----w C:\Program Files\Google
2008-03-23 20:07 --------- d-----w C:\Program Files\e-Carte Bleue La Banque Postale
2008-03-22 13:39 --------- d-----w C:\Users\SCAN\AppData\Roaming\Cartopro Evolution
2008-03-18 21:44 --------- d-----w C:\Users\SCAN\AppData\Roaming\OpenOffice.org2
2008-03-18 20:40 --------- d-----w C:\Program Files\CH Entertainment
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2007-08-31 10:22 174 --sha-w C:\Program Files\desktop.ini
2007-07-01 12:30 47,360 ----a-w C:\Users\SCAN\AppData\Roaming\pcouffin.sys
2006-03-13 22:40 670,474 ----a-w C:\Program Files\Dico.exe
2007-06-16 09:21 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
 
------- Sigcheck -------
 
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"AOL Fast Start"="C:\Program Files\AOL 9.0 VRb\AOL.exe" [2007-06-21 13:44 50480]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-28 10:36 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 15:42 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 17:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 13:34 155648]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-06-06 11:15 861184]
"HostManager"="C:\Program Files\Common Files\AOL\1180218176\ee\AOLSoftware.exe" [2006-11-14 15:55 50736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 17:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 17:37 2178832]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"TQ566808"="E:\Setup.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Windows Mobile-based device management"="%windir%\WindowsMobile\wmdSync.exe" [ ]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-25 17:07 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-25 17:07 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-25 17:07 133656]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2006-11-18 02:25 73728]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 17:57:26 2756608]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
 
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AolBrain]
C:\PROGRA~1\TECHCI~1\AOLSAV\Brain.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 16:16 171464 C:\Program Files\DAEMON Tools\daemon.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagnostics]
--a------ 2007-11-09 19:49 557149 C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-LPV-P1]
--a------ 2005-12-13 15:39 200704 C:\Program Files\e-Carte Bleue\LA BANQUE POSTALE\CVD VISA\ECB.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-09-29 13:39 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-10-25 17:33 563984 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\QTTask.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
%windir%\WindowsMobile\wmdc.exe
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5276396B-E530-4E52-962A-21A6C9D5F9DB}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{09CCF5ED-D68A-4826-BEBC-F2BE59662922}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{C0F7EB6F-B5AD-4BC6-AEFF-2112310AEEBF}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{C0FFF32C-E18C-4851-B9F6-995A39D93E52}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{5242A2BD-C01B-4865-90AB-3347DB7EB9EA}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{DE596EB0-DA6A-4208-9EB5-0586C07E8286}"= UDP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{DFF334EE-1B89-420D-95F7-1C60290AD1CD}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:AOL
"{0103222B-188E-440E-91CD-D40CEC2150A9}"= TCP:C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:AOL
"{2E85A250-2785-496F-BD76-A4241C9A117D}"= UDP:C:\Program Files\Common Files\AOL\acs\AOLDial.exe:AOL Autoconnect
"{C0B12C67-1FF0-4F9D-9D1C-61EE9A2BF22D}"= TCP:C:\Program Files\Common Files\AOL\acs\AOLDial.exe:AOL Autoconnect
"{78C08CD8-1D11-428E-AB36-FFC402E4276B}"= UDP:C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:module de connexion AOL
"{A0DBFA61-95F0-45C6-8E8B-3F01605078A8}"= TCP:C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:module de connexion AOL
"{5199DAB8-6C88-4D3D-A676-ECC8777911F6}"= UDP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{9273388B-76F6-4CBA-8382-C96B290EF310}"= TCP:C:\Program Files\AOL 9.0 VR\waol.exe:AOL
"{FB033119-4650-4D9B-B5C4-9AEBCCC13DBC}"= UDP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{674B4AA5-5569-43CB-BDD3-657618289848}"= TCP:C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{D690DD14-DACB-4B41-A627-9418E13C52E6}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{78F23D7D-4822-4565-BFAB-62AB36446D7B}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9E25CE47-2A6C-4C0D-B0BF-372C9B0061E0}"= UDP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{AE55144E-D080-48CF-84B4-046AEE39975D}"= TCP:C:\Program Files\Common Files\AOL\System Information\sinf.exe:AOL System Information
"{C1989FC6-D908-4351-8CFC-2E031FA89834}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{882BAA48-43BC-41BD-A389-31F682E712EB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{CA6F41AF-DA0D-493C-83FB-0125D42C78FE}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{D883A580-4DC4-4319-BA5C-699188EFACF7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{3E815B48-525F-4E8F-87BF-5122EFB95576}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{FE9A00E5-DD33-4910-AE35-CF69BA6718C5}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{44886345-2F28-45E5-A8A5-9C4DA4347D79}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{4B0F3578-F1DB-4A26-BD14-1B407BD1C595}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{519315D3-A971-48C7-9F23-8B791B76F8C3}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{9E5D36CA-84BE-4AA5-B18F-3815DEA30137}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{2DACDEF5-6CC9-4925-9FD4-BFC5533DB9A8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{FFB1604E-0307-4500-B7EA-3D1FC2402BF8}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{7EF71442-3A20-491C-B25E-4B928E35E1D0}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi
"{AED8076C-72BE-4185-B105-2F7A3E8B5B67}"= Disabled:UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{25DAC882-FBB3-4003-85A1-621EE5F8A958}"= Disabled:TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{A5792CD7-6A51-4A72-9727-9D6097D6B7CA}C:\\program files\\novalogic\\comanche 4\\update.exe"= UDP:C:\program files\novalogic\comanche 4\update.exe:Update
"UDP Query User{CAFEB8F3-40DF-41AB-87FF-5B5C592E9459}C:\\program files\\novalogic\\comanche 4\\update.exe"= TCP:C:\program files\novalogic\comanche 4\update.exe:Update
"{A9941A18-21A2-4030-BF53-950896A2653B}"= UDP:C:\Program Files\Common Files\AOL\1180218176\ee\aolsoftware.exe:AOL Shared Components
"{0814362E-D429-42E2-993C-4386465CD9E2}"= TCP:C:\Program Files\Common Files\AOL\1180218176\ee\aolsoftware.exe:AOL Shared Components
"{86EC3D68-E62F-4F5F-BA75-297797FBE02C}"= UDP:C:\Program Files\AOL 9.0 VRb\waol.exe:AOL
"{26FEDE92-A627-4568-955E-035088A6D49A}"= TCP:C:\Program Files\AOL 9.0 VRb\waol.exe:AOL
"{B54E0943-EE82-4AA2-BA6A-5B34034E6746}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{336FE487-6109-4C1A-BF3C-7E08ACD9F926}"= UDP:C:\Users\SCAN\AppData\Local\Temp\stInstall.exe:SpeedTouch Home Install Wizard
"{85202421-9028-4C0F-A573-DEDDBA40C7A0}"= TCP:C:\Users\SCAN\AppData\Local\Temp\stInstall.exe:SpeedTouch Home Install Wizard
"{19D977C5-D5F6-49BE-A9AD-AA7C6460D824}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{55937EF7-9032-4EC0-9448-A120444E1889}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"TCP Query User{FDC1E1CA-7E5C-444F-BCDF-5420DC17098C}C:\\program files\\nero\\nero8\\nero backitup\\backitup.exe"= UDP:C:\program files\nero\nero8\nero backitup\backitup.exe:Nero BackItUp
"UDP Query User{6B15CFC5-0846-46DC-A313-7F583715B3B2}C:\\program files\\nero\\nero8\\nero backitup\\backitup.exe"= TCP:C:\program files\nero\nero8\nero backitup\backitup.exe:Nero BackItUp
"TCP Query User{B912341C-4565-4838-9F24-5A4B9A62455A}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"UDP Query User{7AD6F067-AF63-4106-97A1-4339A6F1E667}C:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero8\nero home\nerohome.exe:Nero Home
"TCP Query User{A74FD493-5E06-45CB-B990-E55A596A9EA1}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{E55B0F66-F4CC-4CF8-A3C8-2D21BFD188C3}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{C08EF90E-5BFB-48B0-843C-24BC1BD3D042}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{68396F26-EA1F-4514-AE4E-C99580164C9C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9710541B-7E0B-4E1B-9760-D05223F20FE5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{0B94C8E6-998A-4C53-B9EA-8A01469F6D46}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{D4DE5937-154D-4435-88B9-4AE30CB63FC7}C:\\windows\\system32\\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"UDP Query User{C33C6699-856E-447F-B58A-5130F5CBA53F}C:\\windows\\system32\\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java(TM) Platform SE binary
"{7AD0F586-FDF3-4A5E-84C5-93EF4E94D099}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{630DFA82-E2F9-4087-BC0E-7AFDF66F3721}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{31825F02-89DD-4CB1-8A6A-92D2C6E9B078}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{65E53190-8675-4B11-8260-EBEBB5780194}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
 
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-04-04 14:59]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-12 18:37]
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 22:55]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
R3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\Windows\system32\DRIVERS\alcan5ln.sys [2002-06-06 11:14]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 16:44]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2007-08-31 14:54]
S3 k600bus;Sony Ericsson 600i driver (WDM);C:\Windows\system32\DRIVERS\k600bus.sys [2005-03-04 20:08]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter;C:\Windows\system32\DRIVERS\k600mdfl.sys [2005-05-11 13:12]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers;C:\Windows\system32\DRIVERS\k600mdm.sys [2005-05-11 13:12]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers;C:\Windows\system32\DRIVERS\k600obex.sys [2005-05-11 13:12]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ    wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ    WcesComm RapiMgr
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6ef3c4fe-65fa-11dc-b208-0090d098f0a5}]
\shell\AutoRun\command - J:\LaunchU3.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89d4f776-a4d0-11dc-873e-0090d098f0a5}]
\shell\AutoRun\command - K:\InstallTomTomHOME.exe
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b471fc8e-0bc5-11dc-9c7e-806e6f6e6963}]
\shell\AutoRun\command - E:\demarrage.bat
 
*Newly Created Service* - ATWPKT2
*Newly Created Service* - CATCHME
.
**************************************************************************
 
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 18:47:07
Windows 6.0.6000  NTFS
 
Balayage processus cachés ...
 
Balayage caché autostart entries ...
 
Balayage des fichiers cachés ...
 
Scan terminé avec succès
Les fichiers cachés: 0
 
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 18:49:25
ComboFix-quarantined-files.txt  2008-05-15 16:48:59
 
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
 
306 --- E O F --- 2008-05-14 21:21:05

XmichouX
Profil : Helper
Plus d'informations
n°309490
15-05-2008 à 19:31:20

Ça a l'air propre.
Poste un nouveau rapport HijackThis ;)


---------------
Prière de signaler si vous vous faites déjà aider sur un autre forum ou dans un autre topic.
 
Sécurité/Prévention
scanluc
Profil : IDNaute
Plus d'informations
n°309506
15-05-2008 à 20:24:36

voici mon rapport hijack... hey dis moi ca a l'air bon ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:12, on 15/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Program Files\Common Files\AOL\1180218176\ee\aolsoftware.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Windows\system32\conime.exe
C:\Program Files\AOL 9.0 VRb\waol.exe
C:\Program Files\AOL 9.0 VRb\shellmon.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\WindowsMobile\WmdHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\SCAN\Downloads\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1180218176\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [TQ566808] "E:\Setup.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe -r
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VRb\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Recherche AOL To