Freeboy
-
Compteur de contenus
46 -
Inscription
-
Dernière visite
Tout ce qui a été posté par Freeboy
-
bonjour, j'ai un problème bizarre avec mon antivirus BitDefender Internet Security 2010 soulevé dans le forum Software-Windows Vista (voir ici post sur forum Vista ). Zonk m'a conseiller de faire analyser mon rapport HijackThis sur ce forum. Voici donc mon rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:06, on 13/09/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\MSI\DualCoreCenter\DualCoreCenter.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Registry Mechanic\RegMech.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing) O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] :"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [DelReg] "C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe" O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe" -service O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] :"C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RegistryMechanic] :C:\Program Files (x86)\Registry Mechanic\rmtray.exe /H O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-59353276-3622971310-93761390-500\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Administrateur') O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files (x86)\MSI\DualCoreCenter\StartUpDualCoreCenter.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7FC6E-6B4D-47E0-8EF7-0EFD9F19FBC6}: NameServer = 89.2.0.1,89.2.0.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{C893D1CB-62E3-4B33-A00B-AD2BFC08098A}: NameServer = 192.168.10.7 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files (x86)\Cobian Backup 9\cbService.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate1c98635c418306b) (gupdate1c98635c418306b) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10281 bytes
-
Non, rien de particulier dans l'interface de Bitdefender, il semble fonctionner correctement et la protection en temps réel est activée. Voici le rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:29:06, on 13/09/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\MSI\DualCoreCenter\DualCoreCenter.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Registry Mechanic\RegMech.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O3 - Toolbar: FireShot - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file) O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing) O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] :"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide O4 - HKLM\..\Run: [DelReg] "C:\Program Files (x86)\MSI\DualCoreCenter\DelReg.exe" O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files (x86)\Cobian Backup 9\cbInterface.exe" -service O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iTunesHelper] :"C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunOnce: [uninstall Adobe Download Manager] "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll",Uninstall /Get1noarp O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [RegistryMechanic] :C:\Program Files (x86)\Registry Mechanic\rmtray.exe /H O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-59353276-3622971310-93761390-500\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Administrateur') O4 - Global Startup: DualCoreCenter.lnk = C:\Program Files (x86)\MSI\DualCoreCenter\StartUpDualCoreCenter.exe O4 - Global Startup: Logitech SetPoint.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://asia.msi.com.tw O15 - Trusted Zone: http://global.msi.com.tw O15 - Trusted Zone: http://www.msi.com.tw O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7FC6E-6B4D-47E0-8EF7-0EFD9F19FBC6}: NameServer = 89.2.0.1,89.2.0.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{C893D1CB-62E3-4B33-A00B-AD2BFC08098A}: NameServer = 192.168.10.7 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files (x86)\Cobian Backup 9\cbService.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate1c98635c418306b) (gupdate1c98635c418306b) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10281 bytes
-
J'exécute la commande "perfmon /report". Ça lance le moniteur de fiabilité et de performances qui génère un rapport. Dans la rubrique avertissement de ce rapport, il y a un avertissement : symptômes : le centre de sécurité signale qu'aucun produit antivirus ne protège activement ce système cause : le centre de sécurité a signalé que l'analyse de recherche de virus sur accès est désactivée. l'analyse de recherche de virus sur accès est désactivée ou l'application antivirus n'est pas reconnue. solution : vérifiez qu'un produit antivirus est installé Dans la rubrique vérifications du système de base, le résultat des tests du système de sécurité est Echec parce que la vérification de la présence d'un produit antivirus avec analyse sur accès activée est échec. C'est plus clair là, Zonk ? Je n'ai pas d'autre antivirus d'installé, ticlou. Par contre, j'ai Registry Mechanic.
-
Bonjour, Je suis confronté à un problème bizarre. Lorsque je lance le moniteur de fiabilité et de performances de windows, le rapport qu'il génère affiche une erreur dans la vérification de présence d'un produit antivirus avec analyse sur accès activé. Or j'ai Bitdefender Internet Security 2010 sous license (expirant dans 493 jours) d'installé avec la protection en temps réel d'activée. De plus, le centre de sécurité de windows n'affiche aucun problème. L'ordi tourne normalement et ne semble pas infecté. Quelqu'un aurait-il déjà rencontré ce problème ? Comment peut-on le résoudre ? Je suis sous Windows Vista Professionnel x64 avec SP2 les mises à jour windows sont faites. Merci de votre aide ! François
-
suspicion d'infection par navilog [RESOLU]
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Pour moi tout semble OK ! Je mets donc le sujet en "résolu". Merci pour votre aide -
suspicion d'infection par navilog [RESOLU]
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Bonjour, J'ai suivi la procédure et voici les 2 rapports générés : 1. fixnavi.txt Search Navipromo version 3.6.6 commencé le 18/10/2008 à 11:27:22,15 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "François" Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\François\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\LOGMEI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\François\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\François\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\LOGMEI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy.dat C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy.exe C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy_nav.dat C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy_navps.dat *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\François\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\François\locals~1\applic~1" : * Dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 18/10/2008 à 11:36:09,68 *** 2. cleannavi.txt Clean Navipromo version 3.6.6 commencé le 18/10/2008 à 11:41:19,81 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "François" Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Catchme *** ** 2ème passage avec résultats Catchme ** * Dans "C:\WINDOWS\system32" * C:\WINDOWS\prefetch\cqyiqcy*.pf trouvé ! Copie C:\WINDOWS\prefetch\cqyiqcy*.pf réalisée avec succès ! C:\WINDOWS\prefetch\cqyiqcy*.pf supprimé ! * Dans "C:\Documents and Settings\François\locals~1\applic~1" * cqyiqcy.exe trouvé ! Copie cqyiqcy.exe réalisée avec succès ! cqyiqcy.exe supprimé ! cqyiqcy.dat trouvé ! Copie cqyiqcy.dat réalisée avec succès ! cqyiqcy.dat supprimé ! cqyiqcy_nav.dat trouvé ! Copie cqyiqcy_nav.dat réalisée avec succès ! cqyiqcy_nav.dat supprimé ! cqyiqcy_navps.dat trouvé ! Copie cqyiqcy_navps.dat réalisée avec succès ! cqyiqcy_navps.dat supprimé ! *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\François\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\François\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\LOGMEI~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\François\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\François\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\LOGMEI~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Fran‡ois\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\François\locals~1\applic~1" * * Dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 18/10/2008 à 11:48:29,17 *** Est-ce que c'est bon ? -
suspicion d'infection par navilog [RESOLU]
Freeboy a posté un sujet dans Analyses et éradication malwares
Bonjour, J'ai un ami qui a des fenêtres popup qui s'ouvrent sur son navigateur IE alors que le blocage des popup est activé. J'ai vu sur plusieurs post que ça pouvait être navilog. Donc je lui ai fait générer les rapports navilog1 de IL-MAFIOSO et de random's system information tool (RSIT) que je joins ci-dessous. Je ne sais pas les interpréter; quelqu'un pourrait-il m'aider. Merci d'avance Rapport navilog1 de IL-MAFIOSO : Search Navipromo version 3.6.6 commencé le 17/10/2008 à 22:16:57,56 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "François" Mise à jour le 29.09.2008 à 17h30 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.13 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\François\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\LOGMEI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\François\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\François\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\LOGMEI~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy.dat C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy.exe C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy_nav.dat C:\Documents and Settings\François\Local Settings\Application Data\cqyiqcy_navps.dat *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\François\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\François\locals~1\applic~1" : * Dans "C:\DOCUME~1\LOGMEI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 17/10/2008 à 22:28:14,42 *** Rapports de random's system information tool : 1. Log.txt : Logfile of random's system information tool 1.04 (written by random/random) Run by François at 2008-10-17 22:42:09 Microsoft Windows XP Édition familiale Service Pack 3 System drive C: has 27 GB (71%) free of 38 GB Total RAM: 382 MB (13% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:30, on 17/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\SYSTEM32\GEARSEC.EXE C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\AntivirusFirewall\Common\FSM32.EXE C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe C:\Program Files\SPAMfighter\SFAgent.exe C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LogMeIn\x86\LMIGuardian.exe C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe C:\WINDOWS\system32\LVComsX.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\François\Local Settings\Temporary Internet Files\Content.IE5\2AXMVWA5\RSIT[1].exe C:\Mes téléchargements\François.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60 O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [cqyiqcy] "c:\documents and settings\françois\local settings\application data\cqyiqcy.exe" cqyiqcy O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe -- End of file - 11411 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job C:\WINDOWS\tasks\Scheduled scanning task.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-07-26 2582136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [2008-07-26 654320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2006-10-26 440384] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - Vue HP - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304] - [] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-07-26 2582136] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"=C:\Program Files\AntivirusFirewall\Common\FSM32.EXE [2005-10-26 122929] "F-Secure TNB"=C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe [2005-07-18 700416] "F-Secure Startup Wizard"=C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE [2005-10-18 372736] "News Service"=C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe [2005-05-31 356352] "SPAMfighter Agent"=C:\Program Files\SPAMfighter\SFAgent.exe [2007-05-07 480152] "LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-18 185896] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-10-14 155648] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe [2004-08-23 122880] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-22 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-02-17 233534] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2004-12-03 290816] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE [2004-03-04 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-16 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-11 794624] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2004-07-27 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2005-10-06 278528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2005-10-14 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-04-18 185896] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [2004-11-04 258048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk] C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [1999-02-17 65588] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Antivirus Firewall.lnk - C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-08-03 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit] C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France" "C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\backWeb-1044199.exe"="C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\backWeb-1044199.exe:*:Disabled:backWeb-1044199" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Lecteur Windows Media" "C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe"="C:\Program Files\Wanadoo\WOOBrowser\WOOBrowser.exe:*:Enabled:Navigateur Internet" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\Micro Application\ADSL Radio Enregistreur\ADSLRadio.exe"="C:\Program Files\Micro Application\ADSL Radio Enregistreur\ADSLRadio.exe:*:Enabled:AudioJack2" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule" "C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe"="C:\Program Files\Securitoo\av_fw\backweb\8520111\Program\fspex.exe:*:Enabled:Securitoo Antivirus Firewall" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\3D MP3 Sound Recorder\3DMP3Recorder.exe"="C:\Program Files\3D MP3 Sound Recorder\3DMP3Recorder.exe:*:Enabled:3D MP3 Recorder" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe"="C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe:*:Enabled:Antivirus Firewall" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" ======List of files/folders created in the last 1 months====== 2008-10-17 22:42:09 ----D---- C:\rsit 2008-10-17 22:16:57 ----A---- C:\fixnavi.txt 2008-10-17 22:14:42 ----D---- C:\Program Files\Navilog1 2008-10-16 20:20:31 ----D---- C:\Program Files\Panda Security 2008-10-15 23:04:11 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-15 23:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-15 23:03:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-15 23:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-15 23:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-11 22:21:38 ----DC---- C:\Documents and Settings\All Users\Application Data\LogMeIn 2008-10-11 22:21:20 ----A---- C:\WINDOWS\system32\LMIport.dll 2008-10-11 22:21:19 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll 2008-10-11 22:20:32 ----A---- C:\WINDOWS\system32\LMIinit.dll 2008-10-11 22:19:29 ----D---- C:\Program Files\LogMeIn 2008-10-11 19:55:30 ----D---- C:\Program Files\CCleaner 2008-10-11 15:29:48 ----D---- C:\WINDOWS\system32\fr 2008-10-11 15:29:47 ----D---- C:\WINDOWS\system32\bits 2008-10-11 15:04:33 ----D---- C:\WINDOWS\EHome 2008-10-07 15:21:14 ----D---- C:\WINDOWS\l2schemas 2008-10-07 15:14:12 ----D---- C:\WINDOWS\ServicePackFiles 2008-10-02 19:45:52 ----A---- C:\WINDOWS\system32\lmimirr2.dll 2008-10-02 19:45:50 ----A---- C:\WINDOWS\system32\lmimirr.dll 2008-09-24 21:14:15 ----D---- C:\Program Files\Foxit Software 2008-09-18 21:42:18 ----D---- C:\Documents and Settings\François\Application Data\Samsung 2008-09-18 20:16:17 ----DC---- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-18 20:16:14 ----D---- C:\Program Files\NOS ======List of files/folders modified in the last 1 months====== 2008-10-17 22:42:18 ----D---- C:\Mes téléchargements 2008-10-17 22:42:16 ----D---- C:\WINDOWS\Temp 2008-10-17 22:42:04 ----D---- C:\WINDOWS\Prefetch 2008-10-17 22:28:00 ----D---- C:\WINDOWS\system32 2008-10-17 22:14:42 ----RD---- C:\Program Files 2008-10-17 21:46:37 ----D---- C:\WINDOWS 2008-10-17 21:39:25 ----D---- C:\Documents and Settings\François\Application Data\FileZilla 2008-10-17 21:17:55 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-17 19:19:41 ----D---- C:\WINDOWS\system32\drivers 2008-10-17 18:45:52 ----AC---- C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt 2008-10-17 17:34:57 ----N---- C:\WINDOWS\SchedLgU.Txt 2008-10-17 11:43:15 ----DC---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-10-16 20:20:31 ----HD---- C:\WINDOWS\inf 2008-10-16 20:19:35 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-15 23:32:54 ----D---- C:\WINDOWS\Debug 2008-10-15 23:19:02 ----D---- C:\Program Files\Internet Explorer 2008-10-15 23:05:09 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-10-15 23:04:04 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-15 21:52:50 ----SD---- C:\WINDOWS\Tasks 2008-10-15 12:16:44 ----D---- C:\Documents and Settings\François\Application Data\Skype 2008-10-14 16:09:35 ----D---- C:\WINDOWS\Help 2008-10-12 10:37:18 ----DC---- C:\Documents and Settings 2008-10-11 22:21:46 ----SHD---- C:\WINDOWS\Installer 2008-10-11 22:21:46 ----D---- C:\Config.Msi 2008-10-11 20:35:40 ----D---- C:\WINDOWS\pss 2008-10-11 20:28:41 ----D---- C:\WINDOWS\Minidump 2008-10-11 19:36:16 ----D---- C:\Temp 2008-10-11 16:28:55 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-11 15:49:19 ----D---- C:\WINDOWS\system32\Setup 2008-10-11 15:49:19 ----D---- C:\WINDOWS\AppPatch 2008-10-11 15:49:18 ----D---- C:\WINDOWS\system32\wbem 2008-10-11 15:49:16 ----RSD---- C:\WINDOWS\Fonts 2008-10-11 15:39:00 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-11 15:36:46 ----D---- C:\Program Files\Messenger 2008-10-11 15:35:34 ----D---- C:\WINDOWS\security 2008-10-11 15:30:45 ----D---- C:\WINDOWS\WinSxS 2008-10-11 15:30:27 ----D---- C:\WINDOWS\network diagnostic 2008-10-11 15:30:26 ----D---- C:\WINDOWS\ime 2008-10-11 15:29:51 ----D---- C:\WINDOWS\system32\usmt 2008-10-11 15:29:47 ----D---- C:\WINDOWS\PeerNet 2008-10-11 15:29:46 ----D---- C:\Program Files\Movie Maker 2008-10-11 15:21:34 ----D---- C:\WINDOWS\system32\Restore 2008-10-11 15:21:34 ----D---- C:\WINDOWS\system32\npp 2008-10-11 15:21:31 ----D---- C:\WINDOWS\msagent 2008-10-11 15:21:28 ----D---- C:\WINDOWS\srchasst 2008-10-11 15:21:26 ----D---- C:\Program Files\NetMeeting 2008-10-11 15:21:23 ----D---- C:\WINDOWS\system32\Com 2008-10-11 15:21:19 ----D---- C:\Program Files\Windows Media Player 2008-10-11 15:21:18 ----D---- C:\Program Files\Windows NT 2008-10-11 15:21:18 ----D---- C:\Program Files\Outlook Express 2008-10-11 15:21:12 ----D---- C:\Program Files\Fichiers communs\System 2008-10-11 15:20:48 ----D---- C:\WINDOWS\system32\oobe 2008-10-11 15:20:43 ----D---- C:\WINDOWS\system 2008-10-11 15:13:16 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-08 01:00:20 ----D---- C:\WINDOWS\system32\config 2008-10-08 00:59:37 ----D---- C:\WINDOWS\Registration 2008-10-07 21:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-07 15:21:18 ----D---- C:\WINDOWS\system32\fr-fr 2008-10-03 19:12:27 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-09-24 20:05:37 ----D---- C:\WINDOWS\system32\FxsTmp 2008-09-20 21:51:56 ----AC---- C:\WINDOWS\cdplayer.ini 2008-09-19 21:22:17 ----D---- C:\Documents and Settings\François\Application Data\dvdcss 2008-09-19 13:37:25 ----HD---- C:\Program Files\InstallShield Installation Information 2008-09-18 20:26:21 ----D---- C:\Program Files\Adobe 2008-09-18 20:23:33 ----DC---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-09-18 20:23:27 ----D---- C:\Program Files\Fichiers communs\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 43520] R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys [] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-09-18 5632] R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832] R2 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSfilter.sys [] R2 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSgk.sys [] R2 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\AntivirusFirewall\Anti-Virus\Win2K\FSrec.sys [] R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [] R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-03-22 13059] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-03 1273344] R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-07-21 376320] R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-03-15 37760] R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-03-15 346496] R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-02-02 14408] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-03-22 1038208] R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192] R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-03-22 703232] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys [] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2004-10-11 22016] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 PID_0928;Labtec WebCam(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2004-10-11 211712] S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640] S3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] S3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-06-28 69760] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 SMCIRDA;Pilote de périphérique SMC IrCC Miniport; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-23 36937] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-04-04 160768] S3 USB_RNDIS;Point d'acces Inventel; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-03 380928] R2 BackWeb Plug-in - 6588780;Antivirus Firewall; C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE [2006-12-26 32807] R2 fsbwsys;fsbwsys; C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe [2006-12-26 278581] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe [2005-07-13 36947] R2 FSMA;F-Secure Management Agent; C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE [2005-10-26 61490] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 GEARSecurity;GEARSecurity; C:\WINDOWS\SYSTEM32\GEARSEC.EXE [2005-10-28 53248] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-26 137200] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2005-02-22 38912] R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-02 116032] R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe [2005-11-18 204863] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-03-04 98304] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-06 323584] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WmcCds;Windows Media Connect (WMC); c:\program files\windows media connect\mswmccds.exe [2004-08-11 483328] S3 WmcCdsLs;Aide de Windows Media Connect (WMC); C:\Program Files\Windows Media Connect\mswmcls.exe [2004-08-10 28160] -----------------EOF----------------- 2. Info.txt : info.txt logfile of random's system information tool 1.04 2008-10-17 22:42:38 ======Uninstall list====== -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"News Service" -->"C:\ViaVoice\Bin\vunGR.exe" ProdRunControl Dc Gr_GR 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUn0407.exe -fC:\ViaVoice\RtCmnd_GR.isu -->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83021AC3-086F-4B77-ACCD-1BD7C9AB211E}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9 -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D MP3 Sound Recorder 3.5-->"C:\Program Files\3D MP3 Sound Recorder\unins000.exe" Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe AntiVirus Firewall-->C:\PROGRA~1\ANTIVI~1\Common\fsbwih.exe /uninstall Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Conexant AC-Link Audio-->CIAunwdm.exe Connexion Facile à Internet-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036 Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Data Access Objects (DAO) 3.5-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Microsoft Shared\DAO\Uninst.isu" Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf DeepBurner v1.9.0.228-->"C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log" -u DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EPSON CardMonitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\SETUP.EXE" -l0x40c uninst EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\Setup.exe" -l0x40c -UnInstall EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON PhotoQuicker3.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65F5B7AF-3363-11D7-BB6B-00018021113F}\SETUP.EXE" -l0x40c uninst EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\SETUP.EXE" -l0x40c uninst EPSON PRINT Image Framer Tool2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23B59ED4-C360-11D7-875B-0090CC005647}\SETUP.EXE" -l0x40c anything EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything ESCX3600 Guide de réf.-->C:\Program Files\EPSON\TPMANUAL\ESCX3600\REF_G\DOCUNINS.EXE ESCX3600 Guide des logiciels-->C:\Program Files\EPSON\TPMANUAL\ESCX3600\PQU_G\DOCUNINS.EXE Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} FileZilla Client 3.1.1.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe FreeTV-->MsiExec.exe /I{496BC421-3275-4BB9-AD19-81C7E32C38ED} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" HijackThis 2.0.2-->"C:\Mes téléchargements\HijackThis.exe" /uninstall HP Help and Support-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x40c -removeonly HP Image Zone 4.8.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone Plus 4.8.5-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat HP Pavillion zv6000 User Guides-->C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Wireless Assistant 1.01 A3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x40c hpquninst HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9} IBM ViaVoice Command and Control Runtime 7.0 - Deutsch-->"C:\ViaVoice\Bin\vunGR.exe" ProdRunControl Dc Gr_GR 'IBM ViaVoice™ Command and Control Runtime' C:\WINDOWS\IsUn0407.exe -fC:\ViaVoice\RtCmnd_GR.isu InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Logiciel WebCam de Labtec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c LogMeIn-->MsiExec.exe /I{6BF2CCD4-33D1-499D-9055-49E023B5468D} Micro Application - ADSL Radio Enregistreur-->MsiExec.exe /I{8D6306BE-BF85-45E0-A629-411FA83F8A83} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7} Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04} Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} Navilog1 3.6.6-->"C:\Program Files\Navilog1\unins000.exe" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Outil de connexion Wanadoo-->C:\PROGRA~1\Wanadoo\MessageDesinstallation.exe Wanadoo Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PIF DESIGNER2.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}\SETUP.EXE" -l0x40c anything Programme de gestion Camera de Labtec®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Quick Launch Buttons 5.10 B3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x40c -uninst QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1036 RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\SETUP.EXE" ADDREMOVEDLG Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe" Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1} /l1036 UserGuides-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-4C3F-B831-83AA942B7715}\setup.exe" -l0x40c VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} VideoLAN VLC media player 0.8.6e-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Connect-->msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} Windows Media Connect-->MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Mail Outil de sélection express (PhotoMail)-->C:\PROGRA~1\Yahoo!\Common\unymb.exe Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Security center information====== AV: AntiVirus Firewall 6.15 FW: AntiVirus Firewall 6.15 ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD "PROCESSOR_REVISION"=1f00 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\ "CLASSPATH"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip -----------------EOF----------------- -
infection winspyware protect [RESOLU]
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Le problème semble résolu car il n'y a plus de message qui apparaît et le dernier scan par antivir ne détecte plus rien. Merci du coup de main -
infection winspyware protect [RESOLU]
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Merci pour ton aide. J'ai suivi tes instructions et MBAM a trouvé et supprimé 22 fichiers infectés. Je t'envoie les rapports ci-dessous rapport MBAM Malwarebytes' Anti-Malware 1.23 Version de la base de données: 985 Windows 6.0.6001 Service Pack 1 07:15:05 24/07/2008 mbam-log-7-24-2008 (07-15-05).txt Type de recherche: Examen rapide Eléments examinés: 35393 Temps écoulé: 2 minute(s), 5 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 6 Fichier(s) infecté(s): 22 Processus mémoire infecté(s): C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\SecuriSoft SARL (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\s9201 (Rogue.Installer) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\ProgramData\SecuriSoft SARL (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\BASE (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\DELETED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\SAVED (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723195922965.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723081153820.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723082959963.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723083647061.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723084527357.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723091805586.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723111958167.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723115636447.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723133252696.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723145415137.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723161801928.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723165205334.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723174301206.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723174929311.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723185649251.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723194005442.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723200957868.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723220539390.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723222316349.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080723230610747.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\LOG\20080724070909038.log (Rogue.WinSpywareProtect) -> Quarantined and deleted successfully. rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:17:10, on 24/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Windows\ehome\ehmsas.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\dominique\Desktop\outils réparation\HijackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9153 bytes -
infection winspyware protect [RESOLU]
Freeboy a posté un sujet dans Analyses et éradication malwares
bonsoir, l'ordinateur de mon frère qui tourne sous vista semble infecté par "winspayware protect". Il y des messages qui apparaissent tout le temps qui signalent que des spywares ont été détecté et qu'il faut installer "winspayware protect". J'ai désinstallé mcafee qui n'était plus à jour et dont la version d'évaluation avait expirée et j'ai installé antivir en version gratuite. J'ai suivi la procédure pré-nettoyage d'un PC infecté et antivir m'a détecté 2 chevaux de troie qu'il n'a pas pu nettoyer : TR/Vundo.gen et TR/CryptXPACK.gen. J'ai généré un rapport Hijackthis que j'ai analysé à l'aide ZHP 2.24 et j'ai réparé une ligne qui indiquait une infection combo. Je ne sais plus quoi faire parce que les messages sont toujours là. J'ai besoin d'aide. Je joins à ce post le dernier rapport hijackthis et le rapport généré par conbofix. Merci de bien vouloir me donner un coup de main. rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:20:38, on 23/07/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\mobsync.exe C:\Users\dominique\Desktop\outils réparation\HijackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [s9201] "C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Startup: TRDCReminder.lnk = C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll O9 - Extra button: eBay - Achetez, Vendez - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O13 - Gopher Prefix: O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - c:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 9350 bytes rapport conbofix ComboFix 08-07-22.4 - dominique 2008-07-23 23:08:26.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.986 [GMT 2:00] Endroit: C:\Users\dominique\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))))))) . 2008-07-23 22:59 . 2008-07-23 23:07 <REP> d-------- C:\327882R2FWJFW 2008-07-23 22:28 . 2008-07-23 22:28 <REP> d-------- C:\Program Files\CCleaner 2008-07-23 22:13 . 2008-07-23 22:13 <REP> d-------- C:\Program Files\ZebHelpProcess 2 2008-07-23 21:50 . 1999-01-20 05:01 210,032 --a------ C:\Windows\System32\DBCLIENT.DLL 2008-07-23 21:50 . 1999-11-12 05:11 183,808 --a------ C:\Windows\System32\BDEADMIN.CPL 2008-07-23 21:50 . 2008-07-23 22:35 13,030 --a------ C:\PDOXUSRS.NET 2008-07-23 21:17 . 2008-07-23 21:17 <REP> d-------- C:\VundoFix Backups 2008-07-23 19:45 . 2008-07-23 19:45 <REP> d-------- C:\Program Files\Common Files\Borland Shared 2008-07-23 16:34 . 2008-07-23 16:34 <REP> d-------- C:\Program Files\Sunbelt Software 2008-07-23 16:12 . 2008-07-23 22:26 <REP> d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-07-23 16:12 . 2008-07-23 22:27 <REP> d-------- C:\Program Files\Spybot - Search & Destroy 2008-07-23 16:12 . 2008-07-23 22:26 <REP> d-------- C:\PROGRA~2\Spybot - Search & Destroy 2008-07-23 15:36 . 2008-07-23 15:36 <REP> d-------- C:\Users\All Users\Avira 2008-07-23 15:36 . 2008-07-23 15:36 <REP> d-------- C:\Program Files\Avira 2008-07-23 15:36 . 2008-07-23 15:36 <REP> d-------- C:\PROGRA~2\Avira 2008-07-23 10:17 . 2008-07-23 10:17 <REP> d-------- C:\Program Files\RealVNC 2008-07-23 08:09 . 2008-07-23 08:09 <REP> d-------- C:\Users\All Users\SecuriSoft SARL 2008-07-23 08:09 . 2008-07-23 08:09 <REP> d-------- C:\PROGRA~2\SecuriSoft SARL 2008-07-18 11:37 . 2008-06-26 03:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll 2008-07-18 11:37 . 2008-06-26 03:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll 2008-07-18 11:36 . 2008-06-26 05:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll 2008-07-01 01:19 . 2008-07-01 01:19 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-24 03:51 --------- d-----w C:\PROGRA~2\HP Product Assistant 2008-07-23 21:10 --------- d-----w C:\Users\dominique\AppData\Roaming\Skype 2008-07-23 21:06 --------- d-----w C:\Users\dominique\AppData\Roaming\OpenOffice.org2 2008-07-23 16:57 --------- d-----w C:\Users\dominique\AppData\Roaming\skypePM 2008-07-23 15:49 --------- d-----w C:\Program Files\McAfee 2008-07-23 15:49 --------- d-----w C:\PROGRA~2\McAfee 2008-07-23 07:29 --------- d-----w C:\Program Files\Java 2008-07-09 11:08 --------- d-----w C:\Program Files\Windows Mail 2008-07-07 23:46 --------- d-----w C:\Program Files\Windows Live 2008-07-07 23:38 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-07 23:38 --------- d-----w C:\Program Files\Common Files\Skype 2008-06-30 23:18 --------- d-----w C:\PROGRA~2\WLInstaller 2008-06-21 23:27 --------- d-----w C:\PROGRA~2\HPSSUPPLY 2008-06-21 23:22 --------- d-----w C:\Users\dominique\AppData\Roaming\myphotobook 2008-06-21 20:17 --------- d-----w C:\Users\dominique\AppData\Roaming\HP 2008-06-21 20:13 --------- d-----w C:\PROGRA~2\WEBREG 2008-06-21 20:10 --------- d-----w C:\PROGRA~2\HP 2008-06-21 20:04 --------- d-----w C:\Program Files\HP 2008-06-21 20:03 --------- d-----w C:\Program Files\Hewlett-Packard 2008-06-21 20:03 --------- d-----w C:\Program Files\Common Files\HP 2008-06-21 20:03 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard 2008-06-21 19:58 --------- d-----w C:\PROGRA~2\Hewlett-Packard 2008-06-12 16:40 --------- d-----w C:\Users\dominique\AppData\Roaming\Template 2008-06-12 16:35 --------- d-----w C:\Program Files\Microsoft Works 2008-06-12 16:35 --------- d-----w C:\PROGRA~2\Microsoft Help 2008-06-12 16:28 --------- d-----w C:\Program Files\OpenOffice.org 2.4 2008-06-12 16:25 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-06-12 15:46 --------- d-----w C:\Program Files\Common Files\Adobe 2008-05-25 13:35 56 ---ha-w C:\Users\All Users\ezsidmv.dat 2008-05-25 13:35 56 ---ha-w C:\PROGRA~2\ezsidmv.dat 2008-05-25 13:30 --------- d-----w C:\Program Files\Skype 2008-05-25 13:30 --------- d-----w C:\PROGRA~2\Skype 2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll 2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll 2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll 2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll 2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll 2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe 2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe 2008-05-06 17:54 0 ----a-w C:\Users\dominique\AppData\Roaming\wklnhst.dat 2008-04-26 08:25 3,600,952 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll 2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll 2008-04-23 04:42 428,544 ----a-w C:\Windows\System32\EncDec.dll 2008-04-23 04:42 293,376 ----a-w C:\Windows\System32\psisdecd.dll 2008-01-21 02:43 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-21 04:23 1233920] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-29 17:00 430080] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-21 04:25 125952] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 04:25 202240] "s9201"="C:\ProgramData\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" [2008-07-23 08:10 1253888] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-05 12:24 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-05 12:24 154136] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-05 12:24 129560] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 19:12 1029416] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 10:24 581632] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 03:44 366400] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-25 13:04 1836544] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 11:51 1507328] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 17:41 413696] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 12:05 571024] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "hpqSRMon"="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 16:31 80896] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 19:51 4911104 C:\Windows\RtHDVCpl.exe] C:\Users\dominique\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-07-27 11:30:22 389120] C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 20:38:52 214360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4FF5C61D-D5BA-44BE-B0DF-10DA85B50624}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A389BAB2-85AD-4720-B48D-83B0B7D9BFD6}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{FC326BB7-33B5-4C84-9CF6-6C3931DA7EFD}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{C2037887-61B3-485A-97D9-0AB49BB0DC56}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe "{E0155762-10C3-4E52-9229-8DCD130D0E80}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{46D0C707-4085-4BAA-87E3-F1E9230C7561}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe "{1281E6D8-D04D-41F4-B77D-E2948AD99939}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{9B4BB7F9-AAEB-4E69-A9ED-C773739E66D6}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe "{343D100B-9BDF-434D-8A35-7794670DCD35}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{064EB433-E008-4D3B-B726-4B3FFDF2D9D0}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:hposfx08.exe "{BFC17D5C-C91E-4F43-BFAA-8180E497F56D}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{1A88ED0F-B357-459B-AC4A-84BA16C3A0DB}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe "{15849DB1-47B8-40BB-BC74-CAA0BF049BCD}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{E3A60911-BA8B-4C90-B383-CBF3E2DEFD47}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe "{CD46AB96-1D19-4D8F-ADA2-ECF4AE284F96}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{451247ED-BB2E-4521-8BD9-449656CE12EE}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe "{1148C1A1-3261-4995-A398-28BF3B0AE0FB}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{3E426E1A-EA25-4D25-8705-4D79788D6D81}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe "{355B613D-EC7B-4D50-966D-FCDBF4125EED}"= Disabled:UDP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe "{63FDD8A6-FE29-423E-BA62-76AD6A841C2A}"= Disabled:TCP:C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 14:07] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 17:03] R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys [2006-11-20 15:11] R3 RTL8187B;Adaptateur réseau USB 2.0 54Mbps, 802.11b/g sans fil Realtek RTL8187B;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-12-26 11:20] S4 ErrDev;Microsoft Hardware Error Device Driver;C:\Windows\system32\drivers\errdev.sys [2008-01-21 04:23] S4 MegaSR;MegaSR;C:\Windows\system32\drivers\megasr.sys [2008-01-21 04:23] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc *Newly Created Service* - PROCEXP90 . . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/ O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 -: {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/709-44555-9400-3/4 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-23 23:10:37 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i????????)?a??X??????????????? Balayage des fichiers cachés ... C:\Users\DOMINI~1\AppData\Local\Temp\~DFF84B.tmp 32768 bytes C:\Users\DOMINI~1\AppData\Local\Temp\~DFF867.tmp 512 bytes Scan terminé avec succès Les fichiers cachés: 2 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\IDM\Desktop SMS\oehook.dll . Temps d'accomplissement: 2008-07-23 23:11:44 ComboFix-quarantined-files.txt 2008-07-23 21:11:37 ComboFix2.txt 2008-07-23 21:02:26 Pre-Run: 34,928,066,560 octets libres Post-Run: 34,794,708,992 octets libres 185 --- E O F --- 2008-07-18 15:00:21 -
j'ai attendu 5 minutes et il a démarré. mais ça m'étonne un epu quand même car avant il démarrait beaucoup plus vite. en plus, mon ordinateur n'est pas si vieux que ça enfin bon, ça marche et c'est l'essentiel. je considère que mon problème est règlé et je clos ce post
-
Bonjour, je n'arrive plus à démarrer mon ordinateur en mode sans échec. Il démarre bien en mode normal mais je voudrais le redémarrer en mode sans échec pour faire quelques opérations de maintenance et il mouline et reste sur un écran noir lorsque j'essaie de le démarrer en mode sans échec. j'ai Windows XP Pro sur un Pentium Pro. Si quelqu'un pouvait venir à mon aide. merci d'avance
-
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
salut Tornado, Avant la sortie du service pack 2 de Windows (avec Firewall), j'utilisais Norton. Pourquoi ? Le crash pourrait venir de là ? -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Merci pour cette info, Ingals. J'ai eu un autre problème. Mon ordinateur a fait un vidage de mémoire alors que j'effectuai la création d'une règle d'accès à Internet pour la mise à jour d'Avast. Les informations affichées sur l'écran bleu était : DRIVER_IRQL_NOT_LESS_OR_EQUAL *** STOP: 0x000000D1 (0x00000025, 0x00000002, 0x00000000, 0xB8D9D703) *** fwdrv.sys - Adress B8B9B703 base at B8D74000, Datestamp 43a1f89d Après le reboot, La fenêtre de demande d'autorisation d'accès à Internet pour la mise à jour d'Avast est réapparue et j'ai créé la règle d'accès. Depuis, ça tourne bien. C grave, docteur ? -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Salut Tornado, J'ai terminé de sécuriser mon système, notamment le paramétrage de Firefox et j'ai fait le test de sécurité des ports qui est concluant (rien d'étonnant à ça puisque j'ai un routeur derrière ma Freebox qui fait barrage). Pour ce qui est de la vitesse, je trouve que ça tourne bien. Donc pas besoin d'optimisation pour l'instant. Par contre, j'ai un truc bizarre. J'ai fait un scan de mes disques avec Avast et il m'a trouvé le virus "Win32:CTX" dans le fichier "C:\WINDOW\system32\ActivScan\pskavs.dll". ActiveScan, c'est pas un répertoire lié à Panda ça ? -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
salut Tornado, j'ai terminé le nettoyage du système, j'ai effacé les points de restauration et j'ai installé Kerio. A ce sujet, j'ai un problème : dans le tuto, on parle d'un onglet "Sécurité du Système" qui n'apparait pas dans la version que j'ai installé (je précise que je l'ai installé en utilisant de lien qui figurait dans ton poste). Quid? Freeboy -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Salut Tornado, Voilà c'est fait ! Il reste un spyware. Je fais quoi ? Ci-joint le rapport de Panda : Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@xiti[1].txt -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
salut Tornado, Si tu me dis que C mieux de faire un scan en ligne avec Panda, je le fais ... C toi le chef Et ... ça valait la peine puisqu'il a trouvé un virus qu'il dit avoir éradicqué ! Qu'en pense tu ? ci-joint le rapport de Panda Incident Statut Analyse Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@247realmedia[1].txt Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@2o7[2].txt Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@adtech[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@bluestreak[1].txt Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@serving-sys[1].txt Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@tradedoubler[2].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@weborama[1].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@xiti[1].txt Spyware:Cookie/Zedo No Désinfecté C:\Documents and Settings\Francois SINGER\Cookies\francois singer@zedo[1].txt Adware:Adware/ISearch No Désinfecté C:\Downloads\AccessManager-Installation\AccessManager- Installation.exe Adware:Adware/ISearch No Désinfecté C:\Downloads\AccessManager-Installation.zip[AccessManager- Installation.exe] Outil indésirable:Application/ToolWget No Désinfecté C:\Program Files\FreeBrowser\uninstall.exe[wget.exe] Virus:Trj/LootSeek.AX Désinfecté C:\WINDOWS\system32\mscfg.dll -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
salut Tornado, Merci encore pour ton aide ! Si tu me dis que mon rapport HijackThis est propre et que c'est bien qu'Ewido n'ai rien trouvé, je suis suffisament satisfait. Je ne vais donc pas faire de scan en ligne comme tu me le proposais, d'autant plus que j'ai encore confiance dans mon antivirus [Avast] malgré cet incident avec Win32:Horst-C qu'il détectait mais n'arrivait pas à éradicquer ! Merci encore -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a répondu à un(e) sujet de Freeboy dans Analyses et éradication malwares
Merçi de t'occuper de mon cas, Tornado, C sympa. J'ai effectué la procédure que tu m'a conseillé et je te livre ci-joint les rapports demandés ... --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 14:50:45, 25/04/2006 + Somme de contrôle: C65EC72E + Résultats du scan: Pas de fichiers infectés trouvés! ::Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 14:56:36, on 25/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\giga pocket\GPVSvr.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adsl.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [AWMON] "C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing) O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117450981687 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://activation.metaboli.com/components/Metaboli.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DC88AC47-490D-48B3-8C0E-0ABAACAC94BD}: NameServer = 212.27.32.176,212.27.32.177 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing) En attendant tes conseils avisés, je te souhaite une bonne lecture -
[Résolu] PC infecté par Win32:Horst-C
Freeboy a posté un sujet dans Analyses et éradication malwares
Mon PC est infecté par le virus Win32:Horst-C J'ai effectué la procédure de pré-nettoyage avec ANTIVIR et je transmets ci-joint la copie du rapport de HijackThis. Si quelqu'un pouvait m'aider ... please. Logfile of HijackThis v1.99.1 Scan saved at 12:35:31, on 22/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\ezSP_Px.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sony\giga pocket\GPVSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Francois SINGER\Bureau\HijackThis\HijackThis.exe C:\WINDOWS\system32\wscntfy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://adsl.free.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.free.fr:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Microsoft Configuration - {40205287-E793-41AC-B95C-D8D064BA33CA} - C:\WINDOWS\system32\mscfg.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [iSP] C:\Program Files\Sony\ISPselector\ISPselector.exe /SCHEDULER O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" O4 - HKLM\..\Run: [AWMON] "C:\Program Files\F-Secure Internet Security\Anti-Spyware\Ad-Monitor.exe" O4 - HKLM\..\Run: [OWCWebCamDV] C:\WINDOWS\system\wcdvtray.exe O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Tout télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) O9 - Extra 'Tools' menuitem: Allocam Multi Vision - {2D6B57BF-71FA-41A3-BDC5-3B5A25813D2E} - C:\PROGRA~1\ALLOCA~1\allocam.exe (file missing) O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Capturer ! - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing) O9 - Extra 'Tools' menuitem: Capturer ce web - {47055D63-DFCD-11d3-8406-00500445A7D0} - C:\Program Files\Goto\MemoWeb 4\IEBtn\Launcher (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1117450981687 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://activation.metaboli.com/components/Metaboli.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{DC88AC47-490D-48B3-8C0E-0ABAACAC94BD}: NameServer = 212.27.32.176,212.27.32.177 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (Application) (file missing) O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe