cheval de troie récurrent :(
Dernière réponse : dans Le monde de Windows
Bonsoir à tous,
Récemment j'ai ouvert un fichier .rar que je croyais être "pur" et il s'est avéré que celui-ci contenait un cheval de troie.
Comme cette saloperie me fait énormément ramer mon ordi, j'ai donc installer le logiciel a-squared free. Lors du scan, il m'a donc détecté plusieurs fichiers à risque. La première fois, je les ai mis en quarantaine, mais comme le cheval de troie persisitait et revenait encore, j'ai décidé de supprimer les fichiers décelés à risque (fichiers pour la plupart du temps nommés Win32).
Mais voila, à chaque fois il revient et j'en ai marre. quelqu'un peut-il me dire comment éradiquer cette chose une bonne fois pour toutes ?
J'utilise Avast comme antivirus si ca peut informer sur quelque chose.
Merci d'avance
Yo
Récemment j'ai ouvert un fichier .rar que je croyais être "pur" et il s'est avéré que celui-ci contenait un cheval de troie.
Comme cette saloperie me fait énormément ramer mon ordi, j'ai donc installer le logiciel a-squared free. Lors du scan, il m'a donc détecté plusieurs fichiers à risque. La première fois, je les ai mis en quarantaine, mais comme le cheval de troie persisitait et revenait encore, j'ai décidé de supprimer les fichiers décelés à risque (fichiers pour la plupart du temps nommés Win32).
Mais voila, à chaque fois il revient et j'en ai marre. quelqu'un peut-il me dire comment éradiquer cette chose une bonne fois pour toutes ?
J'utilise Avast comme antivirus si ca peut informer sur quelque chose.
Merci d'avance
Yo
Autres pages sur : cheval troie recurrent
Lassé par la pub ? Créez un compte
Bonjour,
On peut facilement ler voir avec HJT. Autant faire tout d'un coup.
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
Edition / Sélectionner tout
Edition / Copier
Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
lupins a dit :
On peut connaitre quelle version de windows tu utilises et quel pare feu ?On peut facilement ler voir avec HJT. Autant faire tout d'un coup.
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
AIDE : Tuto en vidéo sur Hijackthis
Je dispose de windows XP avec service pack 2
en antivirus j'ai avast anti virus et le pare feu est celui de windows
j'ai deja essayé d'enlever cette saloperie (son nom est Win32:VBStat-C [Trj]) avec CCleaner et AVG anti spyware mais rien a faire il revient a chaque fois
je vais lancer HijackThis ce soir et vous mettrait le contenu du bloc notes demain matin en ligne sur ce post...
merci pour l'aide, j'en peux plus de ce cheval de troie a la con !!!
en antivirus j'ai avast anti virus et le pare feu est celui de windows
j'ai deja essayé d'enlever cette saloperie (son nom est Win32:VBStat-C [Trj]) avec CCleaner et AVG anti spyware mais rien a faire il revient a chaque fois
je vais lancer HijackThis ce soir et vous mettrait le contenu du bloc notes demain matin en ligne sur ce post...
merci pour l'aide, j'en peux plus de ce cheval de troie a la con !!!
merci bien pour le lien
je vous mets quand même mon hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 04:56:02, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Opera\Opera.exe
C:\DOCUME~1\Yoan\LOCALS~1\Temp\Rar$EX00.199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\eaqmwttc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
et je vous transmets aussi ce lien :
http://img260.imageshack.us/my.php?image=winlogonkn5.pn...
c'est un printscreen de mon système d'exploitation et on peut remarquer qu'il y le "winlogon" et j'ai entendu dire que c'était un trojan. Dois je le supprimer ?
merci
je vous mets quand même mon hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 04:56:02, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Opera\Opera.exe
C:\DOCUME~1\Yoan\LOCALS~1\Temp\Rar$EX00.199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\eaqmwttc.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
et je vous transmets aussi ce lien :
http://img260.imageshack.us/my.php?image=winlogonkn5.pn...
c'est un printscreen de mon système d'exploitation et on peut remarquer qu'il y le "winlogon" et j'ai entendu dire que c'était un trojan. Dois je le supprimer ?
merci
Re,
On attaque![:)]( ":)")
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
On attaque
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
alors voici le rapport de vundofix :
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:52:19 26/06/2007
Listing files found while scanning....
C:\windows\system32\cttwmqae.ini
C:\WINDOWS\system32\eaqmwttc.dll
C:\windows\system32\qrsru.bak1
C:\windows\system32\qrsru.bak2
C:\windows\system32\qrsru.ini
C:\windows\system32\qrsru.ini2
C:\windows\system32\qrsru.tmp
C:\WINDOWS\system32\rvwtcdyh.dll
C:\WINDOWS\system32\ursrq.dll
C:\windows\system32\uxmaqoay.dll
C:\windows\system32\yaoqamxu.ini
Beginning removal...
Attempting to delete C:\windows\system32\cttwmqae.ini
C:\windows\system32\cttwmqae.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eaqmwttc.dll
C:\WINDOWS\system32\eaqmwttc.dll Has been deleted!
Attempting to delete C:\windows\system32\qrsru.bak1
C:\windows\system32\qrsru.bak1 Has been deleted!
Attempting to delete C:\windows\system32\qrsru.bak2
C:\windows\system32\qrsru.bak2 Has been deleted!
Attempting to delete C:\windows\system32\qrsru.ini
C:\windows\system32\qrsru.ini Has been deleted!
Attempting to delete C:\windows\system32\qrsru.ini2
C:\windows\system32\qrsru.ini2 Has been deleted!
Attempting to delete C:\windows\system32\qrsru.tmp
C:\windows\system32\qrsru.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\rvwtcdyh.dll
C:\WINDOWS\system32\rvwtcdyh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursrq.dll
C:\WINDOWS\system32\ursrq.dll Has been deleted!
Attempting to delete C:\windows\system32\uxmaqoay.dll
C:\windows\system32\uxmaqoay.dll Has been deleted!
Attempting to delete C:\windows\system32\yaoqamxu.ini
C:\windows\system32\yaoqamxu.ini Has been deleted!
Performing Repairs to the registry.
Done!
et celui de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:15:03, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Yoan\LOCALS~1\Temp\Rar$EX00.013\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
je constate que la deuxième ligne winlogon est encore présente dans hijackthis et on m'a dit qu'elle représentait un cheval de troie, je dois la supprimer ?
merci de l'aide en tout cas
VundoFix V6.5.1
Checking Java version...
Java version is 1.5.0.11
Scan started at 16:52:19 26/06/2007
Listing files found while scanning....
C:\windows\system32\cttwmqae.ini
C:\WINDOWS\system32\eaqmwttc.dll
C:\windows\system32\qrsru.bak1
C:\windows\system32\qrsru.bak2
C:\windows\system32\qrsru.ini
C:\windows\system32\qrsru.ini2
C:\windows\system32\qrsru.tmp
C:\WINDOWS\system32\rvwtcdyh.dll
C:\WINDOWS\system32\ursrq.dll
C:\windows\system32\uxmaqoay.dll
C:\windows\system32\yaoqamxu.ini
Beginning removal...
Attempting to delete C:\windows\system32\cttwmqae.ini
C:\windows\system32\cttwmqae.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\eaqmwttc.dll
C:\WINDOWS\system32\eaqmwttc.dll Has been deleted!
Attempting to delete C:\windows\system32\qrsru.bak1
C:\windows\system32\qrsru.bak1 Has been deleted!
Attempting to delete C:\windows\system32\qrsru.bak2
C:\windows\system32\qrsru.bak2 Has been deleted!
Attempting to delete C:\windows\system32\qrsru.ini
C:\windows\system32\qrsru.ini Has been deleted!
Attempting to delete C:\windows\system32\qrsru.ini2
C:\windows\system32\qrsru.ini2 Has been deleted!
Attempting to delete C:\windows\system32\qrsru.tmp
C:\windows\system32\qrsru.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\rvwtcdyh.dll
C:\WINDOWS\system32\rvwtcdyh.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ursrq.dll
C:\WINDOWS\system32\ursrq.dll Has been deleted!
Attempting to delete C:\windows\system32\uxmaqoay.dll
C:\windows\system32\uxmaqoay.dll Has been deleted!
Attempting to delete C:\windows\system32\yaoqamxu.ini
C:\windows\system32\yaoqamxu.ini Has been deleted!
Performing Repairs to the registry.
Done!
et celui de hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 17:15:03, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\Yoan\LOCALS~1\Temp\Rar$EX00.013\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
je constate que la deuxième ligne winlogon est encore présente dans hijackthis et on m'a dit qu'elle représentait un cheval de troie, je dois la supprimer ?
merci de l'aide en tout cas
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
voila le rapport combofix :
c'est celui-là alors ? ![:)]( ":)")
"Yoan" - 2007-06-27 5:00:41 - ComboFix 07-06-26.8 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
2007-06-27 04:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 17:04 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-26 16:52 <REP> d-------- C:\VundoFix Backups
2007-06-25 20:49 <REP> d-------- C:\WINDOWS\Prefetch
2007-06-25 20:40 <REP> d-------- C:\Program Files\Lavasoft
2007-06-25 20:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\zts2.exe
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\rundll16.exe
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\rundl132.dll
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\logo1_.exe
2007-06-25 20:08 153,088 --a------ C:\WINDOWS\R.COM
2007-06-25 20:08 143,360 --a------ C:\WINDOWS\system32\T.COM
2007-06-25 20:08 14,866 --a------ C:\WINDOWS\winsbak.reg
2007-06-25 20:08 105,956 --a------ C:\WINDOWS\winsbak2.reg
2007-06-25 20:08 <REP> d-------- C:\Program Files\Fichiers communs\MicroWorld
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\ModŠles
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Menu D‚marrer
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Favoris
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Documents
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Bureau
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\ModŠles
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Favoris
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Documents
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-06-25 20:07 9,488 --a------ C:\WINDOWS\sporder.dll
2007-06-25 20:07 7,680 --a------ C:\WINDOWS\sporder.exe
2007-06-25 20:07 43,520 --a------ C:\WINDOWS\killproc.exe
2007-06-25 20:07 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2007-06-25 20:07 126,976 --a------ C:\WINDOWS\system32\mwnsp.dll
2007-06-25 20:07 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2007-06-25 20:07 1,044,480 --a------ C:\WINDOWS\system32\contfilt.dll
2007-06-25 20:06 44,032 --a------ C:\WINDOWS\inst_tsp.exe
2007-06-25 20:06 356,352 --a------ C:\WINDOWS\system32\mwtsp.dll
2007-06-25 20:06 <REP> d-------- C:\WINDOWS\system32\FLCSS.EXE
2007-06-25 20:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-24 23:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-23 10:57 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-23 09:57 4,628 --a------ C:\WINDOWS\system32\hpogfscc.exe
2007-06-23 09:29 <REP> d-------- C:\Program Files\QuickTime
2007-06-23 09:27 <REP> d-------- C:\Program Files\Apple Software Update
2007-06-23 09:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-22 04:11 <REP> d-------- C:\Program Files\QuickTime Alternative
2007-06-22 04:11 <REP> d-------- C:\Program Files\Media Player Classic
2007-06-20 14:06 <REP> d-------- C:\Program Files\a-squared Free
2007-06-18 17:50 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-06-18 17:50 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-06-18 17:49 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-18 17:47 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-06-18 17:39 <REP> d-------- C:\Program Files\Vstplugins
2007-06-18 17:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-06-17 23:50 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-06-16 14:50 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-16 14:50 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-06-16 14:50 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-06-15 14:37 <REP> d-------- C:\Program Files\Sony
2007-06-15 14:27 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\Sony
2007-06-15 14:27 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\Publish Providers
2007-06-15 14:27 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\NetMedia Providers
2007-06-15 14:23 <REP> d-------- C:\Program Files\Sony Setup
2007-06-14 21:45 <REP> d-------- C:\Program Files\Paint.NET
2007-06-12 17:33 <REP> d-------- C:\Program Files\Live_TV
2007-06-12 11:38 <REP> d-------- C:\Program Files\eBay
2007-06-12 11:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\eBay
2007-06-10 12:03 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-10 10:03 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\dvdcss
2007-06-09 09:38 <REP> d-------- C:\Program Files\Torrent Harvester
2007-06-06 18:03 49,152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2007-06-06 18:03 1,044,480 -ra------ C:\WINDOWS\system32\roboex32.dll
2007-06-05 21:06 <REP> d-------- C:\Program Files\mobile PhoneTools
2007-06-05 20:45 <REP> d-------- C:\Program Files\LiveUpdate
2007-06-05 20:44 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-06-05 20:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 17:36 <REP> d-------- C:\Program Files\Windows Live
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-21 12:24:43 -------- d-----w C:\Program Files\eMule
2007-06-20 14:02:35 -------- d-----w C:\Program Files\TightVNC
2007-06-20 14:02:35 -------- d-----w C:\Program Files\Adverts
2007-06-19 05:58:19 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Azureus
2007-06-18 15:54:02 91,878 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-18 15:54:02 519,480 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-18 06:29:27 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 09:25:32 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-12 11:21:33 -------- d-----w C:\Program Files\Opera
2007-06-12 09:37:35 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-06-09 12:08:41 -------- d-----w C:\Program Files\Azureus
2007-06-03 15:36:24 -------- d-----w C:\Program Files\MSN Messenger
2007-05-27 14:41:38 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Google
2007-05-27 14:38:24 -------- d-----w C:\Program Files\Google
2007-05-17 19:18:17 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Screenshot Sender
2007-05-17 07:45:48 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Opera
2007-05-14 20:37:18 -------- d-----w C:\Program Files\Fichiers communs\Real
2007-05-14 20:27:37 -------- d-----w C:\Program Files\directx
2007-05-14 20:26:55 -------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-05-14 20:25:55 -------- d-----w C:\Program Files\Labtec
2007-05-13 20:38:56 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-13 10:07:12 -------- d-----w C:\Program Files\Common Files
2007-05-13 10:07:10 -------- d-----w C:\Program Files\Yahoo!
2007-05-12 19:47:50 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Poll Wait Base
2007-05-12 19:46:55 -------- d-----w C:\Program Files\Poll Wait Base
2007-05-11 20:13:45 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-05-10 14:17:11 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Talkback
2007-05-10 14:16:39 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-10 12:19:43 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\CyberLink
2007-05-10 11:42:39 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-10 11:41:13 -------- d-----w C:\Program Files\Fichiers communs\GTK
2007-05-10 09:36:22 41 ---h--w C:\WINDOWS\dsez7281.dat
2007-05-10 09:21:35 -------- d-----w C:\Program Files\Seagrand
2007-05-09 23:52:15 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\vlc
2007-05-09 23:42:09 -------- d-----w C:\Program Files\VideoLAN
2007-05-09 23:40:10 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-09 23:36:51 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\LaCie
2007-05-09 23:36:20 -------- d-----w C:\Program Files\LaCie
2007-05-09 23:25:09 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\ACD Systems
2007-05-03 09:53:38 -------- d-----w C:\Program Files\MSXML 6.0
2007-05-03 09:05:46 -------- d-----w C:\Program Files\MSBuild
2007-05-03 09:01:09 -------- d-----w C:\Program Files\Reference Assemblies
2007-05-02 18:09:11 -------- d-----w C:\Program Files\uphclean
2007-05-02 18:07:01 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-02 17:59:14 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-02 17:57:32 -------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2007-05-02 17:57:30 -------- d-----w C:\Program Files\ACD Systems
2007-05-02 17:56:39 -------- d-----w C:\Program Files\Ahead
2007-05-02 17:56:33 -------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-05-02 17:56:26 -------- d-----w C:\Program Files\CyberLink
2007-05-02 17:55:31 -------- d-----w C:\Program Files\Alwil Software
2007-05-02 15:41:38 -------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-05-02 15:41:36 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-05-02 15:41:36 -------- d-----w C:\Program Files\ATI Technologies
2007-05-02 15:36:56 -------- d-----w C:\Program Files\Synaptics
2007-05-02 14:31:41 -------- d-----w C:\Program Files\Intel
2007-05-02 13:54:45 -------- d-----w C:\Program Files\msn gaming zone
2007-05-02 13:54:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-02 13:51:28 0 --sha-r C:\MSDOS.SYS
2007-05-02 13:51:28 0 --sha-r C:\IO.SYS
2007-05-02 13:51:28 0 ----a-w C:\CONFIG.SYS
2007-05-02 13:51:28 0 ------w C:\AUTOEXEC.BAT
2007-05-02 13:49:26 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-02 13:49:20 -------- d-----w C:\Program Files\Services en ligne
2007-05-02 13:48:49 -------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-05-02 13:48:44 -------- d-----w C:\Program Files\Movie Maker
2007-05-02 13:48:03 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-02 13:47:15 -------- d-----w C:\Program Files\Windows NT
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{44E5BA3F-947E-47AB-B80F-3C172C065986}=C:\WINDOWS\system32\ursrq.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf}=C:\Program Files\Live_TV\tbLiv1.dll [2007-06-13 17:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-24 23:40]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-11-07 19:43]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
Contents of the 'Scheduled Tasks' folder
2007-06-23 07:27:41 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-27 03:00:01 C:\WINDOWS\tasks\BB5B2BA79D0CA5CB.job
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\ModŠles
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\ModŠles
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-21 12:24:43 -------- d-----w C:\Program Files\eMule
2007-06-20 14:02:35 -------- d-----w C:\Program Files\TightVNC
2007-06-20 14:02:35 -------- d-----w C:\Program Files\Adverts
2007-06-19 05:58:19 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Azureus
2007-06-18 15:54:02 91,878 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-18 15:54:02 519,480 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-18 06:29:27 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 09:25:32 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-12 11:21:33 -------- d-----w C:\Program Files\Opera
2007-06-12 09:37:35 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-06-09 12:08:41 -------- d-----w C:\Program Files\Azureus
2007-06-03 15:36:24 -------- d-----w C:\Program Files\MSN Messenger
2007-05-27 14:41:38 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Google
2007-05-27 14:38:24 -------- d-----w C:\Program Files\Google
2007-05-17 19:18:17 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Screenshot Sender
2007-05-17 07:45:48 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Opera
2007-05-14 20:37:18 -------- d-----w C:\Program Files\Fichiers communs\Real
2007-05-14 20:27:37 -------- d-----w C:\Program Files\directx
2007-05-14 20:26:55 -------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-05-14 20:25:55 -------- d-----w C:\Program Files\Labtec
2007-05-13 20:38:56 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-13 10:07:12 -------- d-----w C:\Program Files\Common Files
2007-05-13 10:07:10 -------- d-----w C:\Program Files\Yahoo!
2007-05-12 19:47:50 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Poll Wait Base
2007-05-12 19:46:55 -------- d-----w C:\Program Files\Poll Wait Base
2007-05-11 20:13:45 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-05-10 14:17:11 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Talkback
2007-05-10 14:16:39 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-10 12:19:43 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\CyberLink
2007-05-10 11:42:39 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-10 11:41:13 -------- d-----w C:\Program Files\Fichiers communs\GTK
2007-05-10 09:36:22 41 ---h--w C:\WINDOWS\dsez7281.dat
2007-05-10 09:21:35 -------- d-----w C:\Program Files\Seagrand
2007-05-09 23:52:15 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\vlc
2007-05-09 23:42:09 -------- d-----w C:\Program Files\VideoLAN
2007-05-09 23:40:10 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-09 23:36:51 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\LaCie
2007-05-09 23:36:20 -------- d-----w C:\Program Files\LaCie
2007-05-09 23:25:09 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\ACD Systems
2007-05-03 09:53:38 -------- d-----w C:\Program Files\MSXML 6.0
2007-05-03 09:05:46 -------- d-----w C:\Program Files\MSBuild
2007-05-03 09:01:09 -------- d-----w C:\Program Files\Reference Assemblies
2007-05-02 18:09:11 -------- d-----w C:\Program Files\uphclean
2007-05-02 18:07:01 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-02 17:59:14 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-02 17:57:32 -------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2007-05-02 17:57:30 -------- d-----w C:\Program Files\ACD Systems
2007-05-02 17:56:39 -------- d-----w C:\Program Files\Ahead
2007-05-02 17:56:33 -------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-05-02 17:56:26 -------- d-----w C:\Program Files\CyberLink
2007-05-02 17:55:31 -------- d-----w C:\Program Files\Alwil Software
2007-05-02 15:41:38 -------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-05-02 15:41:36 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-05-02 15:41:36 -------- d-----w C:\Program Files\ATI Technologies
2007-05-02 15:36:56 -------- d-----w C:\Program Files\Synaptics
2007-05-02 14:31:41 -------- d-----w C:\Program Files\Intel
2007-05-02 13:54:45 -------- d-----w C:\Program Files\msn gaming zone
2007-05-02 13:54:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-02 13:51:28 0 --sha-r C:\MSDOS.SYS
2007-05-02 13:51:28 0 --sha-r C:\IO.SYS
2007-05-02 13:51:28 0 ----a-w C:\CONFIG.SYS
2007-05-02 13:51:28 0 ------w C:\AUTOEXEC.BAT
2007-05-02 13:49:26 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-02 13:49:20 -------- d-----w C:\Program Files\Services en ligne
2007-05-02 13:48:49 -------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-05-02 13:48:44 -------- d-----w C:\Program Files\Movie Maker
2007-05-02 13:48:03 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-02 13:47:15 -------- d-----w C:\Program Files\Windows NT
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{44E5BA3F-947E-47AB-B80F-3C172C065986}=C:\WINDOWS\system32\ursrq.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf}=C:\Program Files\Live_TV\tbLiv1.dll [2007-06-13 17:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-24 23:40]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-11-07 19:43]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
Contents of the 'Scheduled Tasks' folder
2007-06-23 07:27:41 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-27 11:00:01 C:\WINDOWS\tasks\BB5B2BA79D0CA5CB.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 13:06:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-27 13:07:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 13:07
--- E O F ---
"Yoan" - 2007-06-27 5:00:41 - ComboFix 07-06-26.8 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
2007-06-27 04:59 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-26 17:04 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-06-26 16:52 <REP> d-------- C:\VundoFix Backups
2007-06-25 20:49 <REP> d-------- C:\WINDOWS\Prefetch
2007-06-25 20:40 <REP> d-------- C:\Program Files\Lavasoft
2007-06-25 20:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\zts2.exe
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\rundll16.exe
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\rundl132.dll
2007-06-25 20:27 <REP> d-a------ C:\WINDOWS\logo1_.exe
2007-06-25 20:08 153,088 --a------ C:\WINDOWS\R.COM
2007-06-25 20:08 143,360 --a------ C:\WINDOWS\system32\T.COM
2007-06-25 20:08 14,866 --a------ C:\WINDOWS\winsbak.reg
2007-06-25 20:08 105,956 --a------ C:\WINDOWS\winsbak2.reg
2007-06-25 20:08 <REP> d-------- C:\Program Files\Fichiers communs\MicroWorld
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\ModŠles
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Menu D‚marrer
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Favoris
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Documents
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\Bureau
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\ModŠles
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Menu D‚marrer
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Favoris
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Documents
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\Bureau
2007-06-25 20:07 9,488 --a------ C:\WINDOWS\sporder.dll
2007-06-25 20:07 7,680 --a------ C:\WINDOWS\sporder.exe
2007-06-25 20:07 43,520 --a------ C:\WINDOWS\killproc.exe
2007-06-25 20:07 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2007-06-25 20:07 126,976 --a------ C:\WINDOWS\system32\mwnsp.dll
2007-06-25 20:07 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2007-06-25 20:07 1,044,480 --a------ C:\WINDOWS\system32\contfilt.dll
2007-06-25 20:06 44,032 --a------ C:\WINDOWS\inst_tsp.exe
2007-06-25 20:06 356,352 --a------ C:\WINDOWS\system32\mwtsp.dll
2007-06-25 20:06 <REP> d-------- C:\WINDOWS\system32\FLCSS.EXE
2007-06-25 20:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-06-24 23:34 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-23 10:57 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-06-23 09:57 4,628 --a------ C:\WINDOWS\system32\hpogfscc.exe
2007-06-23 09:29 <REP> d-------- C:\Program Files\QuickTime
2007-06-23 09:27 <REP> d-------- C:\Program Files\Apple Software Update
2007-06-23 09:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-06-22 04:11 <REP> d-------- C:\Program Files\QuickTime Alternative
2007-06-22 04:11 <REP> d-------- C:\Program Files\Media Player Classic
2007-06-20 14:06 <REP> d-------- C:\Program Files\a-squared Free
2007-06-18 17:50 33,340 --------- C:\WINDOWS\system32\dbmsqlgc.dll
2007-06-18 17:50 24,576 --------- C:\WINDOWS\system32\dbmsgnet.dll
2007-06-18 17:49 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-06-18 17:47 <REP> d-------- C:\Program Files\Microsoft SQL Server
2007-06-18 17:39 <REP> d-------- C:\Program Files\Vstplugins
2007-06-18 17:39 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony
2007-06-17 23:50 14,604 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2007-06-16 14:50 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-06-16 14:50 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-06-16 14:50 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-06-15 14:37 <REP> d-------- C:\Program Files\Sony
2007-06-15 14:27 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\Sony
2007-06-15 14:27 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\Publish Providers
2007-06-15 14:27 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\NetMedia Providers
2007-06-15 14:23 <REP> d-------- C:\Program Files\Sony Setup
2007-06-14 21:45 <REP> d-------- C:\Program Files\Paint.NET
2007-06-12 17:33 <REP> d-------- C:\Program Files\Live_TV
2007-06-12 11:38 <REP> d-------- C:\Program Files\eBay
2007-06-12 11:38 <REP> d-------- C:\DOCUME~1\ALLUSE~1\eBay
2007-06-10 12:03 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-06-10 10:03 <REP> d-------- C:\DOCUME~1\Yoan\APPLIC~1\dvdcss
2007-06-09 09:38 <REP> d-------- C:\Program Files\Torrent Harvester
2007-06-06 18:03 49,152 -ra------ C:\WINDOWS\system32\inetwh32.dll
2007-06-06 18:03 1,044,480 -ra------ C:\WINDOWS\system32\roboex32.dll
2007-06-05 21:06 <REP> d-------- C:\Program Files\mobile PhoneTools
2007-06-05 20:45 <REP> d-------- C:\Program Files\LiveUpdate
2007-06-05 20:44 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2007-06-05 20:43 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-06-04 15:18 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-06-04 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-06-04 15:14 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-06-03 17:36 <REP> d-------- C:\Program Files\Windows Live
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-21 12:24:43 -------- d-----w C:\Program Files\eMule
2007-06-20 14:02:35 -------- d-----w C:\Program Files\TightVNC
2007-06-20 14:02:35 -------- d-----w C:\Program Files\Adverts
2007-06-19 05:58:19 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Azureus
2007-06-18 15:54:02 91,878 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-18 15:54:02 519,480 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-18 06:29:27 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 09:25:32 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-12 11:21:33 -------- d-----w C:\Program Files\Opera
2007-06-12 09:37:35 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-06-09 12:08:41 -------- d-----w C:\Program Files\Azureus
2007-06-03 15:36:24 -------- d-----w C:\Program Files\MSN Messenger
2007-05-27 14:41:38 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Google
2007-05-27 14:38:24 -------- d-----w C:\Program Files\Google
2007-05-17 19:18:17 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Screenshot Sender
2007-05-17 07:45:48 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Opera
2007-05-14 20:37:18 -------- d-----w C:\Program Files\Fichiers communs\Real
2007-05-14 20:27:37 -------- d-----w C:\Program Files\directx
2007-05-14 20:26:55 -------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-05-14 20:25:55 -------- d-----w C:\Program Files\Labtec
2007-05-13 20:38:56 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-13 10:07:12 -------- d-----w C:\Program Files\Common Files
2007-05-13 10:07:10 -------- d-----w C:\Program Files\Yahoo!
2007-05-12 19:47:50 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Poll Wait Base
2007-05-12 19:46:55 -------- d-----w C:\Program Files\Poll Wait Base
2007-05-11 20:13:45 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-05-10 14:17:11 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Talkback
2007-05-10 14:16:39 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-10 12:19:43 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\CyberLink
2007-05-10 11:42:39 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-10 11:41:13 -------- d-----w C:\Program Files\Fichiers communs\GTK
2007-05-10 09:36:22 41 ---h--w C:\WINDOWS\dsez7281.dat
2007-05-10 09:21:35 -------- d-----w C:\Program Files\Seagrand
2007-05-09 23:52:15 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\vlc
2007-05-09 23:42:09 -------- d-----w C:\Program Files\VideoLAN
2007-05-09 23:40:10 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-09 23:36:51 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\LaCie
2007-05-09 23:36:20 -------- d-----w C:\Program Files\LaCie
2007-05-09 23:25:09 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\ACD Systems
2007-05-03 09:53:38 -------- d-----w C:\Program Files\MSXML 6.0
2007-05-03 09:05:46 -------- d-----w C:\Program Files\MSBuild
2007-05-03 09:01:09 -------- d-----w C:\Program Files\Reference Assemblies
2007-05-02 18:09:11 -------- d-----w C:\Program Files\uphclean
2007-05-02 18:07:01 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-02 17:59:14 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-02 17:57:32 -------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2007-05-02 17:57:30 -------- d-----w C:\Program Files\ACD Systems
2007-05-02 17:56:39 -------- d-----w C:\Program Files\Ahead
2007-05-02 17:56:33 -------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-05-02 17:56:26 -------- d-----w C:\Program Files\CyberLink
2007-05-02 17:55:31 -------- d-----w C:\Program Files\Alwil Software
2007-05-02 15:41:38 -------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-05-02 15:41:36 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-05-02 15:41:36 -------- d-----w C:\Program Files\ATI Technologies
2007-05-02 15:36:56 -------- d-----w C:\Program Files\Synaptics
2007-05-02 14:31:41 -------- d-----w C:\Program Files\Intel
2007-05-02 13:54:45 -------- d-----w C:\Program Files\msn gaming zone
2007-05-02 13:54:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-02 13:51:28 0 --sha-r C:\MSDOS.SYS
2007-05-02 13:51:28 0 --sha-r C:\IO.SYS
2007-05-02 13:51:28 0 ----a-w C:\CONFIG.SYS
2007-05-02 13:51:28 0 ------w C:\AUTOEXEC.BAT
2007-05-02 13:49:26 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-02 13:49:20 -------- d-----w C:\Program Files\Services en ligne
2007-05-02 13:48:49 -------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-05-02 13:48:44 -------- d-----w C:\Program Files\Movie Maker
2007-05-02 13:48:03 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-02 13:47:15 -------- d-----w C:\Program Files\Windows NT
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{44E5BA3F-947E-47AB-B80F-3C172C065986}=C:\WINDOWS\system32\ursrq.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf}=C:\Program Files\Live_TV\tbLiv1.dll [2007-06-13 17:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-24 23:40]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-11-07 19:43]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
Contents of the 'Scheduled Tasks' folder
2007-06-23 07:27:41 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-27 03:00:01 C:\WINDOWS\tasks\BB5B2BA79D0CA5CB.job
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\drivers\Icon.exe
C:\WINDOWS\system32\taskmgr.com
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2007-05-27 to 2007-06-27 )))))))))))))))))))))))))))))))
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\REMOTE~1\ModŠles
2007-06-25 20:08 <REP> d-------- C:\DOCUME~1\LOCALS~1\ModŠles
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-21 12:24:43 -------- d-----w C:\Program Files\eMule
2007-06-20 14:02:35 -------- d-----w C:\Program Files\TightVNC
2007-06-20 14:02:35 -------- d-----w C:\Program Files\Adverts
2007-06-19 05:58:19 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Azureus
2007-06-18 15:54:02 91,878 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-18 15:54:02 519,480 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-18 06:29:27 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-17 09:25:32 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-06-12 11:21:33 -------- d-----w C:\Program Files\Opera
2007-06-12 09:37:35 -------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-06-09 12:08:41 -------- d-----w C:\Program Files\Azureus
2007-06-03 15:36:24 -------- d-----w C:\Program Files\MSN Messenger
2007-05-27 14:41:38 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Google
2007-05-27 14:38:24 -------- d-----w C:\Program Files\Google
2007-05-17 19:18:17 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Screenshot Sender
2007-05-17 07:45:48 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Opera
2007-05-14 20:37:18 -------- d-----w C:\Program Files\Fichiers communs\Real
2007-05-14 20:27:37 -------- d-----w C:\Program Files\directx
2007-05-14 20:26:55 -------- d-----w C:\Program Files\Fichiers communs\Logitech
2007-05-14 20:25:55 -------- d-----w C:\Program Files\Labtec
2007-05-13 20:38:56 -------- d-----w C:\Program Files\PhotoFiltre
2007-05-13 10:07:12 -------- d-----w C:\Program Files\Common Files
2007-05-13 10:07:10 -------- d-----w C:\Program Files\Yahoo!
2007-05-12 19:47:50 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Poll Wait Base
2007-05-12 19:46:55 -------- d-----w C:\Program Files\Poll Wait Base
2007-05-11 20:13:45 1,156 ----a-w C:\WINDOWS\mozver.dat
2007-05-10 14:17:11 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\Talkback
2007-05-10 14:16:39 0 ----a-w C:\WINDOWS\nsreg.dat
2007-05-10 12:19:43 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\CyberLink
2007-05-10 11:42:39 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-10 11:41:13 -------- d-----w C:\Program Files\Fichiers communs\GTK
2007-05-10 09:36:22 41 ---h--w C:\WINDOWS\dsez7281.dat
2007-05-10 09:21:35 -------- d-----w C:\Program Files\Seagrand
2007-05-09 23:52:15 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\vlc
2007-05-09 23:42:09 -------- d-----w C:\Program Files\VideoLAN
2007-05-09 23:40:10 -------- d-----w C:\Program Files\K-Lite Codec Pack
2007-05-09 23:36:51 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\LaCie
2007-05-09 23:36:20 -------- d-----w C:\Program Files\LaCie
2007-05-09 23:25:09 -------- d-----w C:\DOCUME~1\Yoan\APPLIC~1\ACD Systems
2007-05-03 09:53:38 -------- d-----w C:\Program Files\MSXML 6.0
2007-05-03 09:05:46 -------- d-----w C:\Program Files\MSBuild
2007-05-03 09:01:09 -------- d-----w C:\Program Files\Reference Assemblies
2007-05-02 18:09:11 -------- d-----w C:\Program Files\uphclean
2007-05-02 18:07:01 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-05-02 17:59:14 -------- d-----w C:\Program Files\Microsoft.NET
2007-05-02 17:57:32 -------- d-----w C:\Program Files\Fichiers communs\ACD Systems
2007-05-02 17:57:30 -------- d-----w C:\Program Files\ACD Systems
2007-05-02 17:56:39 -------- d-----w C:\Program Files\Ahead
2007-05-02 17:56:33 -------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-05-02 17:56:26 -------- d-----w C:\Program Files\CyberLink
2007-05-02 17:55:31 -------- d-----w C:\Program Files\Alwil Software
2007-05-02 15:41:38 -------- d-----w C:\Program Files\Fichiers communs\ODBC
2007-05-02 15:41:36 -------- d-----w C:\Program Files\Fichiers communs\SpeechEngines
2007-05-02 15:41:36 -------- d-----w C:\Program Files\ATI Technologies
2007-05-02 15:36:56 -------- d-----w C:\Program Files\Synaptics
2007-05-02 14:31:41 -------- d-----w C:\Program Files\Intel
2007-05-02 13:54:45 -------- d-----w C:\Program Files\msn gaming zone
2007-05-02 13:54:45 -------- d-----w C:\Program Files\microsoft frontpage
2007-05-02 13:51:28 0 --sha-r C:\MSDOS.SYS
2007-05-02 13:51:28 0 --sha-r C:\IO.SYS
2007-05-02 13:51:28 0 ----a-w C:\CONFIG.SYS
2007-05-02 13:51:28 0 ------w C:\AUTOEXEC.BAT
2007-05-02 13:49:26 -------- d--h--w C:\Program Files\WindowsUpdate
2007-05-02 13:49:20 -------- d-----w C:\Program Files\Services en ligne
2007-05-02 13:48:49 -------- d-----w C:\Program Files\Fichiers communs\MSSoap
2007-05-02 13:48:44 -------- d-----w C:\Program Files\Movie Maker
2007-05-02 13:48:03 21,892 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-05-02 13:47:15 -------- d-----w C:\Program Files\Windows NT
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-13 13:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 11:28]
{44E5BA3F-947E-47AB-B80F-3C172C065986}=C:\WINDOWS\system32\ursrq.dll []
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{b69a9db4-d0a1-4722-b56b-f20757a29cdf}=C:\Program Files\Live_TV\tbLiv1.dll [2007-06-13 17:35]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-24 23:40]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 16:53 C:\WINDOWS\SOUNDMAN.EXE]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-09-26 11:01]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-09-26 11:01]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-12 21:05]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 22:57]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 11:09]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 10:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-11-07 19:43]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
Contents of the 'Scheduled Tasks' folder
2007-06-23 07:27:41 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
2007-06-27 11:00:01 C:\WINDOWS\tasks\BB5B2BA79D0CA5CB.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-27 13:06:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-27 13:07:35 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-27 13:07
--- E O F ---
salut ! jai dejas eu ce probleme et jai régler le problème avec smitfraudfix voici le lien bonne chance , http://siri.urz.free.fr/Fix/SmitfraudFix.php
mipsus
mipsus
bah si il n'arrive pas a détecter un virus dans une archive et qu'ensuite il le laisse passer....non ce n'est pas un bon anti-virus....mais était t'il à jour ton avast ?
Sinon un trés bonne protection naturel contre les virus c'est de prendre l'habitude de travailler sous une session qui a les droits utilisateurs....et pas administrateur
Sinon un trés bonne protection naturel contre les virus c'est de prendre l'habitude de travailler sous une session qui a les droits utilisateurs....et pas administrateur
On peut toujours vérifier ![;)]( ";)")
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
Edition / Sélectionner tout
Edition / Copier
Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
AIDE : Tuto en vidéo sur Hijackthis
je te laisse m'interpréter ca parce que ca me parle pas :
Logfile of HijackThis v1.99.1
Scan saved at 19:22:36, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\DOCUME~1\Yoan\LOCALS~1\Temp\Rar$EX04.523\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Logfile of HijackThis v1.99.1
Scan saved at 19:22:36, on 28/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Fichiers communs\MicroWorld\Agent\MWAgent.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\uphclean\uphclean.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\DOCUME~1\Yoan\LOCALS~1\Temp\Rar$EX04.523\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Live_TV toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLiv1.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Contro...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Fichiers communs\MicroWorld\Agent\MWASER.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Re,
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
CC j'ai le mm prbleme ke youl et vu ke je sui po doué en informatike jaimeré ke lon maide a faire partir ce cheval de troie merci davance je vs envoie le scan de hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 17:54:12, on 03/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ltfhfwdg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\moi\LOCALS~1\Temp\Rar$EX00.031\scanner.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tkhidkvp.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\hggdebx.dll
O2 - BHO: (no name) - {E0586E22-6496-401E-A756-1B460392A495} - C:\WINDOWS\system32\geede.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\moi\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Standard\MediaDetector.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bw+0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
O20 - Winlogon Notify: hggdebx - C:\WINDOWS\SYSTEM32\hggdebx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:54:12, on 03/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ltfhfwdg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe
C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\moi\LOCALS~1\Temp\Rar$EX00.031\scanner.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\tkhidkvp.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\hggdebx.dll
O2 - BHO: (no name) - {E0586E22-6496-401E-A756-1B460392A495} - C:\WINDOWS\system32\geede.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\moi\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 4 Standard\MediaDetector.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O18 - Protocol: bw+0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {949F2031-26F0-4423-A1BE-7B185EE24A03} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: geede - C:\WINDOWS\system32\geede.dll
O20 - Winlogon Notify: hggdebx - C:\WINDOWS\SYSTEM32\hggdebx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Citation :
Re,Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {44E5BA3F-947E-47AB-B80F-3C172C065986} - C:\WINDOWS\system32\ursrq.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Bonjour ! je viens de découvrir ce forum car j'ai depuis qques jours ce même type de virus et avast n'arrive pas à me le supprimer...ni asquared d'ailleurs...j'ai effectué les démarches que tu conseillais et j'espère que tu pourras me dépatouiller!!! je te mets donc ce que hijackthis m'a sorti en espérant que tu pourras m'aider!!!
Logfile of HijackThis v1.99.1
Scan saved at 13:32:42, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\TATOUN~1\LOCALS~1\Temp\Répertoire temporaire 2 pour hijackthis.zip\HijackThis.exe
C:\DOCUME~1\TATOUN~1\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*http://fr.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [don't see] C:\Program Files\Don't see!\don't see.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: E-Compagnon.lnk = C:\Program Files\ColiPoste\e-COMO\e-COMO.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: system32 - {D010B6D3-5B49-46F4-9916-07AB9CBA5BDC} - sysprinters.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Merci d'avance !!!
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumInfecté par cheval de troie
- benchmarkWinrar cheval de troie
- ForumPatch cheval de troie
- ForumAntivirus de cheval de troie
- ForumWow cheval de troie
- ForumCheval de troie trpatchedgq10
- ForumCheval de troie rã current
- ForumCheval de troie quarantaine
- ForumCheval de troie wiki
- ForumCheval de troie recherche
- Voir plus
