virus MSN fichier albumphoto.rar, comment s'en débarasser? - Page 5
Forum Hardware : virus MSN fichier albumphoto.rar, comment s'en débarasser?
Reprise du message précédent :
Feliss69 si il s'agit du virus Backdoor.Win32.IRCBot.aaq qui se propage par MSN sous le nom de photos.zip la solution c MSN_Fix
Dans le cas ou il s'agit de Trojan-Downloader.Win32.Agent.btu utilises Vundofix et Virtumundobegone
La procedure pour s'en debarasser est l'utilisation de msnfix ou de Vundofix et Virtumundobegone selon le cas.
Puis installation d'un antispy pour enlever tout les spy ( AVG Antispyware par exemple , a executer en mode sans echec )
Profitez en pour nettoyer la base des registres, les cookies et autres fichiers temporaires.
Puis scannage de tout vos disques dur par un bon antivirus ( kaspersky , bitdefender par exemple , avast a priori n'est pas au mieux de sa forme avec ce fameux virus ^^).
Pour finir un petit log hijack pour etre sur que rien n'a été oublié ^^
Bon courage
| jadoremac a écrit :
|
Bonjour,
voici les rapports :
MSNFix 1.488
C:\Documents and Settings\mpeccate\Bureau\MSNFix
Fix exécuté le 04/09/2007 - 16:53:57,45 By mpeccate
mode normal
************************ Recherche les fichiers présents
... C:\Documents and Settings\mpeccate\new.txt
... C:\WINDOWS\system32\dllcache\lsass.exe
... C:\WINDOWS\system32\java.exe
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\Documents and Settings\mpeccate\new.txt
.. OK ... C:\WINDOWS\system32\dllcache\lsass.exe
.. OK ... C:\WINDOWS\system32\java.exe
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\Documents and Settings\mpeccate\presets.ini] D1A5B3222C1B4AA8251A460CCDFAE32B
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 04092007_16544371.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 16:56:55, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\TEMP\AY5B21.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SJLabs\SJphone\SJphone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\WINSOS\WINSOS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\mpeccate\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Accessibility Toolbar - {11352A67-0178-46B1-8855-D50B2F81C054} - C:\PROGRA~1\WAT_FR\ACCESS~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\mpeccate\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: SJphone.lnk = ?
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://astre.adp.fr/vdesk/terminal [...] ontrol.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://astre.adp.fr/vdesk/terminal [...] ,0223,0317
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/g [...] ection.cab
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://astre.adp.fr/vdesk/terminal [...] 60116,2328
O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://astre.adp.fr/vdesk/terminal [...] ,0223,0322
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://astre.adp.fr/vdesk/terminal/urxshost.cab
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://astre.adp.fr/vdesk/terminal [...] ,0,51124,1
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://eu.ntrsupport.com/inquiero/ [...] 118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = blab.businesslab.com
O17 - HKLM\Software\..\Telephony: DomainName = blab.businesslab.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = blab.businesslab.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = blab.businesslab.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Unknown owner - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" -win32service (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Pare-feu OfficeScanNT (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
houbi34 le nom du virus je ne le connais pas en fait.. je ne my connait pas trop. En fait sa envoi un fichier zippé contennant soit disant des photos avec une phrase genre " voila mes photos de vacances " a tout mes contacts et sa me deco. pui me fait bugué par la suite le pc..
merci de tes conseils en tou cas 
je vais essayer la deuxieme solution que tu me propose car MSN_fix j'ai essayer et dans le rapport il met qu'il la bien viré et suprimer mais par la suite sa recommence comme si rien n'avait eté fait.. j'ai deja essayer de copié collé les raport de MSN_fix et de Hijack dans ce forum l'effet n'a pas été plus concluant ! donc voilou.. Vundofix et Virtumundobegone on les telecharge ou ? s'il te plait. merci d'avance !
bonjour,
j'ai le fameux virus en question et j'ai fait tt ce que vous avez dit ms en vain, aidez moi svp!!! MSNFix 1.485
C:\Documents and Settings\sandra Bonnard\Bureau\MSNFix\MSNFix
Fix exécuté le 04/09/2007 - 20:01:25,40 By sandra Bonnard
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\lastnight.zip] 6EC1A78EB4110AC265A952C755BC310B
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END -------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:13:09, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\PROGRA~1\WANADOO\GestionnaireInternet.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WinOSX\sandra Bonnard\ObjectDock\ObjectDock.exe
C:\PROGRA~1\WANADOO\ComComp.exe
C:\Program Files\WinOSX\sandra Bonnard\YzShadow\YzShadow.exe
C:\Program Files\WinOSX\sandra Bonnard\WinRoll\winroll.exe
C:\Program Files\WinOSX\sandra Bonnard\3r-1c\3r-1c.exe
C:\PROGRAM FILES\VAMP\vampcenter.exe
C:\PROGRA~1\WANADOO\Toaster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\WANADOO\Inactivity.exe
C:\PROGRA~1\WANADOO\PollingModule.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\PROGRA~1\WANADOO\Watch.exe
C:\Program Files\Sitecom\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
D:\TM Monitor.exe
C:\Program Files\X'nBeep 1.0\XnBeep.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\WANADOO\WOOBrowser\WOOBrowser.exe
C:\Documents and Settings\sandra Bonnard\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: Multi_Media toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [ObjectDock] C:\Program Files\WinOSX\sandra Bonnard\ObjectDock\ObjectDock.exe
O4 - HKCU\..\Run: [YzShadow] C:\Program Files\WinOSX\sandra Bonnard\YzShadow\YzShadow.exe
O4 - HKCU\..\Run: [WinRoll] "C:\Program Files\WinOSX\sandra Bonnard\WinRoll\winroll.exe"
O4 - HKCU\..\Run: [3r-1c (Volume Control)] C:\Program Files\WinOSX\sandra Bonnard\3r-1c\3r-1c.exe
O4 - HKCU\..\Run: [HSIMargin] C:\Program Files\WinOSX\sandra Bonnard\HSI\HSI.exe "C:\Program Files\WinOSX\sandra Bonnard\HSI\Margin.hss"
O4 - HKCU\..\Run: [VampCenter] C:\PROGRAM FILES\VAMP\\vampcenter.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TrayMin300.exe.lnk = ?
O4 - Global Startup: TM Monitor.lnk = D:\TM Monitor.exe
O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Sitecom\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1 [...] s-i586.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Sitecom\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
| a écrit : salut ...
|
salut a tous
malheureusement c est pas pour la bonne cause
j ai comme beaucoup etait infecter par se virus de merde photo.zip j ai suivi depuis deux jour et une nuit toute les infos du forum et envoyer des msg a msn et autres apparament c est plus grave que cela en a l air car je l est toujours
si je vous et bien compris il fut poster le scan HijackThis v1.99.1
voila
Scan saved at 10:55:33, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Virtual CD v9\System\VC9SecS.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\eryck\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS\wdfmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/instal [...] art_fr.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microso [...] 2873050546
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/671 [...] taller.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0168451170192229) (0168451170192229mcinstcleanup) - Unknown owner - C:\DOCUME~1\eryck\LOCALS~1\Temp\016845~1.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Jana Server 2 (Janad) - Unknown owner - C:\Jana2\janad.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Virtual CD v8 Management Service (VC8SecS) - Unknown owner - C:\Program Files\Virtual CD v8\System\VC8SecS.exe (file missing)
O23 - Service: Virtual CD v9 Management Service (VC9SecS) - H+H Software GmbH - C:\Virtual CD v9\System\VC9SecS.exe
j attends avec impatience votre reponse
et je vous en remercie par avance vous etes trop fort
Répondre à gueneryck56
J'ai le même problème mais impossible de voir le rapport msnfix par contre j'ai vu que le fichier du virus est isolé dans le dossier backup.
Merci pour votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 16:09:10, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Inventel\Gateway\wlancfg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\NB Probe\NBProbe.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Caroline\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Zshutdown] c:\sysprep\patch\sysprep.cmd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NB Probe] C:\Program Files\ASUS\NB Probe\NBProbe.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [\\6ceb25882fb345a\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P44 "\\6ceb25882fb345a\EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - Startup: Xinek.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MESDOC~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://caroline351.spaces.msn.com/ [...] nPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://sfr.kodakgallery.fr/downloa [...] ofupld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn. [...] Atchmt.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe
voici le rapport msnfix que dois je faire maintenant merci de ton aide
| a écrit : voici les rapports :
|
J'ai trouver la solution pour viré ces saleté de virus !! telecharger AVG anti-spyware et lancez le ! Il fera un scan de votre pc ! ensuite vous n'avez plus cas supprimer tout ce qu'il aura trouver !!
Bonne chance !!
salut, ben rien de nouveau, j'ai aussi été infecté par le virus, je t'envoie les copier coller des rapport, merci d'avance
Fix exécuté le 06/09/2007 - 14:39:57,42 By Amaury
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\LW.scr] CA8FE28A6E2C20A89029D102C44DC831
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://246694.aceboard.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 15:25:14, on 06/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\MGE\RunSC.exe
C:\DOCUME~1\Amaury\LOCALS~1\Temp\Rar$DI00.813\new_clip56.scr
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MGE\PCtl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MGE\BIL.EXE
C:\WINDOWS\system32\MGE\CILRS232.EXE
C:\WINDOWS\system32\MGE\CILUSB.EXE
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Amaury\Mes documents\Mes fichiers reçus\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Omni\OmniMouse Driver\4.06\MOUSE32A.EXE
O4 - HKLM\..\Run: [LWBKEYBOARD] C:\Program Files\Omni\Omni keyboard driver\5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://amaury52.spaces.live.com//P [...] nPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing)
| a écrit : J'ai trouver la solution pour viré ces saleté de virus !! telecharger AVG anti-spyware et lancez le ! Il fera un scan de votre pc ! ensuite vous n'avez plus cas supprimer tout ce qu'il aura trouver !!
|
| Citation :
|
Heuuu s'était pas trop dur a trouver ^^ 
Message édité par houbi34 le 06-09-2007 à 22:01:04
MSNFix 1.492
C:\Documents and Settings\admin\Bureau\MSNFix\MSNFix
Fix exécuté le 07/09/2007 - 11:49:25,98 By admin
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html
... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html.$$$
... C:\DOCUME~1\admin\LOCALS~1\Temp\pa_0105.exe
... C:\WINDOWS\photos.zip
... C:\WINDOWS\service32.exe
... C:\WINDOWS\svchost.dll
... C:\WINDOWS\sysnet32.exe
... C:\WINDOWS\photos.zip
... C:\WINDOWS\mtv_clip1.zip
... C:\WINDOWS\mtv_clip10.zip
... C:\WINDOWS\mtv_clip13.zip
... C:\WINDOWS\mtv_clip19.zip
... C:\WINDOWS\mtv_clip22.zip
... C:\WINDOWS\mtv_clip25.zip
... C:\WINDOWS\mtv_clip28.zip
... C:\WINDOWS\mtv_clip31.zip
... C:\WINDOWS\mtv_clip37.zip
... C:\WINDOWS\mtv_clip4.zip
... C:\WINDOWS\mtv_clip43.zip
... C:\WINDOWS\mtv_clip46.zip
... C:\WINDOWS\mtv_clip49.zip
... C:\WINDOWS\mtv_clip52.zip
... C:\WINDOWS\mtv_clip55.zip
... C:\WINDOWS\mtv_clip58.zip
... C:\WINDOWS\mtv_clip61.zip
... C:\WINDOWS\mtv_clip64.zip
... C:\WINDOWS\mtv_clip67.zip
... C:\WINDOWS\mtv_clip7.zip
... C:\WINDOWS\mtv_clip70.zip
... C:\WINDOWS\mtv_clip79.zip
... C:\WINDOWS\mtv_clip82.zip
... C:\WINDOWS\mtv_clip85.zip
... C:\WINDOWS\mtv_clip88.zip
... C:\WINDOWS\mtv_clip91.zip
... C:\WINDOWS\mtv_clip97.zip
... C:\WINDOWS\new_clip11.zip
... C:\WINDOWS\new_clip14.zip
... C:\WINDOWS\new_clip20.zip
... C:\WINDOWS\new_clip23.zip
... C:\WINDOWS\new_clip26.zip
... C:\WINDOWS\new_clip29.zip
... C:\WINDOWS\new_clip32.zip
... C:\WINDOWS\new_clip35.zip
... C:\WINDOWS\new_clip38.zip
... C:\WINDOWS\new_clip41.zip
... C:\WINDOWS\new_clip47.zip
... C:\WINDOWS\new_clip5.zip
... C:\WINDOWS\new_clip50.zip
... C:\WINDOWS\new_clip53.zip
... C:\WINDOWS\new_clip56.zip
... C:\WINDOWS\new_clip59.zip
... C:\WINDOWS\new_clip62.zip
... C:\WINDOWS\new_clip65.zip
... C:\WINDOWS\new_clip68.zip
... C:\WINDOWS\new_clip71.zip
... C:\WINDOWS\new_clip74.zip
... C:\WINDOWS\new_clip8.zip
... C:\WINDOWS\new_clip80.zip
... C:\WINDOWS\new_clip86.zip
... C:\WINDOWS\new_clip89.zip
... C:\WINDOWS\new_clip92.zip
... C:\WINDOWS\new_clip95.zip
... C:\WINDOWS\new_clip98.zip
... C:\WINDOWS\video_clip11.zip
... C:\WINDOWS\video_clip14.zip
... C:\WINDOWS\video_clip17.zip
... C:\WINDOWS\video_clip2.zip
... C:\WINDOWS\video_clip20.zip
... C:\WINDOWS\video_clip23.zip
... C:\WINDOWS\video_clip26.zip
... C:\WINDOWS\video_clip29.zip
... C:\WINDOWS\video_clip32.zip
... C:\WINDOWS\video_clip38.zip
... C:\WINDOWS\video_clip41.zip
... C:\WINDOWS\video_clip44.zip
... C:\WINDOWS\video_clip47.zip
... C:\WINDOWS\video_clip5.zip
... C:\WINDOWS\video_clip50.zip
... C:\WINDOWS\video_clip53.zip
... C:\WINDOWS\video_clip56.zip
... C:\WINDOWS\video_clip59.zip
... C:\WINDOWS\video_clip62.zip
... C:\WINDOWS\video_clip65.zip
... C:\WINDOWS\video_clip68.zip
... C:\WINDOWS\video_clip71.zip
... C:\WINDOWS\video_clip74.zip
... C:\WINDOWS\video_clip77.zip
... C:\WINDOWS\video_clip8.zip
... C:\WINDOWS\video_clip80.zip
... C:\WINDOWS\video_clip83.zip
... C:\WINDOWS\video_clip86.zip
... C:\WINDOWS\video_clip89.zip
... C:\WINDOWS\video_clip92.zip
... C:\WINDOWS\video_clip95.zip
... C:\WINDOWS\webcam_pics1.zip
... C:\WINDOWS\webcam_pics10.zip
... C:\WINDOWS\webcam_pics13.zip
... C:\WINDOWS\webcam_pics16.zip
... C:\WINDOWS\webcam_pics19.zip
... C:\WINDOWS\webcam_pics22.zip
... C:\WINDOWS\webcam_pics25.zip
... C:\WINDOWS\webcam_pics28.zip
... C:\WINDOWS\webcam_pics31.zip
... C:\WINDOWS\webcam_pics34.zip
... C:\WINDOWS\webcam_pics37.zip
... C:\WINDOWS\webcam_pics4.zip
... C:\WINDOWS\webcam_pics40.zip
... C:\WINDOWS\webcam_pics43.zip
... C:\WINDOWS\webcam_pics46.zip
... C:\WINDOWS\webcam_pics49.zip
... C:\WINDOWS\webcam_pics52.zip
... C:\WINDOWS\webcam_pics58.zip
... C:\WINDOWS\webcam_pics64.zip
... C:\WINDOWS\webcam_pics67.zip
... C:\WINDOWS\webcam_pics7.zip
... C:\WINDOWS\webcam_pics73.zip
... C:\WINDOWS\webcam_pics79.zip
... C:\WINDOWS\webcam_pics82.zip
... C:\WINDOWS\webcam_pics88.zip
... C:\WINDOWS\webcam_pics91.zip
... C:\WINDOWS\webcam_pics97.zip
... C:\WINDOWS\youtube0.zip
... C:\WINDOWS\youtube15.zip
... C:\WINDOWS\youtube18.zip
... C:\WINDOWS\youtube21.zip
... C:\WINDOWS\youtube24.zip
... C:\WINDOWS\youtube27.zip
... C:\WINDOWS\youtube3.zip
... C:\WINDOWS\youtube30.zip
... C:\WINDOWS\youtube33.zip
... C:\WINDOWS\youtube36.zip
... C:\WINDOWS\youtube42.zip
... C:\WINDOWS\youtube45.zip
... C:\WINDOWS\youtube48.zip
... C:\WINDOWS\youtube51.zip
... C:\WINDOWS\youtube54.zip
... C:\WINDOWS\youtube57.zip
... C:\WINDOWS\youtube6.zip
... C:\WINDOWS\youtube63.zip
... C:\WINDOWS\youtube69.zip
... C:\WINDOWS\youtube72.zip
... C:\WINDOWS\youtube75.zip
... C:\WINDOWS\youtube78.zip
... C:\WINDOWS\youtube81.zip
... C:\WINDOWS\youtube84.zip
... C:\WINDOWS\youtube87.zip
... C:\WINDOWS\youtube9.zip
... C:\WINDOWS\youtube93.zip
... C:\WINDOWS\youtube96.zip
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html
.. OK ... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html.$$$
.. OK ... C:\DOCUME~1\admin\LOCALS~1\Temp\pa_0105.exe
.. OK ... C:\WINDOWS\photos.zip
/!\ ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\svchost.dll
/!\ ... C:\WINDOWS\sysnet32.exe
.. OK ... C:\Documents and Settings\admin\bdetqk.exe
.. OK ... C:\Documents and Settings\admin\gmecnl.exe
.. OK ... C:\Documents and Settings\admin\hscowp.exe
.. OK ... C:\Documents and Settings\admin\utgnbn.exe
.. OK ... C:\WINDOWS\photos.zip
.. OK ... C:\WINDOWS\mtv_clip1.zip
.. OK ... C:\WINDOWS\mtv_clip10.zip
.. OK ... C:\WINDOWS\mtv_clip13.zip
.. OK ... C:\WINDOWS\mtv_clip19.zip
.. OK ... C:\WINDOWS\mtv_clip22.zip
.. OK ... C:\WINDOWS\mtv_clip25.zip
.. OK ... C:\WINDOWS\mtv_clip28.zip
.. OK ... C:\WINDOWS\mtv_clip31.zip
.. OK ... C:\WINDOWS\mtv_clip37.zip
.. OK ... C:\WINDOWS\mtv_clip4.zip
.. OK ... C:\WINDOWS\mtv_clip43.zip
.. OK ... C:\WINDOWS\mtv_clip46.zip
.. OK ... C:\WINDOWS\mtv_clip49.zip
.. OK ... C:\WINDOWS\mtv_clip52.zip
.. OK ... C:\WINDOWS\mtv_clip55.zip
.. OK ... C:\WINDOWS\mtv_clip58.zip
.. OK ... C:\WINDOWS\mtv_clip61.zip
.. OK ... C:\WINDOWS\mtv_clip64.zip
.. OK ... C:\WINDOWS\mtv_clip67.zip
.. OK ... C:\WINDOWS\mtv_clip7.zip
.. OK ... C:\WINDOWS\mtv_clip70.zip
.. OK ... C:\WINDOWS\mtv_clip79.zip
.. OK ... C:\WINDOWS\mtv_clip82.zip
.. OK ... C:\WINDOWS\mtv_clip85.zip
.. OK ... C:\WINDOWS\mtv_clip88.zip
.. OK ... C:\WINDOWS\mtv_clip91.zip
.. OK ... C:\WINDOWS\mtv_clip97.zip
.. OK ... C:\WINDOWS\new_clip11.zip
.. OK ... C:\WINDOWS\new_clip14.zip
.. OK ... C:\WINDOWS\new_clip20.zip
.. OK ... C:\WINDOWS\new_clip23.zip
.. OK ... C:\WINDOWS\new_clip26.zip
.. OK ... C:\WINDOWS\new_clip29.zip
.. OK ... C:\WINDOWS\new_clip32.zip
.. OK ... C:\WINDOWS\new_clip35.zip
.. OK ... C:\WINDOWS\new_clip38.zip
.. OK ... C:\WINDOWS\new_clip41.zip
.. OK ... C:\WINDOWS\new_clip47.zip
.. OK ... C:\WINDOWS\new_clip5.zip
.. OK ... C:\WINDOWS\new_clip50.zip
.. OK ... C:\WINDOWS\new_clip53.zip
.. OK ... C:\WINDOWS\new_clip56.zip
.. OK ... C:\WINDOWS\new_clip59.zip
.. OK ... C:\WINDOWS\new_clip62.zip
.. OK ... C:\WINDOWS\new_clip65.zip
.. OK ... C:\WINDOWS\new_clip68.zip
.. OK ... C:\WINDOWS\new_clip71.zip
.. OK ... C:\WINDOWS\new_clip74.zip
.. OK ... C:\WINDOWS\new_clip8.zip
.. OK ... C:\WINDOWS\new_clip80.zip
.. OK ... C:\WINDOWS\new_clip86.zip
.. OK ... C:\WINDOWS\new_clip89.zip
.. OK ... C:\WINDOWS\new_clip92.zip
.. OK ... C:\WINDOWS\new_clip95.zip
.. OK ... C:\WINDOWS\new_clip98.zip
.. OK ... C:\WINDOWS\video_clip11.zip
.. OK ... C:\WINDOWS\video_clip14.zip
.. OK ... C:\WINDOWS\video_clip17.zip
.. OK ... C:\WINDOWS\video_clip2.zip
.. OK ... C:\WINDOWS\video_clip20.zip
.. OK ... C:\WINDOWS\video_clip23.zip
.. OK ... C:\WINDOWS\video_clip26.zip
.. OK ... C:\WINDOWS\video_clip29.zip
.. OK ... C:\WINDOWS\video_clip32.zip
.. OK ... C:\WINDOWS\video_clip38.zip
.. OK ... C:\WINDOWS\video_clip41.zip
.. OK ... C:\WINDOWS\video_clip44.zip
.. OK ... C:\WINDOWS\video_clip47.zip
.. OK ... C:\WINDOWS\video_clip5.zip
.. OK ... C:\WINDOWS\video_clip50.zip
.. OK ... C:\WINDOWS\video_clip53.zip
.. OK ... C:\WINDOWS\video_clip56.zip
.. OK ... C:\WINDOWS\video_clip59.zip
.. OK ... C:\WINDOWS\video_clip62.zip
.. OK ... C:\WINDOWS\video_clip65.zip
.. OK ... C:\WINDOWS\video_clip68.zip
.. OK ... C:\WINDOWS\video_clip71.zip
.. OK ... C:\WINDOWS\video_clip74.zip
.. OK ... C:\WINDOWS\video_clip77.zip
.. OK ... C:\WINDOWS\video_clip8.zip
.. OK ... C:\WINDOWS\video_clip80.zip
.. OK ... C:\WINDOWS\video_clip83.zip
.. OK ... C:\WINDOWS\video_clip86.zip
.. OK ... C:\WINDOWS\video_clip89.zip
.. OK ... C:\WINDOWS\video_clip92.zip
.. OK ... C:\WINDOWS\video_clip95.zip
.. OK ... C:\WINDOWS\webcam_pics1.zip
.. OK ... C:\WINDOWS\webcam_pics10.zip
.. OK ... C:\WINDOWS\webcam_pics13.zip
.. OK ... C:\WINDOWS\webcam_pics16.zip
.. OK ... C:\WINDOWS\webcam_pics19.zip
.. OK ... C:\WINDOWS\webcam_pics22.zip
.. OK ... C:\WINDOWS\webcam_pics25.zip
.. OK ... C:\WINDOWS\webcam_pics28.zip
.. OK ... C:\WINDOWS\webcam_pics31.zip
.. OK ... C:\WINDOWS\webcam_pics34.zip
.. OK ... C:\WINDOWS\webcam_pics37.zip
.. OK ... C:\WINDOWS\webcam_pics4.zip
.. OK ... C:\WINDOWS\webcam_pics40.zip
.. OK ... C:\WINDOWS\webcam_pics43.zip
.. OK ... C:\WINDOWS\webcam_pics46.zip
.. OK ... C:\WINDOWS\webcam_pics49.zip
.. OK ... C:\WINDOWS\webcam_pics52.zip
.. OK ... C:\WINDOWS\webcam_pics58.zip
.. OK ... C:\WINDOWS\webcam_pics64.zip
.. OK ... C:\WINDOWS\webcam_pics67.zip
.. OK ... C:\WINDOWS\webcam_pics7.zip
.. OK ... C:\WINDOWS\webcam_pics73.zip
.. OK ... C:\WINDOWS\webcam_pics79.zip
.. OK ... C:\WINDOWS\webcam_pics82.zip
.. OK ... C:\WINDOWS\webcam_pics88.zip
.. OK ... C:\WINDOWS\webcam_pics91.zip
.. OK ... C:\WINDOWS\webcam_pics97.zip
.. OK ... C:\WINDOWS\youtube0.zip
.. OK ... C:\WINDOWS\youtube15.zip
.. OK ... C:\WINDOWS\youtube18.zip
.. OK ... C:\WINDOWS\youtube21.zip
.. OK ... C:\WINDOWS\youtube24.zip
.. OK ... C:\WINDOWS\youtube27.zip
.. OK ... C:\WINDOWS\youtube3.zip
.. OK ... C:\WINDOWS\youtube30.zip
.. OK ... C:\WINDOWS\youtube33.zip
.. OK ... C:\WINDOWS\youtube36.zip
.. OK ... C:\WINDOWS\youtube42.zip
.. OK ... C:\WINDOWS\youtube45.zip
.. OK ... C:\WINDOWS\youtube48.zip
.. OK ... C:\WINDOWS\youtube51.zip
.. OK ... C:\WINDOWS\youtube54.zip
.. OK ... C:\WINDOWS\youtube57.zip
.. OK ... C:\WINDOWS\youtube6.zip
.. OK ... C:\WINDOWS\youtube63.zip
.. OK ... C:\WINDOWS\youtube69.zip
.. OK ... C:\WINDOWS\youtube72.zip
.. OK ... C:\WINDOWS\youtube75.zip
.. OK ... C:\WINDOWS\youtube78.zip
.. OK ... C:\WINDOWS\youtube81.zip
.. OK ... C:\WINDOWS\youtube84.zip
.. OK ... C:\WINDOWS\youtube87.zip
.. OK ... C:\WINDOWS\youtube9.zip
.. OK ... C:\WINDOWS\youtube93.zip
.. OK ... C:\WINDOWS\youtube96.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\sysnet32.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\´¬«°«0.zip] 6B049C314009F8136143EE80D4B16125
[C:\WINDOWS\´¬«°«12.zip] 4B7720060D17E5FACEB2A9D1855F827D
[C:\WINDOWS\´¬«°«15.zip] 5D98EE959E0D9C109124926D18252003
[C:\WINDOWS\´¬«°«18.zip] D4EC944165BA2741ACC7F27C49E3EE43
[C:\WINDOWS\´¬«°«21.zip] F32F3680BD0680344298DA3F8CEC0344
[C:\WINDOWS\´¬«°«24.zip] E37FA663C3537054F192FD150DCF5B77
[C:\WINDOWS\´¬«°«27.zip] 9F3CB6F4DDD72CA7DB308548C5631699
[C:\WINDOWS\´¬«°«3.zip] 5818BAB8598E25201404FE15958CF405
[C:\WINDOWS\´¬«°«30.zip] 07C2A72EC5984E669D424B0406C79CF1
[C:\WINDOWS\´¬«°«33.zip] 0C80D8F26296CC54788473A8903BA101
[C:\WINDOWS\´¬«°«36.zip] 9C73C0B412E4D706C03226233520B8B7
[C:\WINDOWS\´¬«°«42.zip] 0FC0FE335467D590E587A9195A6ED828
[C:\WINDOWS\´¬«°«48.zip] 8CFCD9A25372D72FB7F229FA094F894A
[C:\WINDOWS\´¬«°«51.zip] 3B271C8387375C587E1497505090EA65
[C:\WINDOWS\´¬«°«54.zip] B05F3171EDA833A419D4BA7868FDD221
[C:\WINDOWS\´¬«°«57.zip] 8627488BE4E34B65F56958FFF8214E20
[C:\WINDOWS\´¬«°«6.zip] C148F1FD95A29A29EE8F215C6D80EEE1
[C:\WINDOWS\´¬«°«60.zip] C8FFB3B277176EF9D8A8C121E52C773A
[C:\WINDOWS\´¬«°«63.zip] 75739B64924C51E731DA83304AD2D4A0
[C:\WINDOWS\´¬«°«66.zip] 65D3CC5F96854799618DAD0A6CA05CF0
[C:\WINDOWS\´¬«°«69.zip] 5ABB08A77CEDE94702F7427AFF5E8536
[C:\WINDOWS\´¬«°«72.zip] CBB3F5F302B4F9E6C2FD9DDA047641F5
[C:\WINDOWS\´¬«°«75.zip] A7A5686B7F6B67DAF1427E97EF26BBE2
[C:\WINDOWS\´¬«°«78.zip] 1A02A4A7DDA54679BADC20AF0C431698
[C:\WINDOWS\´¬«°«81.zip] 597BACE3B00111D0A8E46661B845516A
[C:\WINDOWS\´¬«°«84.zip] 16214A7F2B3554C9F7C0D66BAE619CB1
[C:\WINDOWS\´¬«°«9.zip] DF60078F29967B379B364527147558B2
[C:\WINDOWS\´¬«°«90.zip] AD5F4026AD3E0098BFC4EA6CB2F49ED7
[C:\WINDOWS\´¬«°«93.zip] 8D50B33CF7E4E50DDB098F8C49866314
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 07092007_11540203.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.492
C:\Documents and Settings\admin\Bureau\MSNFix\MSNFix
Fix exécuté le 07/09/2007 - 11:49:25,98 By admin
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html
... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html.$$$
... C:\DOCUME~1\admin\LOCALS~1\Temp\pa_0105.exe
... C:\WINDOWS\photos.zip
... C:\WINDOWS\service32.exe
... C:\WINDOWS\svchost.dll
... C:\WINDOWS\sysnet32.exe
... C:\WINDOWS\photos.zip
... C:\WINDOWS\mtv_clip1.zip
... C:\WINDOWS\mtv_clip10.zip
... C:\WINDOWS\mtv_clip13.zip
... C:\WINDOWS\mtv_clip19.zip
... C:\WINDOWS\mtv_clip22.zip
... C:\WINDOWS\mtv_clip25.zip
... C:\WINDOWS\mtv_clip28.zip
... C:\WINDOWS\mtv_clip31.zip
... C:\WINDOWS\mtv_clip37.zip
... C:\WINDOWS\mtv_clip4.zip
... C:\WINDOWS\mtv_clip43.zip
... C:\WINDOWS\mtv_clip46.zip
... C:\WINDOWS\mtv_clip49.zip
... C:\WINDOWS\mtv_clip52.zip
... C:\WINDOWS\mtv_clip55.zip
... C:\WINDOWS\mtv_clip58.zip
... C:\WINDOWS\mtv_clip61.zip
... C:\WINDOWS\mtv_clip64.zip
... C:\WINDOWS\mtv_clip67.zip
... C:\WINDOWS\mtv_clip7.zip
... C:\WINDOWS\mtv_clip70.zip
... C:\WINDOWS\mtv_clip79.zip
... C:\WINDOWS\mtv_clip82.zip
... C:\WINDOWS\mtv_clip85.zip
... C:\WINDOWS\mtv_clip88.zip
... C:\WINDOWS\mtv_clip91.zip
... C:\WINDOWS\mtv_clip97.zip
... C:\WINDOWS\new_clip11.zip
... C:\WINDOWS\new_clip14.zip
... C:\WINDOWS\new_clip20.zip
... C:\WINDOWS\new_clip23.zip
... C:\WINDOWS\new_clip26.zip
... C:\WINDOWS\new_clip29.zip
... C:\WINDOWS\new_clip32.zip
... C:\WINDOWS\new_clip35.zip
... C:\WINDOWS\new_clip38.zip
... C:\WINDOWS\new_clip41.zip
... C:\WINDOWS\new_clip47.zip
... C:\WINDOWS\new_clip5.zip
... C:\WINDOWS\new_clip50.zip
... C:\WINDOWS\new_clip53.zip
... C:\WINDOWS\new_clip56.zip
... C:\WINDOWS\new_clip59.zip
... C:\WINDOWS\new_clip62.zip
... C:\WINDOWS\new_clip65.zip
... C:\WINDOWS\new_clip68.zip
... C:\WINDOWS\new_clip71.zip
... C:\WINDOWS\new_clip74.zip
... C:\WINDOWS\new_clip8.zip
... C:\WINDOWS\new_clip80.zip
... C:\WINDOWS\new_clip86.zip
... C:\WINDOWS\new_clip89.zip
... C:\WINDOWS\new_clip92.zip
... C:\WINDOWS\new_clip95.zip
... C:\WINDOWS\new_clip98.zip
... C:\WINDOWS\video_clip11.zip
... C:\WINDOWS\video_clip14.zip
... C:\WINDOWS\video_clip17.zip
... C:\WINDOWS\video_clip2.zip
... C:\WINDOWS\video_clip20.zip
... C:\WINDOWS\video_clip23.zip
... C:\WINDOWS\video_clip26.zip
... C:\WINDOWS\video_clip29.zip
... C:\WINDOWS\video_clip32.zip
... C:\WINDOWS\video_clip38.zip
... C:\WINDOWS\video_clip41.zip
... C:\WINDOWS\video_clip44.zip
... C:\WINDOWS\video_clip47.zip
... C:\WINDOWS\video_clip5.zip
... C:\WINDOWS\video_clip50.zip
... C:\WINDOWS\video_clip53.zip
... C:\WINDOWS\video_clip56.zip
... C:\WINDOWS\video_clip59.zip
... C:\WINDOWS\video_clip62.zip
... C:\WINDOWS\video_clip65.zip
... C:\WINDOWS\video_clip68.zip
... C:\WINDOWS\video_clip71.zip
... C:\WINDOWS\video_clip74.zip
... C:\WINDOWS\video_clip77.zip
... C:\WINDOWS\video_clip8.zip
... C:\WINDOWS\video_clip80.zip
... C:\WINDOWS\video_clip83.zip
... C:\WINDOWS\video_clip86.zip
... C:\WINDOWS\video_clip89.zip
... C:\WINDOWS\video_clip92.zip
... C:\WINDOWS\video_clip95.zip
... C:\WINDOWS\webcam_pics1.zip
... C:\WINDOWS\webcam_pics10.zip
... C:\WINDOWS\webcam_pics13.zip
... C:\WINDOWS\webcam_pics16.zip
... C:\WINDOWS\webcam_pics19.zip
... C:\WINDOWS\webcam_pics22.zip
... C:\WINDOWS\webcam_pics25.zip
... C:\WINDOWS\webcam_pics28.zip
... C:\WINDOWS\webcam_pics31.zip
... C:\WINDOWS\webcam_pics34.zip
... C:\WINDOWS\webcam_pics37.zip
... C:\WINDOWS\webcam_pics4.zip
... C:\WINDOWS\webcam_pics40.zip
... C:\WINDOWS\webcam_pics43.zip
... C:\WINDOWS\webcam_pics46.zip
... C:\WINDOWS\webcam_pics49.zip
... C:\WINDOWS\webcam_pics52.zip
... C:\WINDOWS\webcam_pics58.zip
... C:\WINDOWS\webcam_pics64.zip
... C:\WINDOWS\webcam_pics67.zip
... C:\WINDOWS\webcam_pics7.zip
... C:\WINDOWS\webcam_pics73.zip
... C:\WINDOWS\webcam_pics79.zip
... C:\WINDOWS\webcam_pics82.zip
... C:\WINDOWS\webcam_pics88.zip
... C:\WINDOWS\webcam_pics91.zip
... C:\WINDOWS\webcam_pics97.zip
... C:\WINDOWS\youtube0.zip
... C:\WINDOWS\youtube15.zip
... C:\WINDOWS\youtube18.zip
... C:\WINDOWS\youtube21.zip
... C:\WINDOWS\youtube24.zip
... C:\WINDOWS\youtube27.zip
... C:\WINDOWS\youtube3.zip
... C:\WINDOWS\youtube30.zip
... C:\WINDOWS\youtube33.zip
... C:\WINDOWS\youtube36.zip
... C:\WINDOWS\youtube42.zip
... C:\WINDOWS\youtube45.zip
... C:\WINDOWS\youtube48.zip
... C:\WINDOWS\youtube51.zip
... C:\WINDOWS\youtube54.zip
... C:\WINDOWS\youtube57.zip
... C:\WINDOWS\youtube6.zip
... C:\WINDOWS\youtube63.zip
... C:\WINDOWS\youtube69.zip
... C:\WINDOWS\youtube72.zip
... C:\WINDOWS\youtube75.zip
... C:\WINDOWS\youtube78.zip
... C:\WINDOWS\youtube81.zip
... C:\WINDOWS\youtube84.zip
... C:\WINDOWS\youtube87.zip
... C:\WINDOWS\youtube9.zip
... C:\WINDOWS\youtube93.zip
... C:\WINDOWS\youtube96.zip
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html
.. OK ... C:\DOCUME~1\admin\LOCALS~1\Temp\1.html.$$$
.. OK ... C:\DOCUME~1\admin\LOCALS~1\Temp\pa_0105.exe
.. OK ... C:\WINDOWS\photos.zip
/!\ ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\svchost.dll
/!\ ... C:\WINDOWS\sysnet32.exe
.. OK ... C:\Documents and Settings\admin\bdetqk.exe
.. OK ... C:\Documents and Settings\admin\gmecnl.exe
.. OK ... C:\Documents and Settings\admin\hscowp.exe
.. OK ... C:\Documents and Settings\admin\utgnbn.exe
.. OK ... C:\WINDOWS\photos.zip
.. OK ... C:\WINDOWS\mtv_clip1.zip
.. OK ... C:\WINDOWS\mtv_clip10.zip
.. OK ... C:\WINDOWS\mtv_clip13.zip
.. OK ... C:\WINDOWS\mtv_clip19.zip
.. OK ... C:\WINDOWS\mtv_clip22.zip
.. OK ... C:\WINDOWS\mtv_clip25.zip
.. OK ... C:\WINDOWS\mtv_clip28.zip
.. OK ... C:\WINDOWS\mtv_clip31.zip
.. OK ... C:\WINDOWS\mtv_clip37.zip
.. OK ... C:\WINDOWS\mtv_clip4.zip
.. OK ... C:\WINDOWS\mtv_clip43.zip
.. OK ... C:\WINDOWS\mtv_clip46.zip
.. OK ... C:\WINDOWS\mtv_clip49.zip
.. OK ... C:\WINDOWS\mtv_clip52.zip
.. OK ... C:\WINDOWS\mtv_clip55.zip
.. OK ... C:\WINDOWS\mtv_clip58.zip
.. OK ... C:\WINDOWS\mtv_clip61.zip
.. OK ... C:\WINDOWS\mtv_clip64.zip
.. OK ... C:\WINDOWS\mtv_clip67.zip
.. OK ... C:\WINDOWS\mtv_clip7.zip
.. OK ... C:\WINDOWS\mtv_clip70.zip
.. OK ... C:\WINDOWS\mtv_clip79.zip
.. OK ... C:\WINDOWS\mtv_clip82.zip
.. OK ... C:\WINDOWS\mtv_clip85.zip
.. OK ... C:\WINDOWS\mtv_clip88.zip
.. OK ... C:\WINDOWS\mtv_clip91.zip
.. OK ... C:\WINDOWS\mtv_clip97.zip
.. OK ... C:\WINDOWS\new_clip11.zip
.. OK ... C:\WINDOWS\new_clip14.zip
.. OK ... C:\WINDOWS\new_clip20.zip
.. OK ... C:\WINDOWS\new_clip23.zip
.. OK ... C:\WINDOWS\new_clip26.zip
.. OK ... C:\WINDOWS\new_clip29.zip
.. OK ... C:\WINDOWS\new_clip32.zip
.. OK ... C:\WINDOWS\new_clip35.zip
.. OK ... C:\WINDOWS\new_clip38.zip
.. OK ... C:\WINDOWS\new_clip41.zip
.. OK ... C:\WINDOWS\new_clip47.zip
.. OK ... C:\WINDOWS\new_clip5.zip
.. OK ... C:\WINDOWS\new_clip50.zip
.. OK ... C:\WINDOWS\new_clip53.zip
.. OK ... C:\WINDOWS\new_clip56.zip
.. OK ... C:\WINDOWS\new_clip59.zip
.. OK ... C:\WINDOWS\new_clip62.zip
.. OK ... C:\WINDOWS\new_clip65.zip
.. OK ... C:\WINDOWS\new_clip68.zip
.. OK ... C:\WINDOWS\new_clip71.zip
.. OK ... C:\WINDOWS\new_clip74.zip
.. OK ... C:\WINDOWS\new_clip8.zip
.. OK ... C:\WINDOWS\new_clip80.zip
.. OK ... C:\WINDOWS\new_clip86.zip
.. OK ... C:\WINDOWS\new_clip89.zip
.. OK ... C:\WINDOWS\new_clip92.zip
.. OK ... C:\WINDOWS\new_clip95.zip
.. OK ... C:\WINDOWS\new_clip98.zip
.. OK ... C:\WINDOWS\video_clip11.zip
.. OK ... C:\WINDOWS\video_clip14.zip
.. OK ... C:\WINDOWS\video_clip17.zip
.. OK ... C:\WINDOWS\video_clip2.zip
.. OK ... C:\WINDOWS\video_clip20.zip
.. OK ... C:\WINDOWS\video_clip23.zip
.. OK ... C:\WINDOWS\video_clip26.zip
.. OK ... C:\WINDOWS\video_clip29.zip
.. OK ... C:\WINDOWS\video_clip32.zip
.. OK ... C:\WINDOWS\video_clip38.zip
.. OK ... C:\WINDOWS\video_clip41.zip
.. OK ... C:\WINDOWS\video_clip44.zip
.. OK ... C:\WINDOWS\video_clip47.zip
.. OK ... C:\WINDOWS\video_clip5.zip
.. OK ... C:\WINDOWS\video_clip50.zip
.. OK ... C:\WINDOWS\video_clip53.zip
.. OK ... C:\WINDOWS\video_clip56.zip
.. OK ... C:\WINDOWS\video_clip59.zip
.. OK ... C:\WINDOWS\video_clip62.zip
.. OK ... C:\WINDOWS\video_clip65.zip
.. OK ... C:\WINDOWS\video_clip68.zip
.. OK ... C:\WINDOWS\video_clip71.zip
.. OK ... C:\WINDOWS\video_clip74.zip
.. OK ... C:\WINDOWS\video_clip77.zip
.. OK ... C:\WINDOWS\video_clip8.zip
.. OK ... C:\WINDOWS\video_clip80.zip
.. OK ... C:\WINDOWS\video_clip83.zip
.. OK ... C:\WINDOWS\video_clip86.zip
.. OK ... C:\WINDOWS\video_clip89.zip
.. OK ... C:\WINDOWS\video_clip92.zip
.. OK ... C:\WINDOWS\video_clip95.zip
.. OK ... C:\WINDOWS\webcam_pics1.zip
.. OK ... C:\WINDOWS\webcam_pics10.zip
.. OK ... C:\WINDOWS\webcam_pics13.zip
.. OK ... C:\WINDOWS\webcam_pics16.zip
.. OK ... C:\WINDOWS\webcam_pics19.zip
.. OK ... C:\WINDOWS\webcam_pics22.zip
.. OK ... C:\WINDOWS\webcam_pics25.zip
.. OK ... C:\WINDOWS\webcam_pics28.zip
.. OK ... C:\WINDOWS\webcam_pics31.zip
.. OK ... C:\WINDOWS\webcam_pics34.zip
.. OK ... C:\WINDOWS\webcam_pics37.zip
.. OK ... C:\WINDOWS\webcam_pics4.zip
.. OK ... C:\WINDOWS\webcam_pics40.zip
.. OK ... C:\WINDOWS\webcam_pics43.zip
.. OK ... C:\WINDOWS\webcam_pics46.zip
.. OK ... C:\WINDOWS\webcam_pics49.zip
.. OK ... C:\WINDOWS\webcam_pics52.zip
.. OK ... C:\WINDOWS\webcam_pics58.zip
.. OK ... C:\WINDOWS\webcam_pics64.zip
.. OK ... C:\WINDOWS\webcam_pics67.zip
.. OK ... C:\WINDOWS\webcam_pics7.zip
.. OK ... C:\WINDOWS\webcam_pics73.zip
.. OK ... C:\WINDOWS\webcam_pics79.zip
.. OK ... C:\WINDOWS\webcam_pics82.zip
.. OK ... C:\WINDOWS\webcam_pics88.zip
.. OK ... C:\WINDOWS\webcam_pics91.zip
.. OK ... C:\WINDOWS\webcam_pics97.zip
.. OK ... C:\WINDOWS\youtube0.zip
.. OK ... C:\WINDOWS\youtube15.zip
.. OK ... C:\WINDOWS\youtube18.zip
.. OK ... C:\WINDOWS\youtube21.zip
.. OK ... C:\WINDOWS\youtube24.zip
.. OK ... C:\WINDOWS\youtube27.zip
.. OK ... C:\WINDOWS\youtube3.zip
.. OK ... C:\WINDOWS\youtube30.zip
.. OK ... C:\WINDOWS\youtube33.zip
.. OK ... C:\WINDOWS\youtube36.zip
.. OK ... C:\WINDOWS\youtube42.zip
.. OK ... C:\WINDOWS\youtube45.zip
.. OK ... C:\WINDOWS\youtube48.zip
.. OK ... C:\WINDOWS\youtube51.zip
.. OK ... C:\WINDOWS\youtube54.zip
.. OK ... C:\WINDOWS\youtube57.zip
.. OK ... C:\WINDOWS\youtube6.zip
.. OK ... C:\WINDOWS\youtube63.zip
.. OK ... C:\WINDOWS\youtube69.zip
.. OK ... C:\WINDOWS\youtube72.zip
.. OK ... C:\WINDOWS\youtube75.zip
.. OK ... C:\WINDOWS\youtube78.zip
.. OK ... C:\WINDOWS\youtube81.zip
.. OK ... C:\WINDOWS\youtube84.zip
.. OK ... C:\WINDOWS\youtube87.zip
.. OK ... C:\WINDOWS\youtube9.zip
.. OK ... C:\WINDOWS\youtube93.zip
.. OK ... C:\WINDOWS\youtube96.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\sysnet32.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\´¬«°«0.zip] 6B049C314009F8136143EE80D4B16125
[C:\WINDOWS\´¬«°«12.zip] 4B7720060D17E5FACEB2A9D1855F827D
[C:\WINDOWS\´¬«°«15.zip] 5D98EE959E0D9C109124926D18252003
[C:\WINDOWS\´¬«°«18.zip] D4EC944165BA2741ACC7F27C49E3EE43
[C:\WINDOWS\´¬«°«21.zip] F32F3680BD0680344298DA3F8CEC0344
[C:\WINDOWS\´¬«°«24.zip] E37FA663C3537054F192FD150DCF5B77
[C:\WINDOWS\´¬«°«27.zip] 9F3CB6F4DDD72CA7DB308548C5631699
[C:\WINDOWS\´¬«°«3.zip] 5818BAB8598E25201404FE15958CF405
[C:\WINDOWS\´¬«°«30.zip] 07C2A72EC5984E669D424B0406C79CF1
[C:\WINDOWS\´¬«°«33.zip] 0C80D8F26296CC54788473A8903BA101
[C:\WINDOWS\´¬«°«36.zip] 9C73C0B412E4D706C03226233520B8B7
[C:\WINDOWS\´¬«°«42.zip] 0FC0FE335467D590E587A9195A6ED828
[C:\WINDOWS\´¬«°«48.zip] 8CFCD9A25372D72FB7F229FA094F894A
[C:\WINDOWS\´¬«°«51.zip] 3B271C8387375C587E1497505090EA65
[C:\WINDOWS\´¬«°«54.zip] B05F3171EDA833A419D4BA7868FDD221
[C:\WINDOWS\´¬«°«57.zip] 8627488BE4E34B65F56958FFF8214E20
[C:\WINDOWS\´¬«°«6.zip] C148F1FD95A29A29EE8F215C6D80EEE1
[C:\WINDOWS\´¬«°«60.zip] C8FFB3B277176EF9D8A8C121E52C773A
[C:\WINDOWS\´¬«°«63.zip] 75739B64924C51E731DA83304AD2D4A0
[C:\WINDOWS\´¬«°«66.zip] 65D3CC5F96854799618DAD0A6CA05CF0
[C:\WINDOWS\´¬«°«69.zip] 5ABB08A77CEDE94702F7427AFF5E8536
[C:\WINDOWS\´¬«°«72.zip] CBB3F5F302B4F9E6C2FD9DDA047641F5
[C:\WINDOWS\´¬«°«75.zip] A7A5686B7F6B67DAF1427E97EF26BBE2
[C:\WINDOWS\´¬«°«78.zip] 1A02A4A7DDA54679BADC20AF0C431698
[C:\WINDOWS\´¬«°«81.zip] 597BACE3B00111D0A8E46661B845516A
[C:\WINDOWS\´¬«°«84.zip] 16214A7F2B3554C9F7C0D66BAE619CB1
[C:\WINDOWS\´¬«°«9.zip] DF60078F29967B379B364527147558B2
[C:\WINDOWS\´¬«°«90.zip] AD5F4026AD3E0098BFC4EA6CB2F49ED7
[C:\WINDOWS\´¬«°«93.zip] 8D50B33CF7E4E50DDB098F8C49866314
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 07092007_11540203.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
bonjour a tous je suis nouveau sur ce forum et j'ai reçus un fichier par un de mes contacte c'étai un fichier winrar avec comme nom z058 !! je vous met le rapport de msnfix :
MSNFix 1.493
C:\Documents and Settings\lacroix\Bureau\MSNFix
Fix exécuté le 08/09/2007 - 13:14:31,62 By lacroix
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\wdfmgr.exe
... C:\WINDOWS\Z058_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Z058_jpg.zip
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\wdfmgr.exe
.. OK ... C:\WINDOWS\Z058_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\Z058_jpg.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\wdfmgr.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\boxplt2.zip] D14E6CAA06C73A532902E781F7DB9D8D
[C:\catalogo.zip] 998D6F5F544DC957A7FF5A292F2DB3E6
[C:\Medal_Of_Honor_Debarquement_allie_Patch_1.11.zip] E7AE45DC0D2AF15874C7A99F818897DC
[C:\winsub.zip] 697427C5DB2460A3A47B9CBD5C9FF4C2
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08092007_13192313.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
et celui de hijack :
Logfile of HijackThis v1.99.1
Scan saved at 13:34:58, on 08/09/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~3\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~3\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~3\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~3\Wanadoo\ComComp.exe
C:\PROGRA~3\Wanadoo\Toaster.exe
C:\PROGRA~3\Wanadoo\Inactivity.exe
C:\PROGRA~3\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Inventel\Gateway\WLANCFG.EXE
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\PROGRA~3\Wanadoo\Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Eset\nod32krn.exe
C:\Documents and Settings\lacroix\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~3\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~3\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~3\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~3\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~3\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~3\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/instal [...] art_fr.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://static.impots.gouv.fr/abos/securite/xenroll.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/ [...] NPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9230454746
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~3\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~3\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe
08/09/2007 a 13:39:21,70
*** Recherche des fichiers dans C:
C:\setup.exe FOUND
C:\setup.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\winsys.exe FOUND
"C:\WINDOWS\Downloaded Program Files\*_*_*NetInstaller.exe" FOUND
"C:\Documents and Settings\lacroix\Application Data\DriveCleaner Free\" FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Fichiers communs\DriveCleaner Free\" FOUND
*** Fin du rapport !
mdr !! J'avoue !! jvien de voir que tu l'avais di en fait !! j'avais meme pas tilité excuse ! tout le merite te revien !! lool en tout cas sa a marcher parfaitement ! merci !!
Bonsoir,
Victime du virus Z058 sur msn, voilà mes rapports
MSNFix.zip, j'ai exécuté l'option N :
R‚pertoire de C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1
03/09/2006 21:11 <REP> OLK34
0 fichier(s) 0 octets
R‚pertoire de C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5
08/09/2007 22:43 10ÿ321ÿ920 index.dat
1 fichier(s) 10ÿ321ÿ920 octets
R‚pertoire de C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\0P6BS9AJ
07/09/2007 21:54 9ÿ706 0%20(18)[1].gif
17/11/2006 23:43 43 000100119480-pixel[1].gif...........
HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 22:56:06, on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199[1].zip\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\171d2120022f92869484c921d3263cc3\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bfb33b0e45d74f07b209766a91f74421
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bfb33b0e45d74f07b209766a91f74421
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
Merci pour ton aide.
Bonsoir,
Victime du virus Z058 sur msn, voilà mes rapports
MSNFix.zip, j'ai exécuté l'option N :
R‚pertoire de C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1
03/09/2006 21:11 <REP> OLK34
0 fichier(s) 0 octets
R‚pertoire de C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5
08/09/2007 22:43 10ÿ321ÿ920 index.dat
1 fichier(s) 10ÿ321ÿ920 octets
R‚pertoire de C:\DOCUME~1\Admin\LOCALS~1\TEMPOR~1\Content.IE5\0P6BS9AJ
07/09/2007 21:54 9ÿ706 0%20(18)[1].gif
17/11/2006 23:43 43 000100119480-pixel[1].gif...........
HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 22:56:06, on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Admin\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199[1].zip\HijackThis.exe
C:\WINDOWS\SoftwareDistribution\Download\171d2120022f92869484c921d3263cc3\update\update.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Packard Bell Data Secure] C:\Program Files\Packard Bell Data Secure\PBDataSecure.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bfb33b0e45d74f07b209766a91f74421
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bfb33b0e45d74f07b209766a91f74421
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.0.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
Merci pour ton aide.
MSNFix 1.494
C:\Documents and Settings\marjorie auffranc\Bureau\MSNFix\MSNFix
Fix exécuté le 09/09/2007 - 20:33:18,95 By marjorie auffranc
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\Perrier.scr] F6137789DC15D1419F8129B4743AB3ED
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 09092007_20333229.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:27:55, on 09/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\wdfmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marjorie auffranc\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\LOGICI~1\spybot\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [ORAHSSStartup] "C:\Program Files\OrangeHSS\Launcher\Launcher.exe" -appid connectivityapp
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\marjorie auffranc\Bureau\MSNFix\MSNFix\MSNFix.bat /pass2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\RunOnce: [MSNFix] C:\Documents and Settings\marjorie auffranc\Bureau\MSNFix\MSNFix\MSNFix.bat /pass2
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
MSNFix 1.494
C:\Documents and Settings\HP_Propri‚taire\Bureau\MSNFix
Fix exécuté le 09/09/2007 - 21:08:09,50 By HP_Propri‚taire
mode normal
************************ Recherche les fichiers présents
... C:\autorun.inf
... C:\WINDOWS\IMG0024.zip
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\autorun.inf
.. OK ... C:\WINDOWS\IMG0024.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\Documents and Settings\HP_Propriétaire\remote.exe] 50112E8E832B64EEEF53039DB3E94951
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 09092007_21100676.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:13:51, on 09/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\FICHIE~1\SYMANT~1\SECURI~2\NSCSRVCE.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\uTorrent\utorrent.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr? [...] pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi_Media_France - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Services Registry] C:\WINDOWS\system\services.exe
O4 - HKLM\..\Run: [Log System] C:\WINDOWS\system32\xhlubcqyn.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?e44a8fcae3cd443b923533f1a4fc4b3
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?e44a8fcae3cd443b923533f1a4fc4b3
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C4C824C-B88B-4627-B636-02A3E6C354A2}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
Slt tout le monde!
moi aussi j'me suis faite avoir par ce maudit virus!
G fait ce que vinc54380 a expliqué (p.2).
Voici les rapports de MSNFix (après redémarrage) puis de hijackthis_199
En espérant que ça aura fonctionné:
MSNFix 1.495
C:\Documents and Settings\Florence\Bureau\MSNFix\MSNFix
Fix exécuté le 10/09/2007 - 23:49:11,98 By Florence Rigau
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10092007_23492293.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 00:01:06, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\tsnp2std.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Florence Rigau\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy/autoconf/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ab10dc6c742c406891f0e43824332598
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ab10dc6c742c406891f0e43824332598
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/ [...] eaming.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://flowertriskel.spaces.live.c [...] nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 09:46:36, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\olivier\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.club-internet.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run=
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Gamesurround Muse Pocket.lnk = C:\Program Files\Hercules\Audio\Gamesurround Muse Pocket\MuseCPL.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
MSNFix 1.495
C:\Documents and Settings\laurŠne\Bureau\MSNFix
Fix exécuté le 11/09/2007 - 20:10:31,25 By laurŠne
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\wdfmgr.exe
... C:\WINDOWS\Z058_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\pic_final.zip
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\Z058_jpg.zip
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\wdfmgr.exe
.. OK ... C:\WINDOWS\Z058_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\pic_final.zip
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\Z058_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\attach2.zip] 76CDB2BAD9582D23C1F6F4D868218D6C
[C:\WINDOWS\death.zip] F637AD9CC03EA224B9B1C6AEAF72B25E
[C:\WINDOWS\details.zip] A2908324DD7F4D116050C55E371B68B9
[C:\WINDOWS\document.zip] 7F2BBCA8ABD3992CD839833AC951CDAB
[C:\WINDOWS\friend.zip] 2FB9D3E7B4D9E5D6B648CBBEBBCB047B
[C:\WINDOWS\letter_jokes.zip] 7F2BBCA8ABD3992CD839833AC951CDAB
[C:\WINDOWS\location.zip] 76CDB2BAD9582D23C1F6F4D868218D6C
[C:\WINDOWS\old_photos_part2.zip] ADCC98200D087ED44C946BBC7A5C0BA6
[C:\WINDOWS\warez.zip] 72A9B1F5E850E3A0118445C64BA953CD
[C:\primus.zip] 5A027194F669E2F64E893B5DCEBBB81C
[C:\tp13.zip] 777C78C43BE6203A8C1EF31285D77A6B
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11092007_20110905.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 20:47:07, on 11/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\services.exe
C:\Documents and Settings\laurène\Local Settings\Temporary Internet Files\Content.IE5\GL43CJON\VundoFix[1].exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\system32\verclsid.exe
C:\Documents and Settings\laurène\Local Settings\Temp\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/y [...] ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/y [...] .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 213.239.0.226 andr.net
O1 - Hosts: 213.239.0.226 www.andr.net
O1 - Hosts: 213.239.0.226 crackz.ws
O1 - Hosts: 213.239.0.226 www.crackz.ws
O1 - Hosts: 213.239.0.226 crackspider.com
O1 - Hosts: 213.239.0.226 www.crackspider.com
O1 - Hosts: 213.239.0.226 astalavista.box.sk
O2 - BHO: ypzeoaahfnfemamerbhh - {4dffefb4-ed2a-451c-92b9-504a33059ba8} - C:\DOCUME~1\LAURNE~1\APPLIC~1\mzlyglnstq.dll (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O3 - Toolbar: heaagldsssi - {81e35c61-b750-4cee-af2b-cfc99ebe6a4d} - C:\DOCUME~1\LAURNE~1\APPLIC~1\mzlyglnstq.dll (file missing)
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\ftwain.dll,_mainRD
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [YaeE] C:\WINDOWS\ntcves.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [eBrpRgjFi] dspkmgr.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.c [...] 1/chat.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b30149.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/137b93 [...] 601_fr.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (Image Uploader 3.0 Control) - http://www2.photoweb.fr/albums/tel [...] otoweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 0630081731
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadM [...] ownMan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b30149.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) - http://a14.g.akamai.net/f/14/7141/ [...] .17_c2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MediaBar) - http://sib1.od2.com/common/musicma [...] Plugin.CAB
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fr.jackpotcity.microgaming. [...] lashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Service de sécurité matérielle (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
Bonjour à vous, bien embeté avc virus pouvez vous m'aider
rapport msnfix
MSNFix 1.495
C:\Documents and Settings\pascal\Bureau\MSNFix\MSNFix
Fix exécuté le 12/09/2007 - 6:20:15,53 By pascal
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Fichiers communs\Delsim\del.exe
... C:\WINDOWS\wdfmgr.exe
... C:\WINDOWS\Z058_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\Z058_jpg.zip
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Delsim\
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Fichiers communs\Delsim\del.exe
.. OK ... C:\WINDOWS\wdfmgr.exe
.. OK ... C:\WINDOWS\Z058_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\Z058_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Program Files\Fichiers communs\Delsim\
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 12092007_ 6214233.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END
rapport hijack
Logfile of HijackThis v1.99.1
Scan saved at 06:23:40, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\services.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\g7n4l2o4i4v4.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\pascal\Bureau\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/script [...] lc=040c&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts [...] ch&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts [...] ch&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/script [...] lc=040c&ac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {AA199508-63F8-97A7-1321-B7DFDCC074C1} - C:\DOCUME~1\pascal\APPLIC~1\WINAXI~1\Default Dead.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - http://www.bobtv.fr/download/cfweb [...] module.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD32E2FB-161F-4B6A-8A55-C44E6AC8389A}: NameServer = 172.20.0.1 217.194.158.30
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Serveur RPC eTrust Antivirus (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: Serveur eTrust Antivirus Temps réel (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: Serveur de jobs eTrust Antivirus (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
merci
J'ai ete moi meme attaquer voici les rapports :
MSNFix 1.495
C:\Documents and Settings\Jean Pyerre\Bureau\MSNFix\MSNFix
Fix exécuté le 12/09/2007 - 17:58:26,48 By Jean Pyerre
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
... C:\WINDOWS\system32\updatelinkmsn\
************************ Suppression des fichiers
************************ Suppression des dossiers
.. OK ... C:\WINDOWS\system32\updatelinkmsn\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 12092007_18001082.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:57:32, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\services.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Jean Pyerre\Bureau\w3hph.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\Jean Pyerre\Local Settings\Temp\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1104.72
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.o [...] meHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C
Documents%20and%20Settings/Jean%20Pyerre/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB93D2B-FF75-49CA-8627-90010D83BE97}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB93D2B-FF75-49CA-8627-90010D83BE97}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BB93D2B-FF75-49CA-8627-90010D83BE97}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Bonjour voila g eu le virus aussi voici le rapport:
MSNFix 1.495
C:\Documents and Settings\admin\Bureau\MSNFix
Fix exécuté le 12/09/2007 - 18:34:34,25 By admin
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\IFinst27.exe
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\W139_jpg.zip
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\IFinst27.exe
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\W139_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 12092007_18383840.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 18:58:55, on 12/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\services.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Advanced Messenger Plus\AdvMsg.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\admin\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [services.exe] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Advanced Messenger Plus.lnk = C:\Program Files\Advanced Messenger Plus\AdvMsg.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawfl [...] awflow.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 9448829176
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Program Files\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
MSNFix 1.498
C:\Documents and Settings\Jean Pyerre\Local Settings\Temp\MSNFix\MSNFix
Fix exécuté le 13/09/2007 - 12:18:56,48 By Jean Pyerre
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\services.exe
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\W139_jpg.zip
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\services.exe
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\W139_jpg.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\services.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 13092007_12243046.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 12:29:14, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lexmark 7300 Series\lxcimon.exe
C:\Program Files\Lexmark 7300 Series\ezprint.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Multimedia Mouse Driver\MouseDrv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\lxcicoms.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SuperCopier\SuperCopier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\JEANPY~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LXCICATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCItime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcimon.exe] "C:\Program Files\Lexmark 7300 Series\lxcimon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 7300 Series\ezprint.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Cammaestro 4.2GU build 1104.72
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Multimedia Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SuperCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/n [...] 0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/671 [...] taller.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.o [...] meHost.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///CDocuments%20and%20Settings/Jean%20Pyerre/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BB93D2B-FF75-49CA-8627-90010D83BE97}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BB93D2B-FF75-49CA-8627-90010D83BE97}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{1BB93D2B-FF75-49CA-8627-90010D83BE97}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
bjr,je laisse mon rapport msnfix suite aux meme prb que vous,jespere qu'ensuite ,tout redeviendra normal sur msn....
MSNFix 1.498
C:\Documents and Settings\fredix\Bureau\MSNFix
Fix exécuté le 13/09/2007 - 15:25:18,84 By fredix
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system\lsass.exe
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\system\lsass.exe
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
voici le deuxieme rapport
Logfile of HijackThis v1.99.1
Scan saved at 15:46:17, on 13/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\a-squared free\a2service.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM303_STI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system\lsass.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\fredix\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.rd.yahoo.com/customize/i [...] .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/i [...] .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: VisuExplorer - {92E1B3F7-0546-421E-9835-904D25B7BA66} - C:\WINDOWS\system32\msiev32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\fredix\Bureau\MSNFix\MSNFix.bat /pass2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [MSNFix] C:\Documents and Settings\fredix\Bureau\MSNFix\MSNFix.bat /pass2
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Open PDF in Word - res://C:\Program Files\ScanSoft\PDF Converter\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn. [...] ngctrl.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ [...] loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1DDC3D19-AA8B-45CB-9413-3A9072F1ED7E}: NameServer = 217.27.32.5,213.228.0.168
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - {130A8A37-CBE9-43C8-AD88-BEA7F9E522B3} - C:\WINDOWS\system32\dpah.dll
O18 - Filter: text/plain - {130A8A37-CBE9-43C8-AD88-BEA7F9E522B3} - C:\WINDOWS\system32\dpah.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
MSNFix 1.499
C:\Documents and Settings\laeti\Bureau\MSNFix
Fix exécuté le 14/09/2007 - 14:01:04,26 By laeti
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\laeti\LOCALS~1\Temp\1.html
... C:\DOCUME~1\laeti\LOCALS~1\Temp\1.html.$$$
... C:\DOCUME~1\laeti\LOCALS~1\Temp\pa_0105.exe
... C:\WINDOWS\service32.exe
... C:\WINDOWS\svchost.dll
... C:\WINDOWS\sysnet32.exe
... C:\WINDOWS\system32\msnfix.exe
... C:\WINDOWS\system32\syspoint.dll
... C:\WINDOWS\Photo37.zip
... C:\WINDOWS\Photo67.zip
... C:\WINDOWS\IMG8438711.zip
... C:\WINDOWS\IMG8438729.zip
... C:\WINDOWS\IMG8438738.zip
... C:\WINDOWS\IMG843875.zip
... C:\WINDOWS\IMG8438756.zip
... C:\WINDOWS\IMG8438762.zip
... C:\WINDOWS\IMG8438777.zip
... C:\WINDOWS\IMG8438789.zip
... C:\WINDOWS\IMG8438795.zip
... C:\WINDOWS\love27.zip
... C:\WINDOWS\love30.zip
... C:\WINDOWS\love33.zip
... C:\WINDOWS\love45.zip
... C:\WINDOWS\love60.zip
... C:\WINDOWS\DSC0343522.zip
... C:\WINDOWS\DSC0343534.zip
... C:\WINDOWS\DSC0343555.zip
... C:\WINDOWS\DSC0343561.zip
... C:\WINDOWS\DSC0343570.zip
... C:\WINDOWS\DSC0343594.zip
... C:\WINDOWS\IMG8438711.zip
... C:\WINDOWS\IMG8438729.zip
... C:\WINDOWS\IMG8438738.zip
... C:\WINDOWS\IMG843875.zip
... C:\WINDOWS\IMG8438756.zip
... C:\WINDOWS\IMG8438762.zip
... C:\WINDOWS\IMG8438777.zip
... C:\WINDOWS\IMG8438789.zip
... C:\WINDOWS\IMG8438795.zip
... C:\WINDOWS\beachpicture12.zip
... C:\WINDOWS\beachpicture45.zip
... C:\WINDOWS\beachpicture48.zip
... C:\WINDOWS\beachpicture69.zip
... C:\WINDOWS\beachpicture78.zip
... C:\WINDOWS\beachpicture84.zip
... C:\WINDOWS\beachpicture87.zip
... C:\WINDOWS\beachpicture93.zip
... C:\WINDOWS\secretimages14.zip
... C:\WINDOWS\secretimages26.zip
... C:\WINDOWS\secretimages32.zip
... C:\WINDOWS\secretimages41.zip
... C:\WINDOWS\secretimages47.zip
... C:\WINDOWS\secretimages89.zip
... C:\WINDOWS\secretimages95.zip
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\laeti\LOCALS~1\Temp\1.html
.. OK ... C:\DOCUME~1\laeti\LOCALS~1\Temp\1.html.$$$
.. OK ... C:\DOCUME~1\laeti\LOCALS~1\Temp\pa_0105.exe
/!\ ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\svchost.dll
/!\ ... C:\WINDOWS\sysnet32.exe
.. OK ... C:\WINDOWS\system32\msnfix.exe
/!\ ... C:\WINDOWS\system32\syspoint.dll
.. OK ... C:\WINDOWS\Photo37.zip
.. OK ... C:\WINDOWS\Photo67.zip
.. OK ... C:\WINDOWS\IMG8438711.zip
.. OK ... C:\WINDOWS\IMG8438729.zip
.. OK ... C:\WINDOWS\IMG8438738.zip
.. OK ... C:\WINDOWS\IMG843875.zip
.. OK ... C:\WINDOWS\IMG8438756.zip
.. OK ... C:\WINDOWS\IMG8438762.zip
.. OK ... C:\WINDOWS\IMG8438777.zip
.. OK ... C:\WINDOWS\IMG8438789.zip
.. OK ... C:\WINDOWS\IMG8438795.zip
.. OK ... C:\WINDOWS\love27.zip
.. OK ... C:\WINDOWS\love30.zip
.. OK ... C:\WINDOWS\love33.zip
.. OK ... C:\WINDOWS\love45.zip
.. OK ... C:\WINDOWS\love60.zip
.. OK ... C:\WINDOWS\DSC0343522.zip
.. OK ... C:\WINDOWS\DSC0343534.zip
.. OK ... C:\WINDOWS\DSC0343555.zip
.. OK ... C:\WINDOWS\DSC0343561.zip
.. OK ... C:\WINDOWS\DSC0343570.zip
.. OK ... C:\WINDOWS\DSC0343594.zip
.. OK ... C:\WINDOWS\IMG8438711.zip
.. OK ... C:\WINDOWS\IMG8438729.zip
.. OK ... C:\WINDOWS\IMG8438738.zip
.. OK ... C:\WINDOWS\IMG843875.zip
.. OK ... C:\WINDOWS\IMG8438756.zip
.. OK ... C:\WINDOWS\IMG8438762.zip
.. OK ... C:\WINDOWS\IMG8438777.zip
.. OK ... C:\WINDOWS\IMG8438789.zip
.. OK ... C:\WINDOWS\IMG8438795.zip
.. OK ... C:\WINDOWS\beachpicture12.zip
.. OK ... C:\WINDOWS\beachpicture45.zip
.. OK ... C:\WINDOWS\beachpicture48.zip
.. OK ... C:\WINDOWS\beachpicture69.zip
.. OK ... C:\WINDOWS\beachpicture78.zip
.. OK ... C:\WINDOWS\beachpicture84.zip
.. OK ... C:\WINDOWS\beachpicture87.zip
.. OK ... C:\WINDOWS\beachpicture93.zip
.. OK ... C:\WINDOWS\secretimages14.zip
.. OK ... C:\WINDOWS\secretimages26.zip
.. OK ... C:\WINDOWS\secretimages32.zip
.. OK ... C:\WINDOWS\secretimages41.zip
.. OK ... C:\WINDOWS\secretimages47.zip
.. OK ... C:\WINDOWS\secretimages89.zip
.. OK ... C:\WINDOWS\secretimages95.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\service32.exe
.. OK ... C:\WINDOWS\sysnet32.exe
.. OK ... C:\WINDOWS\system32\syspoint.dll
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\file43.zip] BAAE3F27494B40B6C6814A6FA0861C4A
[C:\WINDOWS\files40.zip] 7A62E3AD4080D4C4B252303B13235DBC
[C:\WINDOWS\news74.zip] 98C45C9BB14684945025DED708E78B63
[C:\WINDOWS\news89.zip] CEC5C4AE2E4CF3767424BA796109EC26
[C:\WINDOWS\system32\Flurry.scr] 04810EC57CBBDD1F047C8217B9F6C092
[C:\WINDOWS\system32\Nostalgic.scr] E2A7262E2C24EAF1C15CBDDA29E1D1EA
[C:\WINDOWS\system32\ParticleFountain.scr] 4C1323520EB29618930875E0EB1907E0
[C:\WINDOWS\system32\Pernille.scr] D247CF88FBF08AC06C039CAC6DC3B864
[C:\WINDOWS\system32\ReallySlick_Skyrocket_v1.scr] F28C4A08C0C29AAC9DBBF531ED21D63D
[C:\WINDOWS\system32\SelectourScreensaver.scr] CD9E5E727F13267B5DF657D6C2B185A7
[C:\WINDOWS\system32\Tunnel-B12.scr] 35141648A5AAFEC3D4F07EBBD9B83F6C
[C:\WINDOWS\system32\Tunnel.scr] 343DCEFF1015FF19E5297AFBE879C0B8
[C:\WINDOWS\system32\X64.scr] AC2B49472830C950E439C7E7BEEED099
[C:\Documents and Settings\laeti\aaguan.exe] 014BEC4FF9087A07C57AF4E4C3BF1727
[C:\Documents and Settings\laeti\nqsrqf.exe] 3C354958FA3CC8CD7281C08DEC1CD15B
[C:\Documents and Settings\laeti\stxguw.exe] 3C354958FA3CC8CD7281C08DEC1CD15B
[C:\Documents and Settings\laeti\trmews.exe] 785C1C850990DA4A4D9374982DCAE7A3
[C:\Documents and Settings\laeti\vlgern.exe] 3C354958FA3CC8CD7281C08DEC1CD15B
[C:\Documents and Settings\laeti\wemmrk.exe] 014BEC4FF9087A07C57AF4E4C3BF1727
[C:\Documents and Settings\laeti\wydlhl.exe] 014BEC4FF9087A07C57AF4E4C3BF1727
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 14092007_14095289.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:17:49, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Winamp\Winampa.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\laeti\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [apdkiw] c:\windows\system32\apdkiw.exe apdkiw
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: Version3 - {974CED4E-02B7-44A7-8F78-31A52BF06F55} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Salut, j'ai lu tes indications pour essayer de se defaire de se virus. J'ai donc telecharge tous les programmes necessaires et maintenant je les met pour le forum pour que tu puisses me donner un coup stp.
MSNFix 1.503
C:\Documents and Settings\pc\Escritorio\MSNFix
Fix exécuté le 14/09/2007 - 23:16:53,75 By pc
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 14092007_23211073.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:23:04, on 14/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Archivos de programa\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\ARCHIV~1\LAUNCH~1\LManager.exe
C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\pc\CONFIG~1\Temp\RtkBtMnt.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wiaacmgr.exe
C:\Documents and Settings\pc\Escritorio\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ODBCJET.exe,
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Archivos de programa\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Archivos de programa\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [LManager] C:\ARCHIV~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Archivos de programa\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Archivos de programa\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Herramienta de búsqueda de soportes de Picture Motion Browser.lnk = C:\Archivos de programa\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Archivos de programa\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gabu1111.spaces.live.com//P [...] nPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\ARCHIV~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Archivos de programa\Archivos comunes\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Archivos de programa\Eset\nod32krn.exe
merci d'avance...
manuBsAs
MSNFix 1.505
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\S2R82GO4\MSNFix[1]\MSNFix
Fix exécuté le dim. 16/09/2007 - 23:31:18,60 By Administrateur
mode normal
************************ Recherche les fichiers présents
... C:\WINNT\perfmon.exe
... C:\WINNT\system32\microsoft\backup.ftp
... C:\WINNT\system32\microsoft\backup.tftp
... C:\WINNT\X_0005_jpg.zip
************************ heur. MSNCHK.exe ***** /!\ beta test /!\
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINNT\perfmon.exe
.. OK ... C:\WINNT\system32\microsoft\backup.ftp
.. OK ... C:\WINNT\system32\microsoft\backup.tftp
.. OK ... C:\WINNT\X_0005_jpg.zip
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier dim. 16092007_23355871.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:32:18, on 16/09/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINNT\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\FTRTSVC.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\WINNT\System32\NMSSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\WINNT\system32\PROMon.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINNT\mono.exe
C:\WINNT\perfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINNT\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINNT\system32\cmd.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX19.890\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: @msdxmLC.dll,-1@1036,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mono.exe] C:\WINNT\mono.exe
O4 - HKLM\..\Run: [Performance Monitor] C:\WINNT\perfmon.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINNT\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.fr
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - https://portail.inetpsa.com/http:// [...] iNotes.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photobox.fr/discount/cl [...] .2.0.2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{116F4975-D27B-4C81-AF8B-95D6CB1F1B06}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: Compaq Remote Diagnostics Enabling Agent (CpqDfwWebAgent) - Compaq Computer Corporation - C:\WINNT\Cpqdiag\Cpqdfwag.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINNT\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Performance Monitor - Unknown owner - C:\WINNT\perfmon.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
et maintenant que j'ai envoyé les 2 rapports, je dois éteindre l'ordi ???
SVP aidez moi ! J'y comprends rien !
MSNFix 1.507
C:\Documents and Settings\Jeff\Bureau\MSNFix
Fix exécuté le 17/09/2007 - 11:36:59,15 By Jeff
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\perfmon.exe
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\perfmon.exe
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17092007_11374145.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:41:52, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe
C:\WINDOWS\mono.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jeff\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Fichiers communs\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mono.exe] C:\WINDOWS\mono.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/5 [...] plugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
bonjour a tous je vous envoi le rapport je comprend pa trop ce ki fo faire mai voila bisou a tous.
MSNFix 1.507
D:\Documents and Settings\MEISTERMANN J-C\Bureau\MSNFix\MSNFix
Fix exécuté le 17/09/2007 - 13:41:18,96 By MEISTERMANN J-C
mode normal
************************ Recherche les fichiers présents
... C:\g7n4l2o4i4v4.exe
... D:\Documents and Settings\MEISTERMANN J-C\new.txt
... C:\WINDOWS\photos.zip
... C:\WINDOWS\services.exe
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\photos.zip
... C:\WINDOWS\W139_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\W139_jpg.zip is INFECTED
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\g7n4l2o4i4v4.exe
.. OK ... D:\Documents and Settings\MEISTERMANN J-C\new.txt
.. OK ... C:\WINDOWS\photos.zip
/!\ ... C:\WINDOWS\services.exe
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\photos.zip
.. OK ... C:\WINDOWS\W139_jpg.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\services.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\screen_ivmypeople.scr] 4D46806C2844383899C5EF00E170D5F5
[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier D:\DOCUME~1\MEISTE~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17092007_13442918.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:59:40, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mono.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PestPatrol\PPMemCheck.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\PROGRA~1\PestPatrol\CookiePatrol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\userinit.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\perfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mono.exe] C:\WINDOWS\mono.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Down [...] lPrint.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Performance Monitor - Unknown owner - C:\WINDOWS\perfmon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:14:12, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\userinit.exe
C:\WINDOWS\system32\tp4mon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\mono.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PestPatrol\PPMemCheck.exe
C:\PROGRA~1\PestPatrol\CookiePatrol.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mono.exe] C:\WINDOWS\mono.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PestPatrol\CookiePatrol.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [feedreader.exe] "C:\Program Files\FeedReader30\feedreader.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {54D53429-945C-4188-B460-C81356541882} (SaveImageFiles Class) - http://photosmart.hpphoto.com/Down [...] lPrint.CAB
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSN Messenger\msgrapp.8.1.0178.00.dll
O20 - Winlogon Notify: tpfnf2 - C:\WINDOWS\SYSTEM32\notifyf2.dll
O20 - Winlogon Notify: tphotkey - C:\WINDOWS\SYSTEM32\tphklock.dll
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe
MSNFix 1.507
C:\Documents and Settings\Administrateur\Bureau\MSNFix
Fix exécuté le 17/09/2007 - 19:09:39,82 By Administrateur
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\perfmon.exe
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\X_0005_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\perfmon.exe
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\X_0005_jpg.zip
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17092007_19102659.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.507
C:\Documents and Settings\Administrateur\Bureau\MSNFix
Fix exécuté le 17/09/2007 - 20:35:30,96 By Administrateur
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\perfmon.exe
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\X_0005_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\perfmon.exe
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\X_0005_jpg.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\perfmon.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17092007_20404833.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.507
C:\Documents and Settings\Utilisateur\Bureau\MSNFix
Fix exécuté le 17/09/2007 - 21:43:50,53 By Utilisateur
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\*.dmp
... C:\WINDOWS\files19.zip
... C:\WINDOWS\files34.zip
... C:\WINDOWS\files4.zip
... C:\WINDOWS\files40.zip
... C:\WINDOWS\files52.zip
... C:\WINDOWS\files70.zip
... C:\WINDOWS\files85.zip
... C:\WINDOWS\files94.zip
... C:\WINDOWS\news47.zip
... C:\WINDOWS\JPGimage14.zip
... C:\WINDOWS\JPGimage44.zip
... C:\WINDOWS\JPGimage53.zip
... C:\WINDOWS\JPGimage65.zip
... C:\WINDOWS\JPGimage89.zip
... C:\WINDOWS\look24.zip
... C:\WINDOWS\look33.zip
... C:\WINDOWS\look36.zip
... C:\WINDOWS\look6.zip
... C:\WINDOWS\look66.zip
... C:\WINDOWS\look69.zip
... C:\WINDOWS\look78.zip
... C:\WINDOWS\look9.zip
... C:\WINDOWS\file28.zip
... C:\WINDOWS\file37.zip
... C:\WINDOWS\file49.zip
... C:\WINDOWS\file55.zip
... C:\WINDOWS\file70.zip
... C:\WINDOWS\file73.zip
... C:\WINDOWS\file76.zip
... C:\WINDOWS\file79.zip
... C:\WINDOWS\file88.zip
... C:\WINDOWS\file91.zip
... C:\WINDOWS\file94.zip
... C:\WINDOWS\files19.zip
... C:\WINDOWS\files34.zip
... C:\WINDOWS\files4.zip
... C:\WINDOWS\files40.zip
... C:\WINDOWS\files52.zip
... C:\WINDOWS\files70.zip
... C:\WINDOWS\files85.zip
... C:\WINDOWS\files94.zip
... C:\WINDOWS\downloadme24.zip
... C:\WINDOWS\downloadme30.zip
... C:\WINDOWS\downloadme36.zip
... C:\WINDOWS\downloadme54.zip
... C:\WINDOWS\downloadme6.zip
... C:\WINDOWS\downloadme60.zip
... C:\WINDOWS\downloadme63.zip
... C:\WINDOWS\downloadme69.zip
... C:\WINDOWS\downloadme81.zip
... C:\WINDOWS\downloadme87.zip
... C:\WINDOWS\downloadme90.zip
... C:\WINDOWS\downloadme96.zip
... C:\WINDOWS\news47.zip
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\*.dmp
.. OK ... C:\WINDOWS\files19.zip
.. OK ... C:\WINDOWS\files34.zip
.. OK ... C:\WINDOWS\files4.zip
.. OK ... C:\WINDOWS\files40.zip
.. OK ... C:\WINDOWS\files52.zip
.. OK ... C:\WINDOWS\files70.zip
.. OK ... C:\WINDOWS\files85.zip
.. OK ... C:\WINDOWS\files94.zip
.. OK ... C:\WINDOWS\news47.zip
.. OK ... C:\WINDOWS\JPGimage14.zip
.. OK ... C:\WINDOWS\JPGimage44.zip
.. OK ... C:\WINDOWS\JPGimage53.zip
.. OK ... C:\WINDOWS\JPGimage65.zip
.. OK ... C:\WINDOWS\JPGimage89.zip
.. OK ... C:\WINDOWS\look24.zip
.. OK ... C:\WINDOWS\look33.zip
.. OK ... C:\WINDOWS\look36.zip
.. OK ... C:\WINDOWS\look6.zip
.. OK ... C:\WINDOWS\look66.zip
.. OK ... C:\WINDOWS\look69.zip
.. OK ... C:\WINDOWS\look78.zip
.. OK ... C:\WINDOWS\look9.zip
.. OK ... C:\WINDOWS\file28.zip
.. OK ... C:\WINDOWS\file37.zip
.. OK ... C:\WINDOWS\file49.zip
.. OK ... C:\WINDOWS\file55.zip
.. OK ... C:\WINDOWS\file70.zip
.. OK ... C:\WINDOWS\file73.zip
.. OK ... C:\WINDOWS\file76.zip
.. OK ... C:\WINDOWS\file79.zip
.. OK ... C:\WINDOWS\file88.zip
.. OK ... C:\WINDOWS\file91.zip
.. OK ... C:\WINDOWS\file94.zip
.. OK ... C:\WINDOWS\files19.zip
.. OK ... C:\WINDOWS\files34.zip
.. OK ... C:\WINDOWS\files4.zip
.. OK ... C:\WINDOWS\files40.zip
.. OK ... C:\WINDOWS\files52.zip
.. OK ... C:\WINDOWS\files70.zip
.. OK ... C:\WINDOWS\files85.zip
.. OK ... C:\WINDOWS\files94.zip
.. OK ... C:\WINDOWS\downloadme24.zip
.. OK ... C:\WINDOWS\downloadme30.zip
.. OK ... C:\WINDOWS\downloadme36.zip
.. OK ... C:\WINDOWS\downloadme54.zip
.. OK ... C:\WINDOWS\downloadme6.zip
.. OK ... C:\WINDOWS\downloadme60.zip
.. OK ... C:\WINDOWS\downloadme63.zip
.. OK ... C:\WINDOWS\downloadme69.zip
.. OK ... C:\WINDOWS\downloadme81.zip
.. OK ... C:\WINDOWS\downloadme87.zip
.. OK ... C:\WINDOWS\downloadme90.zip
.. OK ... C:\WINDOWS\downloadme96.zip
.. OK ... C:\WINDOWS\news47.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17092007_21452217.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 21:48:24, on 17/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Utilisateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Program Files\Octoshape Streaming Services\Utilisateur\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D842AAF-2967-4DB6-9C4A-6F8F354FA90B}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Documents and Settings\pierre yves\Application Data\inside.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Antivirus32.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ashDisp.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ashServ.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\atimvex.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\atrvmmx.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\bios.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\BRISA.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\bsyys.scr
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ccssrss.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\cmd.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Computador.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Diup.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\dll.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\dllvirtual.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\eixdrv.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ExAlien.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\fbguad.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\firefoxx.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Flash.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\GbpSvc.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\HelpDesk.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Hide32.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\icpldrvx.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\InstallHelp.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\javaupd.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\javsu.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\juchek.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\jvasu.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\JVM0.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\jvms.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\klpp.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\logon.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\lsssas.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\mdll.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\messengerr.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\messenup.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\messgrr.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\mjavas.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msm.cmd
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\MSN_MSS.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msnconf.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\MSNENVIA.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msnfile.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msng.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msnmsg.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msnmsgr.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\msnsgs.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\mxjxde.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\My_Love.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Ndtstat.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\norton32.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ntvvm.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\pdvsym.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\qtapp.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\regfixxsx.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\registtry.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\remote.cmd
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\repara_ae.bat
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Rg2catbd.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\rundl32.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\rxnetq.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\smss.scr
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\svchost.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\svchostss.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\svhost.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\sxrork.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\sxrsym.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\syst.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\system32.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\systemdll.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\task.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\taskmgrrr.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Tasks.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\udll.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\voieup.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\voiork.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\wepaint.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Win XP.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\win.scr
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Windows Update.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Windows32.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\windowsupdate.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\Winhost.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\winupdbc.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\WMedPlayer.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\wrdmgr.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\wrloginpro.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\wsnctfy.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\wuaucltt.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ying.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\yong.exe
C:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\DÉMARR~1\ZaZ.exe
C:\Program Files\Fichiers communs\Delsim\del.exe
C:\PROGRA~1\FICHIE~1\Microsoft Shared\DAO\svchost.exe
C:\PROGRA~1\FICHIE~1\tmp.scr
C:\i.mages.zip
C:\DOCUME~1\PIERRE~1\LOCALS~1\APPLIC~1\addon.dat
C:\PROGRA~1\\NetMeeting\maisumviado.exe
C:\PROGRA~1\\outloo~1\update.exe
C:\PROGRA~1\\WinPop\winpop.exe.lzma
C:\PROGRA~1\a.txt
C:\PROGRA~1\Ajuda.exe
C:\PROGRA~1\Amor.exe
C:\PROGRA~1\Bifrost\klog.dat
C:\PROGRA~1\Bifrost\server.exe
C:\PROGRA~1\Bifrost\sys32.exe
C:\PROGRA~1\Cica.exe
C:\PROGRA~1\dll.exe
C:\PROGRA~1\dllvirtual.exe
C:\PROGRA~1\dllwin.exe
C:\PROGRA~1\ExAlien.exe
C:\PROGRA~1\Favoritos.exe
C:\PROGRA~1\fer.exe
C:\PROGRA~1\Firewall.exe
C:\PROGRA~1\Flash.exe
C:\PROGRA~1\GbPlugin\\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\GbpSvc.exe
C:\PROGRA~1\GbPlugin\mdll.exe
C:\PROGRA~1\GbPlugin\msng.exe
C:\PROGRA~1\GbPlugin\Ndtstat.exe
C:\PROGRA~1\GbPlugin\Rg2catbd.exe
C:\PROGRA~1\GbPlugin\udll.exe
C:\PROGRA~1\GbPlugin\yong.exe
C:\PROGRA~1\GbpSvc.exe
C:\PROGRA~1\help.exe
C:\PROGRA~1\HelpDesk.exe
C:\PROGRA~1\icpldrvx.exe
C:\PROGRA~1\ildredr.exe
C:\PROGRA~1\inetget2\installeur.exe
C:\PROGRA~1\InetGet2\Installeur.exe
C:\PROGRA~1\Internet Explorer\bb.exe
C:\PROGRA~1\Internet Explorer\desc.exe
C:\PROGRA~1\Internet Explorer\loadie.exe
C:\PROGRA~1\Internet Explorer\realplayerp.exe
C:\PROGRA~1\klog.dat
C:\PROGRA~1\login.scr
C:\PROGRA~1\Logun.exe
C:\PROGRA~1\mdll.exe
C:\PROGRA~1\messenger.exe
C:\PROGRA~1\Messenger\msmsg.exe
C:\PROGRA~1\Messenger\Msnmsgr.exe
C:\PROGRA~1\Microsoft Studio Files\Winlsass32.exe
C:\PROGRA~1\Microsoft\svhost32.exe
C:\PROGRA~1\Movie Maker\ja_era_hehe.exe
C:\PROGRA~1\MSN Messenger Guiños\instalar guiños.exe
C:\PROGRA~1\MSN Messenger\instalar guiños.exe
C:\PROGRA~1\msng.exe
C:\PROGRA~1\msnmsg.exe
C:\PROGRA~1\My_Love.exe
C:\PROGRA~1\Ndtstat.exe
C:\PROGRA~1\NetMeeting\klog.dat
C:\PROGRA~1\NetMeeting\maisumviado.exe
C:\PROGRA~1\orkut.scr
C:\PROGRA~1\outloo~1\express.exe
C:\PROGRA~1\outloo~1\update.exe
C:\PROGRA~1\outlook express\express.exe
C:\PROGRA~1\Outlook Express\inyourface.exe
C:\PROGRA~1\Outlook Express\OutlookEx.exe
C:\PROGRA~1\Outlook Express\setup40.exe
C:\PROGRA~1\Perfect.exe
C:\PROGRA~1\photopaint.exe
C:\PROGRA~1\Real.dll
C:\PROGRA~1\regedti.exe
C:\PROGRA~1\Remove.exe
C:\PROGRA~1\Rg2catbd.exe
C:\PROGRA~1\rm.exe
C:\PROGRA~1\smss.exe
C:\PROGRA~1\SOUND.exe
C:\PROGRA~1\spiider.exe
C:\PROGRA~1\svchost.exe
C:\PROGRA~1\System\CDRom.exe
C:\PROGRA~1\System\Flash.exe
C:\PROGRA~1\System\Windows32.exe
C:\PROGRA~1\Tasks.exe
C:\PROGRA~1\udll.exe
C:\PROGRA~1\update.exe
C:\PROGRA~1\VTTimers.exe
C:\PROGRA~1\Wapp.exe
C:\PROGRA~1\Widows.exe
C:\PROGRA~1\Windows32.exe
C:\PROGRA~1\winINI.exe
C:\PROGRA~1\winpop\uninstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe
C:\PROGRA~1\WinPop\UnInstall.exe.lzma
C:\PROGRA~1\winpop\winpop.exe
C:\PROGRA~1\WinPop\winpop.exe.lzma
C:\PROGRA~1\Wm2emt.exe
C:\PROGRA~1\wmplay.exe
C:\PROGRA~1\yong.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\ashDisp.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\ashServ.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\avgccc.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\bios.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\bsyys.scr
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\ccssrss.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\cmd.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Computador.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\dll.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\eixdrv.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\ExAlien.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\fbguad.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\firefoxx.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Flash.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\InstallHelp.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\javsu.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\juchek.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\klpp.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\logon.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\lsssas.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\messengerr.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\messgrr.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\msm.cmd
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\msnmsgr.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\My_Love.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\norton32.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\ntvvm.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\pdvsym.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\qtapp.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\qupdate.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\regfixxsx.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\registtry.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\remote.cmd
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\repara_ae.bat
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\rundl32.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\rxnetq.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\smss.scr
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchost.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\svchostss.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\svhost.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\sxrork.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\sxrsym.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\system32.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\task.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\taskmgrrr.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Tasks.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\voieup.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\voiork.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\wepaint.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Win XP.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Windows Update.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Windows32.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\windowsupdate.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\Winhost.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\winupdbc.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\WMedPlayer.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\wrloginpro.exe
C:\DOCUME~1\PIERRE~1\MENUDM~1\PROGRA~1\DMARRA~1\wuaucltt.exe
C:\2.exe
C:\a.bat
C:\adv.exe
C:\Amigos.exe
C:\amor.exe
C:\animacao.scr
C:\Annoying crazy frog getting killed.pif
C:\audise.exe
C:\auto1.exe
C:\auto2.exe
C:\auto3.exe
C:\autorun.inf
C:\AVG\Tools\csrss.scr
C:\AVG\Tools\svchost.exe
C:\AVG\Tools\taskmgr.exe
C:\AVG_BETA\DB\arquivo.txt
C:\AVG_BETA\Tools\csrss.scr
C:\AVG_BETA\Tools\msnmsgr.exe
C:\bedroom-thongs.pif
C:\British National Party.jpg
C:\btpaxole.dll
C:\cartao.scr
C:\certmsje.dll
C:\claro.exe
C:\cmd.exe
C:\Conf\msm.cmd
C:\Conf\msmFF.cmd
C:\Conf\msmho.cmd
C:\Conf\ork.cmd
C:\Conf\win.scr
C:\contato.exe
C:\Crazy-Frog.Html
C:\Crazy frog gets killed by train!.pif
C:\Crazy frog gets killed by train!.pif Fat Elvis! lol.pif
C:\csrs.txt
C:\ctl3diac.exe
C:\DB\arquivo.txt
C:\diy.EXE
C:\dkotyrxbb.exe
C:\dll.exe
C:\dllwin.exe
C:\dnsajobe.dat
C:\dnsajobe.dll
C:\dnsajobe.exe
C:\download1591.exe
C:\dpl1npwm.dat
C:\dpl1npwm.dll
C:\dpl1npwm.exe
C:\dpv1bidi.dll
C:\Drunk_lol.pif
C:\dydhcp.exe
C:\emai.exe
C:\Enviado.123
C:\Fat Elvis! lol.pif
C:\fFa4vV0rR170S5S2.exe
C:\File.exe
C:\flw334.dll
C:\foto.exe
C:\Foto_celular.scr
C:\Foto_celular.scr
C:\Foto_Celular.zip
C:\fotos_posse.zip
C:\g7n4l2o4i4v4.exe
C:\h1b9i6h4u6j1.exe
C:\Hot.pif
C:\How a Blonde Eats a Banana...pif
C:\hptzb02.exe
C:\hy.exe
C:\i.exe
C:\icone.exe
C:\IE.exe
C:\ierro.exe
C:\iexplorer.exe
C:\img0012-www.photostorage.com
C:\instalador de guiños y emoticonos.exe
C:\Install\Ghost.exe
C:\Install\install.exe
C:\Install_Messenger.exe
C:\inupdbc.exe
C:\Isass.scr
C:\j7q1c4v1i6s4.exe
C:\Jennifer Lopez.scr
C:\jpb.exe
C:\jshxw.exe
C:\kao.reg
C:\kbdnmfc4.dll
C:\KimMakihel.exe
C:\kl.exe
C:\lauro.exe
C:\Lista.txt
C:\llka.exe
C:\LMAO.pif
C:\log.txt
C:\LOL that ur pic!.pif
C:\LOL.scr
C:\love_me.pif
C:\lsass.exe
C:\lspt.exe
C:\Me on holiday!.pif
C:\Mensagem.exe
C:\Message to n00b LARISSA.txt
C:\MESSAGE_TO_BROPIA.txt
C:\messenger.exe
C:\Microsoft.exe
C:\mis contactos.txt
C:\Mis imágenes\yo_posse_007.jpg.exe
C:\Mona Lisa Wants Her Smile Back.pif
C:\msm.exe
C:\msm.exe
C:\msn.exe
C:\MSN_Update1
C:\msnmsg.exe
C:\msnmsgr.exe
C:\msnmsnr.scr
C:\MSNWA.exe
C:\My new photo!.pif
C:\naked_drunk.pif
C:\naked_party.pif
C:\new_webcam.pif
C:\nmevscrr.exe
C:\orkut.exe
C:\orkut.scr
C:\osm.exe
C:\p3h2b3t3q1s9.exe
C:\PastaImagens.exe
C:\pif.exe
C:\psapuman.exe
C:\psnppack.dll
C:\raizw.exe
C:\RECYCLER\msnservice.exe
C:\RECYCLER\nvscvse.exe
C:\RECYCLER\te32.exe
C:\RemotoMSN.txt
C:\ROFL.pif
C:\sadan.avi.exe
C:\See my lesbian friends.pif
C:\sendwmdm.exe
C:\server.exe
C:\servico.exe
C:\sexy_bedroom.pif
C:\show.exe
C:\SOUND32.exe
C:\start.bat
C:\stock.exe
C:\stock.htm
C:\stock2.exe
C:\SVCH0STll.exe
C:\svchost.exe
C:\svchost.scr
C:\svchost32.exe
C:\Svchosts.exe
C:\sys.txt
C:\syssryh.exe
C:\system.exe
C:\System\iexplore.exe
C:\System\plugin.exe
C:\system1591.exe
C:\system1691.exe
C:\system1791.exe
C:\system2525.exe
C:\system32.exe
C:\szsvc.exe
C:\t7b8i6h6t6j13.exe
C:\text.reg
C:\The Cat And The Fan piccy.pif
C:\tim.exe
C:\Tools\csrss.scr
C:\Topless in Mini Skirt! lol.pif
C:\u5g9p7x1h4a3.exe
C:\underware.pif
C:\up.exe
C:\update.exe
C:\updt.exe
C:\video.exe
C:\Webcam.pif
C:\winbash.exe
C:\windebug.log
C:\Windows Messeger.exe
C:\Windows Messenger.exe
C:\windows.cmd
C:\winfgt.exe
C:\winHelp.exe
C:\winlogin.exe
C:\WINNT\ScktSrvr.exe
C:\WINNT\system\kl.dll
C:\WINNT\system\msmsgs.exe
C:\WINNT\system\msn.dat
C:\WINNT\system\msn.dll
C:\WINNT\system\smsc.exe
C:\WINNT\system\svchost.dat
C:\WINNT\system\xsmith.scr
C:\winpga.exe
C:\WinPH.exe
C:\winptz.exe
C:\winupdaet.exe
C:\winupdate128.exe
C:\winupdate32.exe
C:\Winupdbc.exe
C:\winuping.exe
C:\winvrc.exe
C:\winXP.exe
C:\wkssmsjt.dll
C:\wldadisp.dat
C:\wldadisp.dll
C:\wldadisp.exe
C:\wnlsos.exe
C:\x.exe
C:\Xerr0.exe
C:\y8o7w8b4f1q5.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\*.dmp
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\1.html
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\1.html.$$$
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\2238.EXE
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\800_zip_dump.scr
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\activ.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\ADF.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\allgg.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\anjinhos.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\bifrost.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\carinhos.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\ccAApp.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\csrss.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\firefoxx.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\fotos.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\g0ld.com
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\hkxqwfui.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\ibguardr.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\jjusched.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\koko.cmd
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\llsaass.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\load.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\logs.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\lsasss.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\mensagem.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\msnclient.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\ocx.out
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\pa_0105.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\Photo.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\pork.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\realsched.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\RTHDCPL.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\second.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\server.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\serverivy.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\services.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\sistema32.com
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\spoolsv.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\svcchhost.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\svchost.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\tosvid45.vxd
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\tug.php
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\Update.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\win.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\winamp.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\winlogon.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\winnttemp100mr\wmplayers.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\wuaucltt.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\z1.txt
C:\Documents and Settings\pierre yves\ariant.txt
C:\Documents and Settings\pierre yves\auto.txt
C:\Documents and Settings\pierre yves\egos.txt
C:\Documents and Settings\pierre yves\Local Settings\Application Data\addon.dat
C:\Documents and Settings\pierre yves\new.txt
C:\Documents and Settings\pierre yves\qbspin.exe
C:\Documents and Settings\pierre yves\winxvc.exe
C:\Documents and Settings\pierre yves\yoaoux.exe
C:\WINDOWS\\Cfreer.exe
C:\WINDOWS\01.exe
C:\WINDOWS\11.exe
C:\WINDOWS\22.exe
C:\WINDOWS\33.exe
C:\WINDOWS\44.exe
C:\WINDOWS\a.bat
C:\WINDOWS\a1.exe
C:\WINDOWS\aas.scr
C:\WINDOWS\abcd.exe
C:\WINDOWS\addins\svchost.exe
C:\WINDOWS\aIg.exe
C:\WINDOWS\aimmsn.exe
C:\WINDOWS\alggx.exe
C:\WINDOWS\anima.exe
C:\WINDOWS\ansmtp.dll
C:\WINDOWS\ansmtpbuild.dll
C:\WINDOWS\Antivirus32.exe
C:\WINDOWS\Arq.ini
C:\WINDOWS\arqui1.exe
C:\WINDOWS\arquivo.exe
C:\WINDOWS\ashDisp.exe
C:\WINDOWS\Ashdsp.exe
C:\WINDOWS\AshleyHottie.zip
C:\WINDOWS\ashServ.exe
C:\WINDOWS\ashSv.exe
C:\WINDOWS\athycxvvx.exe
C:\WINDOWS\athydxvvx.exe
C:\WINDOWS\athyhxvvx.exe
C:\WINDOWS\athylxvvx.exe
C:\WINDOWS\ati3evx.exe
C:\WINDOWS\ati5vxxx.exe
C:\WINDOWS\atrvmmx.exe
C:\WINDOWS\audi.scr
C:\WINDOWS\audise.exe
C:\WINDOWS\avast.exe
C:\WINDOWS\Avconsol.exe
C:\WINDOWS\avgdos.exe
C:\WINDOWS\avp.exe
C:\WINDOWS\Avsgccs.scr
C:\WINDOWS\b122.exe
C:\WINDOWS\b122.exe.bin
C:\WINDOWS\bak\avconsol.exe
C:\WINDOWS\bak\zap.exe
C:\WINDOWS\bass.exe
C:\WINDOWS\bloggermessenger.exe
C:\WINDOWS\blue.exe
C:\WINDOWS\bmp2jpeg.dll
C:\WINDOWS\bootvid.dll
C:\WINDOWS\browseui.exe
C:\WINDOWS\bsyys.temp
C:\WINDOWS\BWJLM1334.ZIP
C:\WINDOWS\C005_jpg.zip
C:\WINDOWS\c8iu3h.log
C:\WINDOWS\c8iu3h.log
C:\WINDOWS\caixa.exe
C:\WINDOWS\cartaos.exe
C:\WINDOWS\CDSpeed.exe
C:\WINDOWS\Cfreer.exe
C:\WINDOWS\charmmpxp.exe
C:\WINDOWS\chcp.exe
C:\WINDOWS\cmd.exe
C:\WINDOWS\code.exe
C:\WINDOWS\comctl64.dll
C:\WINDOWS\Config\amsn.exe
C:\WINDOWS\config\msnmsgr.exe
C:\WINDOWS\config\sistema.exe
C:\WINDOWS\config\svchost.exe
C:\WINDOWS\Config\ying.exe
C:\WINDOWS\crss.exe
C:\WINDOWS\crss7.exe
C:\WINDOWS\csrs.scr
C:\WINDOWS\csrss.exe
C:\WINDOWS\csrss.scr
C:\WINDOWS\ctfmon.exe
C:\WINDOWS\Cursors\GbpSvc.exe
C:\WINDOWS\Cursors\IEXPLORE.EXE
C:\WINDOWS\Cursors\mdll.exe
C:\WINDOWS\Cursors\msng.exe
C:\WINDOWS\Cursors\Ndtstat.exe
C:\WINDOWS\Cursors\Rg2catbd.exe
C:\WINDOWS\Cursors\udll.exe
C:\WINDOWS\Cursors\yong.exe
C:\WINDOWS\Debug\javaws.exe
C:\WINDOWS\diskdruid.exe
C:\WINDOWS\diskk.exe
C:\WINDOWS\Diup.exe
C:\WINDOWS\dll32
C:\WINDOWS\dllwin.exe
C:\WINDOWS\dllwin.scr
C:\WINDOWS\Downloaded Program Files\Appstart.exe
C:\WINDOWS\dydhcp.exe
C:\WINDOWS\enviafrase.exe
C:\WINDOWS\epwf4q.pif
C:\WINDOWS\Expert_Corp.exe
C:\WINDOWS\explorer_.exe
C:\WINDOWS\F0538_jpg.zip
C:\WINDOWS\F0563_jpg.zip
C:\WINDOWS\fer.exe
C:\WINDOWS\fggwkl.exe
C:\WINDOWS\fggwok.exe
C:\WINDOWS\fgrpkc.exe
C:\WINDOWS\findx.exe
C:\WINDOWS\firefoxpgm.exe
C:\WINDOWS\folder.exe
C:\WINDOWS\fonts\AUNZIP32.dll
C:\WINDOWS\fonts\AZIP32.dll
C:\WINDOWS\fonts\inetinfo.exe
C:\WINDOWS\fonts\msnmsgr.exe
C:\WINDOWS\fonts\mulherachada.exe
C:\WINDOWS\Fonts\nxzero1.exe
C:\WINDOWS\fonts\OSSMTP.dll
C:\WINDOWS\fonts\taskmgr.exe
C:\WINDOWS\formatsys.exe
C:\WINDOWS\fotos.exe
C:\WINDOWS\fotos.scr
C:\WINDOWS\fotos2.exe
C:\WINDOWS\G038_jpg.rar
C:\WINDOWS\G038_jpg.zip
C:\WINDOWS\GbpSvc.exe
C:\WINDOWS\gdk.exe
C:\WINDOWS\gl0b0.exe
C:\WINDOWS\gordo1.exe
C:\WINDOWS\gsmutx.exe
C:\WINDOWS\Help.exe
C:\WINDOWS\help.scr
C:\WINDOWS\Help\korn.scr
C:\WINDOWS\help\msnm.scr
C:\WINDOWS\Help\orgut.scr
C:\WINDOWS\help\svchost.exe
C:\WINDOWS\Hide32.exe
C:\WINDOWS\hork.exe
C:\WINDOWS\hostdll.exe
C:\WINDOWS\Hostren.exe
C:\WINDOWS\hptzb02.exe
C:\WINDOWS\hpztsb02.exe
C:\WINDOWS\i.exe
C:\WINDOWS\i5fslg.scf
C:\WINDOWS\ie.exe
C:\WINDOWS\iexplore.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\iexplorer6.exe
C:\WINDOWS\iexplorer7.exe
C:\WINDOWS\IFinst27.exe
C:\WINDOWS\images.zip
C:\WINDOWS\ime\mssng.cmd
C:\WINDOWS\ime\smxs.cmd
C:\WINDOWS\IMG-0012.zip
C:\WINDOWS\img317.zip
C:\WINDOWS\img4851.zip
C:\WINDOWS\imgac157.zip
C:\WINDOWS\inf\dllhost.exe
C:\WINDOWS\inf\infw.com
C:\WINDOWS\inf\LSAS.exe
C:\WINDOWS\inf\rdshost32.exe
C:\WINDOWS\inf\system1591.exe
C:\WINDOWS\infowshb.dll
C:\WINDOWS\install.exe
C:\WINDOWS\instr32.exe
C:\WINDOWS\instr64.exe
C:\WINDOWS\internt.exe
C:\WINDOWS\java\msgmsn.exe
C:\WINDOWS\java\msmmsn.exe
C:\WINDOWS\java\Packages.cmd
C:\WINDOWS\java\svchost.exe
C:\WINDOWS\jdbgmgrnt.exe
C:\WINDOWS\jpb.exe
C:\WINDOWS\jshxw.exe
C:\WINDOWS\junchep.exe
C:\WINDOWS\jusjava.exe
C:\WINDOWS\justchd.exe
C:\WINDOWS\jvms.exe
C:\WINDOWS\kernel.exe
C:\WINDOWS\ko6bn9.bmp
C:\WINDOWS\Lexplorer.exe
C:\WINDOWS\lg.scr
C:\WINDOWS\linuxxp32.exe
C:\WINDOWS\log46.txt
C:\WINDOWS\loggon.exe
C:\WINDOWS\login.dll
C:\WINDOWS\logo1.gif
C:\WINDOWS\Logun.exe
C:\WINDOWS\lsass.exe
C:\WINDOWS\lsasss.exe
C:\WINDOWS\lsnas.exe
C:\WINDOWS\lspt.exe
C:\WINDOWS\lssman.exe
C:\WINDOWS\mac1.com
C:\WINDOWS\malhaazul.exe
C:\WINDOWS\mdfg4v.ge
C:\WINDOWS\mdll.exe
C:\WINDOWS\Media\Call32.exe
C:\WINDOWS\Media\ExP.exe
C:\WINDOWS\MEDIA\hp32.exe
C:\WINDOWS\Media\hptools.exe
C:\WINDOWS\MEDIA\microsoft.exe
C:\WINDOWS\Media\microsoftware.exe
C:\WINDOWS\Media\rundII32.exe
C:\WINDOWS\Media\w7zip.exe
C:\WINDOWS\Media\WinetWork.exe
C:\WINDOWS\Media\WineWork.exe
C:\WINDOWS\Media\WriteWork.exe
C:\WINDOWS\Mensagem.exe
C:\WINDOWS\mess -.exe
C:\WINDOWS\messenger.exe
C:\WINDOWS\messengerapp.exe
C:\WINDOWS\mfvq4.e
C:\WINDOWS\mfvq5.e
C:\WINDOWS\mgrs.exe
C:\WINDOWS\Microsoft.exe
C:\WINDOWS\mjhor.exe
C:\WINDOWS\mnsns.scr
C:\WINDOWS\monitor1a.exe
C:\WINDOWS\mouse32.vxd
C:\WINDOWS\ms.exe
C:\WINDOWS\msapp\bifserver.exe
C:\WINDOWS\msapps\bifserver.exe
C:\WINDOWS\msapps\msinfo\msappts32.exe
C:\WINDOWS\msdnwin.exe
C:\WINDOWS\msgr.exe
C:\WINDOWS\msmbw.exe
C:\WINDOWS\MsmMsgr.exe
C:\WINDOWS\msmsg.exe
C:\WINDOWS\msmsgr.exe
C:\WINDOWS\msmsgr.exe
C:\WINDOWS\msn.exe
C:\WINDOWS\msn.vbs
C:\WINDOWS\msnappm.exe
C:\WINDOWS\msng.exe
C:\WINDOWS\msngr.exe
C:\WINDOWS\msnimport.exe
C:\WINDOWS\msnlogm.exe
C:\WINDOWS\msnlogs.exe
C:\WINDOWS\msnmsg.exe
C:\WINDOWS\msnmsgr.exe
C:\WINDOWS\msnmsgr1.exe
C:\WINDOWS\msnmsgr2.exe
C:\WINDOWS\msnmsgs.exe
C:\WINDOWS\msnmsngr.exe
C:\WINDOWS\msnmsnr.scr
C:\WINDOWS\msnmssgr2.exe
C:\WINDOWS\msnnsggr2.exe
C:\WINDOWS\msnnsgrl.exe
C:\WINDOWS\MSNP.exe
C:\WINDOWS\msnupdate.zip
C:\WINDOWS\MsnValue.exe
C:\WINDOWS\mssq.exe
C:\WINDOWS\mstray.exe
C:\WINDOWS\msync.exe
C:\WINDOWS\Mwsx.exe
C:\WINDOWS\mxjxde.exe
C:\WINDOWS\My-Pictures.zip
C:\WINDOWS\My_Pictures2007.zip
C:\WINDOWS\myspace-facebook.zip
C:\WINDOWS\Ndtstat.exe
C:\WINDOWS\new.exe
C:\WINDOWS\nomedoprograma.exe
C:\WINDOWS\Norton.exe
C:\WINDOWS\NOTEEPAD.exe
C:\WINDOWS\ntrmv.exe
C:\WINDOWS\NvCpl.exe
C:\WINDOWS\Nzil.exe
C:\WINDOWS\okuta.exe
C:\WINDOWS\orkut.scr
C:\WINDOWS\ot8q4cp.bmp
C:\WINDOWS\p0017_jpg.zip
C:\WINDOWS\passt.scr
C:\WINDOWS\patchxp21.exe
C:\WINDOWS\PCHEALTER.exe
C:\WINDOWS\pegalista.exe
C:\WINDOWS\perfmon.exe
C:\WINDOWS\photo album 2007.zip
C:\WINDOWS\photo album.zip
C:\WINDOWS\photo.zip
C:\WINDOWS\photo_album 2007.zip
C:\WINDOWS\photo_album2007.zip
C:\WINDOWS\photos-webcam2007.zip
C:\WINDOWS\photos.zip
C:\WINDOWS\pic48174.zip
C:\WINDOWS\pics.zip
C:\WINDOWS\PictureAlbum2007.zip
C:\WINDOWS\pif.exe
C:\WINDOWS\ponto.DLL
C:\WINDOWS\practivea.exe
C:\WINDOWS\pruas.exe
C:\WINDOWS\pss\Flash.exe
C:\WINDOWS\pss\Widows.exe
C:\WINDOWS\ptrms.exe
C:\WINDOWS\rcimlby.exe
C:\WINDOWS\rdfhost.dll
C:\WINDOWS\rdihost.dll
C:\WINDOWS\rds.exe
C:\WINDOWS\rdshost.dll
C:\WINDOWS\regcleaner.exe
C:\WINDOWS\regedti.exe
C:\WINDOWS\regserve.cmd
C:\WINDOWS\regserve.exe
C:\WINDOWS\retadpu.exe
C:\WINDOWS\retadpu.exe.bin
C:\WINDOWS\retadpu420.exe
C:\WINDOWS\revali.exe
C:\WINDOWS\Rg2catbd.exe
C:\WINDOWS\rica.exe
C:\WINDOWS\rispac.exe
C:\WINDOWS\rnxntup.exe
C:\WINDOWS\rqqsnd.exe
C:\WINDOWS\rtf.bat
C:\WINDOWS\rtutvb5d.dll
C:\WINDOWS\rundl132.exe
C:\WINDOWS\Rundll.exe
C:\WINDOWS\rw.dlt
C:\WINDOWS\s.scr
C:\WINDOWS\S_00305_jpg.zip
C:\WINDOWS\S04_jpg.zip
C:\WINDOWS\s1.exe
C:\WINDOWS\sampaerio.exe
C:\WINDOWS\scanisk.exe
C:\WINDOWS\schost32.exe
C:\WINDOWS\ScktSrvr.exe
C:\WINDOWS\screenwin.scr
C:\WINDOWS\scvhost.exe
C:\WINDOWS\Secs2006.exe
C:\WINDOWS\sendwmdm.exe
C:\WINDOWS\serbw.exe
C:\WINDOWS\sercivo.exe
C:\WINDOWS\server.exe
C:\WINDOWS\serverletwindows.exe
C:\WINDOWS\serverletwindowsl.exe
C:\WINDOWS\service.exe
C:\WINDOWS\service.scr
C:\WINDOWS\service2.scr
C:\WINDOWS\service32.exe
C:\WINDOWS\servicee.exe
C:\WINDOWS\servicejava.scr
C:\WINDOWS\servicejava2.scr
C:\WINDOWS\services.dll
C:\WINDOWS\services.exe
C:\WINDOWS\servico.exe
C:\WINDOWS\setdebugnt.exe
C:\WINDOWS\SetPoint.exe
C:\WINDOWS\shDisp.exe
C:\WINDOWS\shdosbei.dat
C:\WINDOWS\shdosbei.dll
C:\WINDOWS\shdosbei.exe
C:\WINDOWS\SiSport.sys
C:\WINDOWS\siswin.exe
C:\WINDOWS\sk.exe
C:\WINDOWS\sk070725.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\smss.scr
C:\WINDOWS\sndrec32.exe
C:\WINDOWS\softdwind.exe
C:\WINDOWS\sokctes.dll
C:\WINDOWS\sokctes.zip
C:\WINDOWS\spooldr.exe
C:\WINDOWS\srsmsn.exe
C:\WINDOWS\srsttn.exe
C:\WINDOWS\ssssm.exe
C:\WINDOWS\stDebug.exe
C:\WINDOWS\Strad.exe
C:\WINDOWS\super.exe
C:\WINDOWS\SVCH0STll.EXE
C:\WINDOWS\svchosk.exe
C:\WINDOWS\svchost.com
C:\WINDOWS\svchost.dll
C:\WINDOWS\svchost.exe
C:\WINDOWS\svchost.scr
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svchosta.exe
C:\WINDOWS\svchostd.exe
C:\WINDOWS\svchosts.dll
C:\WINDOWS\svchosts.exe
C:\WINDOWS\svchosts.scr
C:\WINDOWS\svcr.exe
C:\WINDOWS\svcupdate.exe
C:\WINDOWS\svhost.temp
C:\WINDOWS\svschost.sys
C:\WINDOWS\svxh.exe
C:\WINDOWS\sys1.exe
C:\WINDOWS\SysArc.exe
C:\WINDOWS\sysnet32.exe
C:\WINDOWS\System.exe
C:\WINDOWS\system\ashDisp.exe
C:\WINDOWS\system\ashServ.exe
C:\WINDOWS\system\ashSv.exe
C:\WINDOWS\System\AVG.clean.cmd
C:\WINDOWS\System\BomDia.com
C:\WINDOWS\SYSTEM\CMRSS.EXE
C:\WINDOWS\system\down32.cmd
C:\WINDOWS\System\drk.exe
C:\WINDOWS\system\ehSched.exe
C:\WINDOWS\system\ExplorerXP.exe
C:\WINDOWS\System\firefox.exe
C:\WINDOWS\SYSTEM\ICPLDRVX.EXE
C:\WINDOWS\system\iexplore.exe
C:\WINDOWS\system\IMG024.JPG.zip
C:\WINDOWS\system\kl.dll
C:\WINDOWS\system\lsass.exe
C:\WINDOWS\SYSTEM\lsass32.exe
C:\WINDOWS\SYSTEM\mpeg4dec0.dll
C:\WINDOWS\SYSTEM\msbcs.exe
C:\WINDOWS\system\msmnsgr.exe
C:\WINDOWS\System\msmsgc.cmd
C:\WINDOWS\system\msmsgs.exe
C:\WINDOWS\system\msn.dat
C:\WINDOWS\system\msn.dll
C:\WINDOWS\System\msnmsg.exe
C:\WINDOWS\System\msnmsgr.cmd
C:\WINDOWS\system\msnmsgr.exe
C:\WINDOWS\System\msnmsgs.exe
C:\WINDOWS\System\msnmsngrss.exe
C:\WINDOWS\system\plugin.exe
C:\WINDOWS\System\servelet.exe
C:\WINDOWS\system\services.exe
C:\WINDOWS\System\smsc.exe
C:\WINDOWS\System\Sound.scr
C:\WINDOWS\system\svchost.dat
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\system\svhost.exe
C:\WINDOWS\System\syslogon.exe
C:\WINDOWS\system\taskmam.exe
C:\WINDOWS\System\taskngr.exe
C:\WINDOWS\System\WF.exe
C:\WINDOWS\System\winlogon.exe
C:\WINDOWS\System\worm.exe
C:\WINDOWS\SYSTEM\wzip32.exe
C:\WINDOWS\System\xsmith.scr
C:\WINDOWS\system32.exe
C:\WINDOWS\system64.exe
C:\WINDOWS\systemos1.exe
C:\WINDOWS\systemrun32.exe
C:\WINDOWS\systen291.exe
C:\WINDOWS\systen299.exe
C:\WINDOWS\systraicon.exe
C:\WINDOWS\sysuatch.exe
C:\WINDOWS\sysuatch.zip
C:\WINDOWS\sysuphatch.exe
C:\WINDOWS\szsvc.exe
C:\WINDOWS\talk32.exe
C:\WINDOWS\tasklist32.exe
C:\WINDOWS\TASKMAN-.exe
C:\WINDOWS\taskmgr.exe
C:\WINDOWS\taskmsgs.exe
C:\WINDOWS\Tasks\startt.job
C:\WINDOWS\Temp\rundll32.exe
C:\WINDOWS\Temp\taskngr.exe
C:\WINDOWS\tggwkl.exe
C:\WINDOWS\tggwok.exe
C:\WINDOWS\tgrpkc.exe
C:\WINDOWS\thunderbird.exe
C:\WINDOWS\traysssw.exe
C:\WINDOWS\udll.exe
C:\WINDOWS\updt.scr
C:\WINDOWS\valentine_card.zip
C:\WINDOWS\video.exe
C:\WINDOWS\virtualdisk.exe
C:\WINDOWS\virtualmsif.exe
C:\WINDOWS\vpcrtf.exe
C:\WINDOWS\vpgr.exe
C:\WINDOWS\W139_jpg.zip
C:\WINDOWS\wab.exe
C:\WINDOWS\wdfmgr.exe
C:\WINDOWS\wfgwkl.exe
C:\WINDOWS\wfgwok.exe
C:\WINDOWS\wfrpkc.exe
C:\WINDOWS\win32api.scr
C:\WINDOWS\winamp.exe
C:\WINDOWS\windll.exe
C:\WINDOWS\windows.cmd
C:\WINDOWS\windows.exe
C:\WINDOWS\Windows32.exe
C:\WINDOWS\Windows32.scr
C:\WINDOWS\Windows64.scr
C:\WINDOWS\WindowsSp2.exe
C:\WINDOWS\windowsupdate.exe
C:\WINDOWS\WindowsXp2.exe
C:\WINDOWS\WindowsXPdll.exe
C:\WINDOWS\WindowsXPnet.exe
C:\WINDOWS\windrivers.exe
C:\WINDOWS\WinDV.exe
C:\WINDOWS\WinExplor.exe
C:\WINDOWS\WinExplore.exe
C:\WINDOWS\winfp.exe
C:\WINDOWS\winhlp.exe
C:\WINDOWS\winhlp32.dat
C:\WINDOWS\winload.inf
C:\WINDOWS\winlog32.exe
C:\WINDOWS\winlogin.exe
C:\WINDOWS\winlogon.exe
C:\WINDOWS\WinLogT.exe
C:\WINDOWS\winn.exe
C:\WINDOWS\winnavegador.exe
C:\WINDOWS\WinNT.exe
C:\WINDOWS\WinNT2.exe
C:\WINDOWS\winnt32.exe
C:\WINDOWS\winpo32.exe
C:\WINDOWS\winpos.exe
C:\WINDOWS\winsrvv.exe
C:\WINDOWS\winstart.exe
C:\WINDOWS\winsxp32.exe
C:\WINDOWS\winsyshp.exe
C:\WINDOWS\wintech.exe
C:\WINDOWS\Winupdbc.exe
C:\WINDOWS\winvhost3.exe
C:\WINDOWS\winvip.exe
C:\WINDOWS\winx.exe
C:\WINDOWS\winxp.exe
C:\WINDOWS\wmdplayer.exe
C:\WINDOWS\wmeiuht.exe
C:\WINDOWS\wmeiuht.exe
C:\WINDOWS\wnlsos.exe
C:\WINDOWS\wr.txt
C:\WINDOWS\wrdmgr.exe
C:\WINDOWS\wscty32.exe
C:\WINDOWS\wxzmsa.gft
C:\WINDOWS\wxzmsa.xft
C:\WINDOWS\wxzmsa.xxt
C:\WINDOWS\wxzoka.gft
C:\WINDOWS\wxzoka.xft
C:\WINDOWS\wxzoka.xxt
C:\WINDOWS\wxzsui.gft
C:\WINDOWS\wxzsui.xft
C:\WINDOWS\wxzsui.xxt
C:\WINDOWS\wxzwok.gft
C:\WINDOWS\wxzwok.xft
C:\WINDOWS\wxzwok.xxt
C:\WINDOWS\xcodex.exe
C:\WINDOWS\xhntuok.exe
C:\WINDOWS\xisp.exe
C:\WINDOWS\xjmelr.exe
C:\WINDOWS\xpos.exe
C:\WINDOWS\xrapp.exe
C:\WINDOWS\xzmsa.adt
C:\WINDOWS\xzoka.adt
C:\WINDOWS\xzsui.adt
C:\WINDOWS\xzwok.adt
C:\WINDOWS\ydll.exe
C:\WINDOWS\ying.exe
C:\WINDOWS\yong.exe
C:\WINDOWS\Z058_jpg.zip
C:\WINDOWS\Zap.exe
C:\WINDOWS\ZaZ.exe
C:\WINDOWS\Zser.exe
C:\WINDOWS\system32\11.exe
C:\WINDOWS\system32\1512.exe
C:\WINDOWS\system32\2007rox.dll
C:\WINDOWS\system32\22.exe
C:\WINDOWS\system32\2934.exe
C:\WINDOWS\system32\33.exe
C:\WINDOWS\system32\44.exe
C:\WINDOWS\system32\6to4seri.dll
C:\WINDOWS\system32\6w5b1ksec.dll
C:\WINDOWS\system32\ACER.exe
C:\WINDOWS\system32\adaware.exe
C:\WINDOWS\system32\ahui32.exe
C:\WINDOWS\system32\aIg.exe
C:\WINDOWS\system32\alf.exe
C:\WINDOWS\system32\alg.scr
C:\WINDOWS\system32\allge.scr
C:\WINDOWS\system32\amsn.exe
C:\WINDOWS\system32\AntiVirus.exe
C:\WINDOWS\system32\Antivirus32.exe
C:\WINDOWS\system32\ashDisp.exe
C:\WINDOWS\system32\ashServ.exe
C:\WINDOWS\system32\ashSv.exe
C:\WINDOWS\system32\asrchk.exe
C:\WINDOWS\system32\atraslay.dll
C:\WINDOWS\system32\Atsys.ddd
C:\WINDOWS\system32\Atsys.exe
C:\WINDOWS\system32\Atualizacao.exe
C:\WINDOWS\system32\audiohq.exe
C:\WINDOWS\system32\audise.exe
C:\WINDOWS\system32\authrasm.exe
C:\WINDOWS\system32\Auto.exe
C:\WINDOWS\system32\autoexec.bat
C:\WINDOWS\system32\avg64.exe
C:\WINDOWS\system32\azip32.dll
C:\WINDOWS\system32\b35sl2.dll
C:\WINDOWS\system32\b35sl2.dll
C:\WINDOWS\system32\bak\hide32.exe
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\Bifrost\server.exe
C:\WINDOWS\system32\bios.exe
C:\WINDOWS\system32\black.exe
C:\WINDOWS\system32\blue.exe
C:\WINDOWS\system32\bohe.exe
C:\WINDOWS\system32\BRISA.exe
C:\WINDOWS\system32\bssys.exe
C:\WINDOWS\system32\bsys.exe
C:\WINDOWS\system32\bsys.scr
C:\WINDOWS\system32\bsyys.scr
C:\WINDOWS\system32\btpaxole.dll
C:\WINDOWS\system32\cartao.scr
C:\WINDOWS\system32\cbi.exe
C:\WINDOWS\system32\ccsysup.exe
C:\WINDOWS\system32\ccsysupd.exe
C:\WINDOWS\system32\celcred.scr
C:\WINDOWS\system32\celular.exe
C:\WINDOWS\system32\certmsje.dll
C:\WINDOWS\system32\chmod.exe
C:\WINDOWS\system32\chmod3.exe
C:\WINDOWS\system32\Cica.exe
C:\WINDOWS\system32\cica.scr
C:\WINDOWS\system32\cjavau.exe
C:\WINDOWS\system32\cmrss.dll.exe
C:\WINDOWS\system32\cmrss.exe
C:\WINDOWS\system32\cmrss.scr
C:\WINDOWS\system32\code.exe
C:\WINDOWS\system32\Com\klog.dat
C:\WINDOWS\system32\Com\lssas.exe
C:\WINDOWS\system32\Com\lssass.exe
C:\WINDOWS\system32\Com\se_fudeu.exe
C:\WINDOWS\system32\Config\svchost.exe
C:\WINDOWS\system32\Config\winlogon.exe
C:\WINDOWS\system32\csrrs.scr
C:\WINDOWS\system32\csrs.exe
C:\WINDOWS\system32\csrs.scr
C:\WINDOWS\system32\csrs.txt
C:\WINDOWS\system32\cssrs.scr
C:\WINDOWS\system32\ctl3diac.exe
C:\WINDOWS\system32\cymdda.dll
C:\WINDOWS\system32\d1.exe
C:\WINDOWS\system32\d3dpwmst.dat
C:\WINDOWS\system32\d3dpwmst.dll
C:\WINDOWS\system32\d3dpwmst.exe
C:\WINDOWS\system32\ddemwmad.dat
C:\WINDOWS\system32\ddemwmad.dll
C:\WINDOWS\system32\ddemwmad.exe
C:\WINDOWS\system32\Death.exe
C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\delplme.bat
C:\WINDOWS\system32\delplme.cmd
C:\WINDOWS\system32\delplme.com
C:\WINDOWS\system32\desi.exe
C:\WINDOWS\system32\desktop.exe
C:\WINDOWS\system32\dhcp\formsw.exe
C:\WINDOWS\system32\dhcp\spolsv.exe
C:\WINDOWS\system32\dhcp\spoolsv.exe
C:\WINDOWS\system32\dhcp\spoolsvs.exe
C:\WINDOWS\system32\dhcp\trays.exe
C:\WINDOWS\system32\dhcpkbdh.exe
C:\WINDOWS\system32\diagisr.dll
C:\WINDOWS\system32\direct3dx.dll
C:\WINDOWS\system32\directxd.exe
C:\WINDOWS\system32\disk.exe
C:\WINDOWS\system32\disk10.exe
C:\WINDOWS\system32\Diup.exe
C:\WINDOWS\system32\dl.exe
C:\WINDOWS\system32\dllcache\again.exe
C:\WINDOWS\system32\dllcache\copiandotudo.exe
C:\WINDOWS\system32\dllcache\curioso.exe
C:\WINDOWS\system32\dllcache\denovo_aqui.exe
C:\WINDOWS\system32\dllcache\Flinstone.exe
C:\WINDOWS\system32\dllcache\inside.exe
C:\WINDOWS\system32\dllcache\invadido.exe
C:\WINDOWS\system32\dllcache\inyourface.exe
C:\WINDOWS\system32\dllcache\iron_maiden.exe
C:\WINDOWS\system32\dllcache\ja_era_hehe.exe
C:\WINDOWS\system32\dllcache\jhost.exe
C:\WINDOWS\system32\dllcache\jvshost.exe
C:\WINDOWS\system32\dllcache\klog.dat
C:\WINDOWS\system32\dllcache\msnworm.exe
C:\WINDOWS\system32\dllcache\mswan.exe
C:\WINDOWS\system32\dllcache\naoadianta.exe
C:\WINDOWS\system32\dllcache\nirvena.exe
C:\WINDOWS\system32\dllcache\novamente.exe
C:\WINDOWS\system32\dllcache\poisonivy.exe
C:\WINDOWS\system32\dllcache\protweb.exe
C:\WINDOWS\system32\dllcache\qsch0st.exe
C:\WINDOWS\system32\dllcache\Rtsecar.exe
C:\WINDOWS\system32\dllcache\scvhost.exe
C:\WINDOWS\system32\dllcache\se_fudeu.exe
C:\WINDOWS\system32\dllcache\starting.exe
C:\WINDOWS\system32\dllcache\Terror_MSN.exe
C:\WINDOWS\system32\dllcache\testandoA.exe
C:\WINDOWS\system32\dllcache\tsorfib.exe
C:\WINDOWS\system32\dllcache\verme_chato.exe
C:\WINDOWS\system32\dllcache\winmga.exe
C:\WINDOWS\system32\dllcache\winrcn.exe
C:\WINDOWS\system32\dllcache\winsno.exe
C:\WINDOWS\system32\dllcache\winsntp.exe
C:\WINDOWS\system32\dllcache\winsony.exe
C:\WINDOWS\system32\dllcache\ZoneAlarm.exe
C:\WINDOWS\system32\dllhostup.exe
C:\WINDOWS\system32\dllvirtual.dll
C:\WINDOWS\system32\dllvirtual.exe
C:\WINDOWS\system32\dllvirtual.js
C:\WINDOWS\system32\dlssd.exe
C:\WINDOWS\system32\dnsajobe.dat
C:\WINDOWS\system32\dnsajobe.dll
C:\WINDOWS\system32\dnsajobe.exe
C:\WINDOWS\system32\doriot.exe
C:\WINDOWS\system32\dpl1npwm.dat
C:\WINDOWS\system32\dpl1npwm.dll
C:\WINDOWS\system32\dpl1npwm.exe
C:\WINDOWS\system32\dpv1bidi.dll
C:\WINDOWS\system32\dpwsmmfu.dat
C:\WINDOWS\system32\dpwsmmfu.dll
C:\WINDOWS\system32\dpwsmmfu.exe
C:\WINDOWS\system32\dragon.txt
C:\WINDOWS\system32\drift.scr
C:\WINDOWS\system32\drivers\atapi16.sys
C:\WINDOWS\system32\drivers\backsys.sys
C:\WINDOWS\system32\drivers\Csrs.exe
C:\WINDOWS\system32\drivers\drivers\isapnp.exe
C:\WINDOWS\system32\drivers\drivers\task.exe
C:\WINDOWS\system32\drivers\etc\svchosts.exe
C:\WINDOWS\system32\drivers\isapnp.exe
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\privada.exe
C:\WINDOWS\system32\drivers\root\system
C:\WINDOWS\system32\drivers\services.exe
C:\WINDOWS\system32\drivers\sndrec32.exe
C:\WINDOWS\system32\drivers\Sndrec64.exe
C:\WINDOWS\system32\drivers\sys.exe
C:\WINDOWS\system32\drivers\System.exe
C:\WINDOWS\system32\drivers\taskmgr.exe
C:\WINDOWS\system32\drsmartload1135a.exe
C:\WINDOWS\system32\Drunk_lol.pif
C:\WINDOWS\system32\dsys.scr
C:\WINDOWS\system32\dxdll\svchost.exe
C:\WINDOWS\system32\dxovx.dll
C:\WINDOWS\system32\dydhcp.exe
C:\WINDOWS\system32\ehSched.exe
C:\WINDOWS\system32\epson.scr
C:\WINDOWS\system32\ersvsync.dat
C:\WINDOWS\system32\ersvsync.dll
C:\WINDOWS\system32\ersvsync.exe
C:\WINDOWS\system32\Estra.exe
C:\WINDOWS\system32\ExCorp.exe
C:\WINDOWS\system32\Exec32.exe
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\system32\explori.exe
C:\WINDOWS\system32\f1.exe
C:\WINDOWS\system32\faate32.exe
C:\WINDOWS\system32\faT.exe
C:\WINDOWS\system32\file.exe
C:\WINDOWS\system32\firewall.exe
C:\WINDOWS\system32\firewallav.dll
C:\WINDOWS\system32\flw334.dll
C:\WINDOWS\system32\formatsys.exe
C:\WINDOWS\system32\foto_celular.scr
C:\WINDOWS\system32\fotos
C:\WINDOWS\system32\fotos04102006.exe
C:\WINDOWS\system32\gmail.exe
C:\WINDOWS\system32\grana.scr
C:\WINDOWS\system32\gray.exe
C:\WINDOWS\system32\green.exe
C:\WINDOWS\system32\gsmutx.exe
C:\WINDOWS\system32\gsx2.exe
C:\WINDOWS\system32\h435adlc.dll
C:\WINDOWS\system32\h435adlc.dll
C:\WINDOWS\system32\haha.exe
C:\WINDOWS\system32\hanonvt.ini
C:\WINDOWS\system32\help.scr
C:\WINDOWS\system32\Hide32.exe
C:\WINDOWS\system32\hidekit.exe
C:\WINDOWS\system32\hiholl.com
C:\WINDOWS\system32\hlpsrv.exe
C:\WINDOWS\system32\hork.exe
C:\WINDOWS\system32\hostfast.cmd
C:\WINDOWS\system32\hosts.exe
C:\WINDOWS\system32\hosts.scr
C:\WINDOWS\system32\hosts.txt
C:\WINDOWS\system32\hosts2.scr
C:\WINDOWS\system32\hptzb02.exe
C:\WINDOWS\system32\hs.exe
C:\WINDOWS\system32\hsvwer4.dll
C:\WINDOWS\system32\hsvwer9.dll
C:\WINDOWS\system32\htssv.exe
C:\WINDOWS\system32\i.exe
C:\WINDOWS\system32\i32yyc.exe
C:\WINDOWS\system32\i5iphe.exe
C:\WINDOWS\system32\i5iphe.exe
C:\WINDOWS\system32\icone.exe
C:\WINDOWS\system32\icpldrv.exe
C:\WINDOWS\system32\icpldrvx.exe
C:\WINDOWS\system32\icpldrvx.js
C:\WINDOWS\system32\icwpslbi.exe
C:\WINDOWS\system32\ie.exe
C:\WINDOWS\system32\iefav
C:\WINDOWS\system32\iefav\tools\SpyWinWb.dll
C:\WINDOWS\system32\iefav\tools4\SpyWinWb.dll
C:\WINDOWS\system32\iefav\toolz\SpyWinWb.dll
C:\WINDOWS\system32\iewq32.exe
C:\WINDOWS\system32\IEXPLORE.exe
C:\WINDOWS\system32\iexplore.scr
C:\WINDOWS\system32\iexplorer.dll.exe
C:\WINDOWS\system32\iexplorer.exe
C:\WINDOWS\system32\iissmspb.dll
C:\WINDOWS\system32\imglog.scr
C:\WINDOWS\system32\imglong.exe
C:\WINDOWS\system32\imglong.pif
C:\WINDOWS\system32\ImgPaint.exe
C:\WINDOWS\system32\imgrb.scr
C:\WINDOWS\system32\imgrbs.scr
C:\WINDOWS\system32\imgrd.scr
C:\WINDOWS\system32\imgrt.scr
C:\WINDOWS\system32\imstcallback.exe
C:\WINDOWS\system32\inetlibx.exe
C:\WINDOWS\system32\infowshb.dll
C:\WINDOWS\system32\InternetAccsess532.dll
C:\WINDOWS\system32\intlprinters.exe
C:\WINDOWS\system32\invadido.exe
C:\WINDOWS\system32\ipprbatm.dll
C:\WINDOWS\system32\irpf.exe
C:\WINDOWS\system32\Isass.exe
C:\WINDOWS\system32\Isass.scr
C:\WINDOWS\system32\isass32.exe
C:\WINDOWS\system32\isrprf32.dll
C:\WINDOWS\system32\isrprov.exe
C:\WINDOWS\system32\issas0x.scr
C:\WINDOWS\system32\j6w5b1ksec.dll
C:\WINDOWS\system32\jamaica.exe
C:\WINDOWS\system32\java.cmd
C:\WINDOWS\system32\java.scr
C:\WINDOWS\system32\javajrk.exe
C:\WINDOWS\system32\javas.exe
C:\WINDOWS\system32\jpb.exe
C:\WINDOWS\system32\jshxw.exe
C:\WINDOWS\system32\jubswwe
C:\WINDOWS\system32\jucshed.cmd
C:\WINDOWS\system32\Juegs.exe
C:\WINDOWS\system32\jusched.exe
C:\WINDOWS\system32\JVM.exe
C:\WINDOWS\system32\JVM0.exe
C:\WINDOWS\system32\JVMa.exe
C:\WINDOWS\system32\kavsvc32.exe
C:\WINDOWS\system32\kbdemsdm.dat
C:\WINDOWS\system32\kbdemsdm.dll
C:\WINDOWS\system32\kbdemsdm.dll
C:\WINDOWS\system32\kbdemsdm.exe
C:\WINDOWS\system32\kbdnmfc4.dll
C:\WINDOWS\system32\kerlupa.exe
C:\WINDOWS\system32\kernels32.exe
C:\WINDOWS\system32\killdesig.exe
C:\WINDOWS\system32\kimhelpmak.exe
C:\WINDOWS\system32\klpp.exe
C:\WINDOWS\system32\kmsklx.exe
C:\WINDOWS\system32\le.exe
C:\WINDOWS\system32\leetch32.exe
C:\WINDOWS\system32\lexplore.exe
C:\WINDOWS\system32\Lexplorer.exe
C:\WINDOWS\system32\libcinet.exe
C:\WINDOWS\system32\libcintle.dll
C:\WINDOWS\system32\libcintle2.dll
C:\WINDOWS\system32\libcintles3.dll
C:\WINDOWS\system32\libhelps.dll
C:\WINDOWS\system32\libinets.dll
C:\WINDOWS\system32\libmsns.dll
C:\WINDOWS\system32\libweb.dll
C:\WINDOWS\system32\libwinets.dll
C:\WINDOWS\system32\locadx3j.dll
C:\WINDOWS\system32\login.dll
C:\WINDOWS\system32\logon.com
C:\WINDOWS\system32\logon1.scr
C:\WINDOWS\system32\logon2.scr
C:\WINDOWS\system32\logunit.sys
C:\WINDOWS\system32\lookatme.exe
C:\WINDOWS\system32\love_me.pif
C:\WINDOWS\system32\lprhwinn.exe
C:\WINDOWS\system32\lsass2.exe
C:\WINDOWS\system32\lsass32.exe
C:\WINDOWS\system32\lsass47.exe
C:\WINDOWS\system32\lsasss.exe
C:\WINDOWS\system32\lsassss.exe
C:\WINDOWS\system32\mag_cscd.dat
C:\WINDOWS\system32\mag_cscd.dll
C:\WINDOWS\system32\mag_cscd.exe
C:\WINDOWS\system32\malware.exe
C:\WINDOWS\system32\mangal.exe
C:\WINDOWS\system32\MEGATRON.ini
C:\WINDOWS\system32\Mensagem.exe
C:\WINDOWS\system32\mess.scr
C:\WINDOWS\system32\messenger.exe
C:\WINDOWS\system32\messenger.scr
C:\WINDOWS\system32\messenger32.scr
C:\WINDOWS\system32\mgmsgr.exe
C:\WINDOWS\system32\Microsoft.exe
C:\WINDOWS\system32\microsoft\backup.ftp
C:\WINDOWS\system32\microsoft\backup.tftp
C:\WINDOWS\system32\mkdrxz.exe
C:\WINDOWS\system32\mkrshcx.exe
C:\WINDOWS\system32\mpeg4dec0.dll
C:\WINDOWS\system32\mrjaskr.exe
C:\WINDOWS\system32\mrjasmr.exe
C:\WINDOWS\system32\msbcs.exe
C:\WINDOWS\system32\msbcs.scr
C:\WINDOWS\system32\msbiwmip.dll
C:\WINDOWS\system32\mscheldbnp.scr
C:\WINDOWS\system32\Mscheldncx.scr
C:\WINDOWS\system32\Mscheldork.scr
C:\WINDOWS\system32\mscmippr.dat
C:\WINDOWS\system32\mscmippr.dll
C:\WINDOWS\system32\mscmippr.exe
C:\WINDOWS\system32\msconf.exe
C:\WINDOWS\system32\msftmssw.exe
C:\WINDOWS\system32\MsgPlus.exe
C:\WINDOWS\system32\msgrcg32.scr
C:\WINDOWS\system32\mshtmldat32.exe
C:\WINDOWS\system32\mshtmsdt.dll
C:\WINDOWS\system32\msihlprm.exe
C:\WINDOWS\system32\msload.exe
C:\WINDOWS\system32\msmsgr.exe
C:\WINDOWS\system32\MSMSN32.EXE
C:\WINDOWS\system32\msn.dll
C:\WINDOWS\system32\msn.exe
C:\WINDOWS\system32\msn.scr
C:\WINDOWS\system32\MSN_ENVIA.exe
C:\WINDOWS\system32\MSN_MSS.exe
C:\WINDOWS\system32\msn6.3.exe
C:\WINDOWS\system32\msnconf.exe
C:\WINDOWS\system32\MSNENVIA.exe
C:\WINDOWS\system32\msnfile.exe
C:\WINDOWS\system32\msnfix.exe
C:\WINDOWS\system32\msng.exe
C:\WINDOWS\system32\msngr.exe
C:\WINDOWS\system32\msngrn.exe
C:\WINDOWS\system32\msninet.exe
C:\WINDOWS\system32\msnix.scr
C:\WINDOWS\system32\MSNMGS1.exe
C:\WINDOWS\system32\msnms.exe
C:\WINDOWS\system32\msnmsegr.exe
C:\WINDOWS\system32\msnmsg.exe
C:\WINDOWS\system32\msnmsgr.exe
C:\WINDOWS\system32\msnmsgs.exe
C:\WINDOWS\system32\msnmsnr.exe
C:\WINDOWS\system32\msnmsnr.scr
C:\WINDOWS\system32\msnn.exe
C:\WINDOWS\system32\msnnsgr.exe
C:\WINDOWS\system32\msnplus.exe
C:\WINDOWS\system32\msnpop.exe
C:\WINDOWS\system32\msnsgs.exe
C:\WINDOWS\system32\msnsupport.exe
C:\WINDOWS\system32\msnus.exe
C:\WINDOWS\system32\MSNWA.exe
C:\WINDOWS\system32\msnwisterd.exe
C:\WINDOWS\system32\msnworm.exe
C:\WINDOWS\system32\MSOffice.exe
C:\WINDOWS\system32\msout.exe
C:\WINDOWS\system32\msprwinn.dat
C:\WINDOWS\system32\msprwinn.dll
C:\WINDOWS\system32\msprwinn.exe
C:\WINDOWS\system32\msreg.exe
C:\WINDOWS\system32\msscdpnm.exe
C:\WINDOWS\system32\mssnn.exe
C:\WINDOWS\system32\msssn.exe
C:\WINDOWS\system32\mstrust32.dll
C:\WINDOWS\system32\mw.exe
C:\WINDOWS\system32\naked_party.pif
C:\WINDOWS\system32\naoadianta.exe
C:\WINDOWS\system32\Navaps.scr
C:\WINDOWS\system32\navy.exe
C:\WINDOWS\system32\Negdo.exe
C:\WINDOWS\system32\netburn.scr
C:\WINDOWS\system32\netepade.scr
C:\WINDOWS\system32\netlocca.dat
C:\WINDOWS\system32\netlocca.dll
C:\WINDOWS\system32\netlocca.exe
C:\WINDOWS\system32\NetMeeting.exe
C:\WINDOWS\system32\newsystem25.dll
C:\WINDOWS\system32\nfw32.exe
C:\WINDOWS\system32\nmevscrr.exe
C:\WINDOWS\system32\nostd.scr
C:\WINDOWS\system32\not_uno.exe
C:\WINDOWS\system32\notepadd.exe
C:\WINDOWS\system32\notice.dll
C:\WINDOWS\system32\notiffy.dll
C:\WINDOWS\system32\NSecurity.exe
C:\WINDOWS\system32\nsnmsgr.exe
C:\WINDOWS\system32\nsstd.scr
C:\WINDOWS\system32\ntssv.exe
C:\WINDOWS\system32\nvcpll.exe
C:\WINDOWS\system32\oddysee.exe
C:\WINDOWS\system32\office.exe
C:\WINDOWS\system32\okt.exe
C:\WINDOWS\system32\orgut.exe
C:\WINDOWS\system32\orgut.scr
C:\WINDOWS\system32\ork.exe
C:\WINDOWS\system32\orkut.scr
C:\WINDOWS\system32\orkut_jptsky.exe
C:\WINDOWS\system32\OSSMTP.DLL
C:\WINDOWS\system32\Outlook Express.exe
C:\WINDOWS\system32\partner.log
C:\WINDOWS\system32\perfdisp.dat
C:\WINDOWS\system32\perfdisp.dll
C:\WINDOWS\system32\perfdisp.exe
C:\WINDOWS\system32\PerfStringV4.9.dll
C:\WINDOWS\system32\photopaint.exe
C:\WINDOWS\system32\photopoint.exe
C:\WINDOWS\system32\photos.rar
C:\WINDOWS\system32\plugim.exe
C:\WINDOWS\system32\plugin.scr
C:\WINDOWS\system32\plugin.txt
C:\WINDOWS\system32\Plugin1.dat
C:\WINDOWS\system32\poison.sys
C:\WINDOWS\system32\Principal.exe
C:\WINDOWS\system32\printers.exe
C:\WINDOWS\system32\prodigy323.dll
C:\WINDOWS\system32\prodigys323.dll
C:\WINDOWS\system32\pruas.exe
C:\WINDOWS\system32\psapuman.exe
C:\WINDOWS\system32\psnppack.dll
C:\WINDOWS\system32\quegrilo.scr
C:\WINDOWS\system32\querdgne.dat
C:\WINDOWS\system32\querdgne.dll
C:\WINDOWS\system32\querdgne.exe
C:\WINDOWS\system32\rafba.dll
C:\WINDOWS\system32\Raid_N.exe
C:\WINDOWS\system32\rdcshost32.exe
C:\WINDOWS\system32\rdfhost.dll
C:\WINDOWS\system32\rdihost.dll
C:\WINDOWS\system32\rdpszipf.dll
C:\WINDOWS\system32\rdshost.dll
C:\WINDOWS\system32\rdshost32.exe
C:\WINDOWS\system32\red.exe
C:\WINDOWS\system32\reg_0001.txt
C:\WINDOWS\system32\regcleaner.exe
C:\WINDOWS\system32\remote.cmd
C:\WINDOWS\system32\Restore\restore.exe
C:\WINDOWS\system32\reterx.exe
C:\WINDOWS\system32\revolution.exe
C:\WINDOWS\system32\robin.exe
C:\WINDOWS\system32\rpcnqasf.dll
C:\WINDOWS\system32\rstwa.ini
C:\WINDOWS\system32\rstwa.tmp
C:\WINDOWS\system32\rtutvb5d.dll
C:\WINDOWS\system32\rundl132.exe
C:\WINDOWS\system32\s2.exe
C:\WINDOWS\system32\sarcaz.scr
C:\WINDOWS\system32\scamdisk.exe
C:\WINDOWS\system32\scammdisk.exe
C:\WINDOWS\system32\scbs.scr
C:\WINDOWS\system32\scp3wiav.dll
C:\WINDOWS\system32\sdrivew32.exe
C:\WINDOWS\system32\seclkbdn.dll
C:\WINDOWS\system32\Security\Firewall.exe
C:\WINDOWS\system32\Security\klog.dat
C:\WINDOWS\system32\Security\WinUpdate.exe
C:\WINDOWS\system32\segder32.exe
C:\WINDOWS\system32\segtem32.exe
C:\WINDOWS\system32\segtem332.exe
C:\WINDOWS\system32\sender32.exe
C:\WINDOWS\system32\sendwmdm.exe
C:\WINDOWS\system32\serbw.exe
C:\WINDOWS\system32\server.exe
C:\WINDOWS\system32\service\navupdt.exe
C:\WINDOWS\system32\service\navupdt2.exe
C:\WINDOWS\system32\service\service.dll
C:\WINDOWS\system32\service\service.dll*
C:\WINDOWS\system32\service\service2.dll
C:\WINDOWS\system32\service\services.exe
C:\WINDOWS\system32\service\services.exe
C:\WINDOWS\system32\servico.exe
C:\WINDOWS\system32\servics.exe
C:\WINDOWS\system32\setupx32.exe
C:\WINDOWS\system32\sever32.exe
C:\WINDOWS\system32\sevicess.scr
C:\WINDOWS\system32\sexy_bedroom.pif
C:\WINDOWS\system32\shdosbei.dat
C:\WINDOWS\system32\shdosbei.dll
C:\WINDOWS\system32\shdosbei.exe
C:\WINDOWS\system32\shell32dll.exe
C:\WINDOWS\system32\SICB.exe
C:\WINDOWS\system32\SICB.scr
C:\WINDOWS\system32\simdataconf.dll
C:\WINDOWS\system32\sistema.exe
C:\WINDOWS\system32\sistrat.scr
C:\WINDOWS\system32\Skype.exe
C:\WINDOWS\system32\smcfg32.exe
C:\WINDOWS\system32\smics.exe
C:\WINDOWS\system32\smsc.exe
C:\WINDOWS\system32\smsc.txt
C:\WINDOWS\system32\smsl.exe
C:\WINDOWS\system32\smss.ini
C:\WINDOWS\system32\snagos.exe
C:\WINDOWS\system32\snengine.exe
C:\WINDOWS\system32\sp2.exe
C:\WINDOWS\system32\spls.exe
C:\WINDOWS\system32\spooldr.sys
C:\WINDOWS\system32\spools.scr
C:\WINDOWS\system32\spoolsa.scr
C:\WINDOWS\system32\spoolzha.scr
C:\WINDOWS\system32\sprY.exe
C:\WINDOWS\system32\spvspool.exe
C:\WINDOWS\system32\spwwlsa.scr
C:\WINDOWS\system32\sqlsusrs.exe
C:\WINDOWS\system32\ssms.scr
C:\WINDOWS\system32\ssvschost.sys
C:\WINDOWS\system32\strad.exe
C:\WINDOWS\system32\su40uue.dll
C:\WINDOWS\system32\su40uue.dll
C:\WINDOWS\system32\Supervise.exe
C:\WINDOWS\system32\svch0st.exe
C:\WINDOWS\system32\SVCH0STl.exe
C:\WINDOWS\system32\SVCH0STll.EXE
C:\WINDOWS\system32\svchoost.exe
C:\WINDOWS\system32\svchosd.scr
C:\WINDOWS\system32\svchosdt.scr
C:\WINDOWS\system32\svchost.scr
C:\WINDOWS\system32\svchost1.exe
C:\WINDOWS\system32\svchost32.exe
C:\WINDOWS\system32\svchosted.scr
C:\WINDOWS\system32\Svchosts.exe
C:\WINDOWS\system32\svchostss.exe
C:\WINDOWS\system32\svcmgrs.exe
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\svcsky32.exe
C:\WINDOWS\system32\svhootss.exe
C:\WINDOWS\system32\svhoskil.exe
C:\WINDOWS\system32\svhost.exe
C:\WINDOWS\system32\svhost.pif
C:\WINDOWS\system32\svhostt32.exe
C:\WINDOWS\system32\svhotss.exe
C:\WINDOWS\system32\svohost.exe
C:\WINDOWS\system32\svschost.sys
C:\WINDOWS\system32\svxosted.scr
C:\WINDOWS\system32\SwcHost.exe
C:\WINDOWS\system32\swchosthed.scr
C:\WINDOWS\system32\sys\smss.exe
C:\WINDOWS\system32\SYSARC.EXE
C:\WINDOWS\system32\sysDesktop.scr
C:\WINDOWS\system32\sysedir.exe
C:\WINDOWS\system32\syshelps.dll
C:\WINDOWS\system32\syshosts.dll
C:\WINDOWS\system32\sysiff_v.dll
C:\WINDOWS\system32\syslinks2.dll
C:\WINDOWS\system32\syspoint.dll
C:\WINDOWS\system32\syspoints.dll
C:\WINDOWS\system32\sysprinters.dll
C:\WINDOWS\system32\sysrcvr2.dll
C:\WINDOWS\system32\sysrcvr246.dll
C:\WINDOWS\system32\sysstrat.scr
C:\WINDOWS\system32\syst.exe
C:\WINDOWS\system32\System.exe
C:\WINDOWS\system32\system1591.exe
C:\WINDOWS\system32\system32.exe
C:\WINDOWS\system32\system32\server32.exe
C:\WINDOWS\system32\system32\system32.exe
C:\WINDOWS\system32\system321.exe
C:\WINDOWS\system32\system34.exe
C:\WINDOWS\system32\system64.exe
C:\WINDOWS\system32\systemdll.exe
C:\WINDOWS\system32\systemuse.cmd
C:\WINDOWS\system32\systen32.exe
C:\WINDOWS\system32\systesrt32.dll
C:\WINDOWS\system32\systray.scr
C:\WINDOWS\system32\sysviews.dll
C:\WINDOWS\system32\szsvc.exe
C:\WINDOWS\system32\tagasuarus*.exe
C:\WINDOWS\system32\task32.exe
C:\WINDOWS\system32\taskcvrd32.exe
C:\WINDOWS\system32\taskkmgr.exe
C:\WINDOWS\system32\tasklist32.exe
C:\WINDOWS\system32\taskmgra.com
C:\WINDOWS\system32\taskmgrd.scr
C:\WINDOWS\system32\taskmgrxp.exe
C:\WINDOWS\system32\taskngr.exe
C:\WINDOWS\system32\tempatu.exe
C:\WINDOWS\system32\tempo.exe
C:\WINDOWS\system32\TFTP3800
C:\WINDOWS\system32\time.exe
C:\WINDOWS\system32\tsklist32.exe
C:\WINDOWS\system32\tskmrg2.scr
C:\WINDOWS\system32\tsorfib.exe
C:\WINDOWS\system32\Ttt.exe
C:\WINDOWS\system32\unknown32.exe
C:\WINDOWS\system32\untitleds32.exe
C:\WINDOWS\system32\update.cmd
C:\WINDOWS\system32\updated.exe
C:\WINDOWS\system32\updatexp.exe
C:\WINDOWS\system32\upsystem.exe
C:\WINDOWS\system32\urdvxc.exe
C:\WINDOWS\system32\urlmsnlink.dat
C:\WINDOWS\system32\usrliiss.dll
C:\WINDOWS\system32\valentine_card.zip
C:\WINDOWS\system32\VB6.EXE
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\verme_chato.exe
C:\WINDOWS\system32\video.exe
C:\WINDOWS\system32\virus.exe
C:\WINDOWS\system32\vmmreg32.exe
C:\WINDOWS\system32\vpcrtf.exe
C:\WINDOWS\system32\vsmon.exe
C:\WINDOWS\system32\w08hbq.exe
C:\WINDOWS\system32\w08hbq.exe
C:\WINDOWS\system32\w32_mjd.dll
C:\WINDOWS\system32\warning.exe
C:\WINDOWS\system32\wcntfy.exe
C:\WINDOWS\system32\wconf32.exe
C:\WINDOWS\system32\Webcam_004.pif
C:\WINDOWS\system32\wepwep1.com
C:\WINDOWS\system32\white.exe
C:\WINDOWS\system32\Win 98.exe
C:\WINDOWS\system32\Win XP.exe
C:\WINDOWS\system32\Win32.exe
C:\WINDOWS\system32\win32config.exe
C:\WINDOWS\system32\win32dlll.exe
C:\WINDOWS\system32\win32xp.dll
C:\WINDOWS\system32\winbo32.exe
C:\WINDOWS\system32\WINdirect.exe
C:\WINDOWS\system32\Windows Update.exe
C:\WINDOWS\system32\windows.cmd
C:\WINDOWS\system32\windows.exe
C:\WINDOWS\system32\Windows.scr
C:\WINDOWS\system32\Windows32.exe
C:\WINDOWS\system32\windserv.exe
C:\WINDOWS\system32\wingo.exe
C:\WINDOWS\system32\winHelp.exe
C:\WINDOWS\system32\winhelp1.com
C:\WINDOWS\system32\winhelp2.com
C:\WINDOWS\system32\winhelp3.com
C:\WINDOWS\system32\winhelp4.com
C:\WINDOWS\system32\winhelp5.cmd
C:\WINDOWS\system32\winhill.com
C:\WINDOWS\system32\winjava.scr
C:\WINDOWS\system32\winktsisx.exe
C:\WINDOWS\system32\winlgcvers.exe
C:\WINDOWS\system32\winlogin.exe
C:\WINDOWS\system32\winlogon_.jpg
C:\WINDOWS\system32\winshost.exe
C:\WINDOWS\system32\winstall.exe
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\winupdate128.exe
C:\WINDOWS\system32\winUpdateNew.exe
C:\WINDOWS\system32\winupdbc.exe
C:\WINDOWS\system32\Winuser.exe
C:\WINDOWS\system32\winviews32.dll
C:\WINDOWS\system32\winxp.exe
C:\WINDOWS\system32\wkssmsjt.dll
C:\WINDOWS\system32\wldadisp.dat
C:\WINDOWS\system32\wldadisp.dll
C:\WINDOWS\system32\wldadisp.exe
C:\WINDOWS\system32\wlm.scr
C:\WINDOWS\system32\wmauhype.dll
C:\WINDOWS\system32\wmhs32.dll
C:\WINDOWS\system32\wmsip.dll
C:\WINDOWS\system32\wndrivs32.exe
C:\WINDOWS\system32\wnlsos.exe
C:\WINDOWS\system32\work.exe
C:\WINDOWS\system32\WorkFile.exe
C:\WINDOWS\system32\WormList.exe
C:\WINDOWS\system32\wormmsn.scr
C:\WINDOWS\system32\wpabaln32.exe
C:\WINDOWS\system32\wpabalnm.exe
C:\WINDOWS\system32\wsass32.exe
C:\WINDOWS\system32\wshrmqis.dll
C:\WINDOWS\system32\wsnctfy.exe
C:\WINDOWS\system32\wsyial.exe
C:\WINDOWS\system32\wuaucltr.exe
C:\WINDOWS\system32\wzip32.exe
C:\WINDOWS\system32\Xeyu.exe
C:\WINDOWS\system32\xkykdldc.bat
C:\WINDOWS\system32\xphost.scr
C:\WINDOWS\system32\Xsfr.exe
C:\WINDOWS\system32\xsmith.scr
C:\WINDOWS\system32\yellon.exe
C:\WINDOWS\system32\yo_posse_007.jpg.exe
C:\WINDOWS\system32\yspoint.dll
C:\WINDOWS\system32\ZaZ.exe
C:\WINDOWS\system32\zitrat.scr
C:\WINDOWS\system32\zser.exe
Logfile of HijackThis v1.99.1
Scan saved at 09:56:46, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drwtsn32.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis_199.zip\HijackThis.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\DOCUME~1\PIERRE~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis_199.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3570d8f8a1104cb4ae2deb51466f8c39
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3570d8f8a1104cb4ae2deb51466f8c39
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/ [...] NPUpld.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe (file missing)
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton Protection Center Service (NSCService) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
MSNFix 1.508
C:\Documents and Settings\PAUL\Bureau\MSNFix\MSNFix
Fix exécuté le 25/09/2007 - 23:07:08,71 By PAUL
mode normal
************************ Recherche les fichiers présents
... C:\g7n4l2o4i4v4.exe
... C:\WINDOWS\services.exe
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\W139_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\W139_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\g7n4l2o4i4v4.exe
/!\ ... C:\WINDOWS\services.exe
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\W139_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\services.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\system32\vaioclk.scr] BC83E428AACFAD0CB852FE0E33305ED0
[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\PAUL\Bureau\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 25092007_23112986.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END --------------------------------------------- []
25/09/2007 a 23:28:04,32
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\1024\*.tmp FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Masta\" FOUND
*** Fin du rapport !
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
************************ Suppression des fichiers
************************ Suppression des dossiers
/!\ ... C:\Program Files\Fichiers communs\Carlson\
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 19092007_19522565.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Il y a 302 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
