Aller au contenu

willow31

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    25

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par willow31

  1. willow31
    oui, en français pour toutes les versions XP, Vista et 7 en 32 ou 64. Le tout c'est de savoir si c'est efficace comme solution antivirus gratuite.
  2. willow31
    Voici ke rapport HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:31:02, on 01/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {A7CE4E2D-1058-4259-BED3-42315EF0A73E} - C:\WINDOWS\system32\bootvi.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214651175031 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8642 bytes
  3. willow31
    Le programme Boonty n'est plus dans la liste ajout suppression des programmes, je pense l'avoir désinstallé depuis un moment. J'ai fais le reste, stop, delete et effacement du dossier boonty des dossiers partagés.
  4. willow31
    Le voici : *********** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:08, on 01/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {A7CE4E2D-1058-4259-BED3-42315EF0A73E} - C:\WINDOWS\system32\bootvi.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214651175031 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8739 bytes
  5. willow31
    Procédure complète appliquée, voici le rapport : Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1813 Windows 5.1.2600 Service Pack 3 01/03/2009 16:59:22 mbam-log-2009-03-01 (16-59-22).txt Type de recherche: Examen rapide Eléments examinés: 67491 Temps écoulé: 5 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 4 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7ce4e2d-1058-4259-bed3-42315ef0a73e} (Trojan.BHO.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{a7ce4e2d-1058-4259-bed3-42315ef0a73e} (Trojan.BHO.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7ce4e2d-1058-4259-bed3-42315ef0a73e} (Trojan.Agent) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\bootvi.dll (Trojan.BHO.H) -> Delete on reboot. C:\Documents and Settings\cannelle\Local Settings\Temp\kimgckps.dat (Rootkit.Agent) -> Delete on reboot.
  6. willow31
    Bonjour Falkra Le rapport envoyé est celui que j'ai eu après mise à jour et tentative de suppression. Le programme me signale qu'il doit redémarrer le pc pour terminer la suppression mais au redémarrage, les fichiers et clés de registre infectés sont toujours là. (la restauration système n'est pas désactivée ). Merci d'avance pour ton coup de main.
  7. willow31
    Il semble que mon pc est infecté et je n'arrive pas à m'en débarrasser. un coup de main please ! Rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:46:36, on 01/03/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {A7CE4E2D-1058-4259-BED3-42315EF0A73E} - C:\WINDOWS\system32\bootvi.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ACU] "C:\Program Files\OLITEC\ACU.exe" -nogui O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1214651175031 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: Service de configuration OLITEC (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 8782 bytes ****************** Rapport Malwarebytes : ******************** Malwarebytes' Anti-Malware 1.34 Version de la base de données: 1813 Windows 5.1.2600 Service Pack 3 01/03/2009 14:30:44 mbam-log-2009-03-01 (14-30-14).txt Type de recherche: Examen rapide Eléments examinés: 83610 Temps écoulé: 25 minute(s), 42 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 10 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 5 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a7ce4e2d-1058-4259-bed3-42315ef0a73e} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{a7ce4e2d-1058-4259-bed3-42315ef0a73e} (Trojan.BHO.H) -> No action taken. HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7ce4e2d-1058-4259-bed3-42315ef0a73e} (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03fe5da3-6282-589e-eb1a-dba5ed3b1e50} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{03fe5da3-6282-589e-eb1a-dba5ed3b1e50} (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500eb1f8-d824-670b-b695-88845ff865b4} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{500eb1f8-d824-670b-b695-88845ff865b4} (Adware.BHO) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f0f72efd-4ad3-1a56-b831-16abb6106d31} (Adware.BHO) -> No action taken. HKEY_CLASSES_ROOT\CLSID\{f0f72efd-4ad3-1a56-b831-16abb6106d31} (Adware.BHO) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nntsqcqpfs (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\bootvi.dll (Trojan.BHO.H) -> No action taken. C:\Documents and Settings\cannelle\Local Settings\Temp\kimgckps.dat (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\hhzthcvvucry.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\nsc13.dll (Adware.BHO) -> No action taken. C:\WINDOWS\system32\tatljwaqmz.dll (Adware.BHO) -> No action taken.
  8. willow31
    Bonjour bibi26 Merci pour ta réponse et pour ton aide. Merci aussi à Zonk. Le problème semble réglé puisque plus d'alerte et les pop up se sont arrêtés aussi. Le Pc a récupéré une vitesse de fonctionnement normal et ne rame plus. Merci encore une fois.
  9. willow31
    slt voici le rapport de clean aujourd'hui je n'ai pas remarqué de fenetre d'alerte. j'espère que c'est bon C:\WINDOWS\System32\wpa.dbl -->04/04/2008 21:43:50 C:\WINDOWS\System32\CONFIG.NT -->03/04/2008 14:05:05 C:\WINDOWS\System32\PerfStringBackup.INI -->01/04/2008 16:05:17 C:\WINDOWS\System32\perfh00C.dat -->01/04/2008 16:05:17 C:\WINDOWS\System32\perfh009.dat -->01/04/2008 16:05:17 C:\WINDOWS\System32\perfc00C.dat -->01/04/2008 16:05:17 C:\WINDOWS\System32\perfc009.dat -->01/04/2008 16:05:17 C:\WINDOWS\System32\tmp.txt -->30/12/2007 21:29:43 C:\WINDOWS\System32\tmp.reg -->30/12/2007 21:29:43 C:\WINDOWS\System32\TZLog.log -->12/12/2007 23:06:24 C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 15:04:28 C:\WINDOWS\System32\MRT.exe -->03/12/2007 01:00:05 C:\WINDOWS\System32\Prison Break.scr -->23/11/2007 09:01:15 C:\WINDOWS\System32\tzchange.exe -->13/11/2007 13:31:11 C:\WINDOWS\System32\mshtml.dll -->31/10/2007 01:23:48 C:\WINDOWS\System32\quartz.dll -->30/10/2007 00:43:32 C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 17:07:16 C:\WINDOWS\System32\shell32.dll -->25/10/2007 18:43:25 C:\WINDOWS\System32\wmasf.dll -->25/10/2007 10:28:30 C:\WINDOWS\System32\sirenacm.dll -->18/10/2007 12:31:46 C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->18/10/2007 07:29:28 C:\WINDOWS\System32\wininet.dll -->11/10/2007 01:49:45 C:\WINDOWS\System32\webcheck.dll -->11/10/2007 01:49:45 C:\WINDOWS\System32\urlmon.dll -->11/10/2007 01:49:45 C:\WINDOWS\System32\url.dll -->11/10/2007 01:49:45 C:\WINDOWS\WindowsUpdate.log -->05/04/2008 17:54:00 C:\WINDOWS.log -->04/04/2008 21:43:36 C:\WINDOWS\wiadebug.log -->04/04/2008 21:43:33 C:\WINDOWS\wiaservc.log -->04/04/2008 21:43:30 C:\WINDOWS\bootstat.dat -->04/04/2008 21:43:13 C:\WINDOWS\ntbtlog.txt -->04/04/2008 21:41:06 C:\WINDOWS\SchedLgU.Txt -->04/04/2008 21:36:18 C:\WINDOWS\setuperr.log -->03/04/2008 19:16:57 C:\WINDOWS\setupact.log -->03/04/2008 19:16:57 C:\WINDOWS\NeroDigital.ini -->01/01/2008 03:54:08 C:\WINDOWS\wmsetup.log -->29/12/2007 15:50:42 C:\WINDOWS\setupapi.log -->26/12/2007 13:23:10 C:\WINDOWS\mozver.dat -->17/12/2007 22:23:32 C:\WINDOWS\win.ini -->17/12/2007 19:58:15 C:\WINDOWS\msnfix.txt -->22/11/2007 22:18:38
  10. willow31
    bsr le programme clean ne génère aucun rapport !! le fichier loadup qu'il enregistre dans le dossier clean est vide ! Peut être que je l'utilise mal ? En tout cas, pas de resultat . et le fichier qu'il propose d'enregistrer à la fin reste vide
  11. willow31
    bsr voila c'est fait donc je poste les deux rapports. Clean Navipromo version 3.3.8 commencé le 04/04/2008 à 21:40:00,45 Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Systéme de fichiers : NTFS Mode suppression automatique Executé en mode sans échec *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\WINDOWS\system32\rwynzhufj.dat réalisée avec succés ! Copie C:\WINDOWS\system32\rwynzhufj.exe réalisée avec succés ! Copie C:\WINDOWS\system32\rwynzhufj_nav.dat réalisée avec succés ! Copie C:\WINDOWS\system32\rwynzhufj_navps.dat réalisée avec succés ! *** Suppression des fichiers trouvés avec Catchme *** C:\WINDOWS\system32\rwynzhufj.dat supprimé ! C:\WINDOWS\system32\rwynzhufj.exe supprimé ! C:\WINDOWS\system32\rwynzhufj_nav.dat supprimé ! C:\WINDOWS\system32\rwynzhufj_navps.dat supprimé ! ** 2éme passage avec résultats Catchme ** * Dans C:\WINDOWS\system32 * * Dans "C:\Documents and Settings\laetitia\local settings\application data" * *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans C:\WINDOWS\System32 * * Suppression dans "C:\Documents and Settings\laetitia\local settings\application data" * *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** *** Suppression dossiers dans "C:\Documents and Settings\laetitia\application data" *** ...\MessengerSkinner ...suppression... ...\MessengerSkinner supprimé ! *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\laetitia\local settings\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans C:\WINDOWS\system32 * bmhibu.exe trouvé ! Copie bmhibu.exe réalisée avec succés ! bmhibu.exe supprimé ! hmldwxs.exe trouvé ! Copie hmldwxs.exe réalisée avec succés ! hmldwxs.exe supprimé ! knpudub.exe trouvé ! Copie knpudub.exe réalisée avec succés ! knpudub.exe supprimé ! qpymaogut.exe trouvé ! Copie qpymaogut.exe réalisée avec succés ! qpymaogut.exe supprimé ! xpquoj.exe trouvé ! Copie xpquoj.exe réalisée avec succés ! xpquoj.exe supprimé ! * Dans "C:\Documents and Settings\laetitia\local settings\application data" * *** Sauvegarde du Registre vers dossier Backupnavi *** sauvegarde du Registre réalisée avec succés ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! *** Nettoyage terminé le 04/04/2008 é 21:41:45,65 *** ********** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:47:14, on 04/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition D�couverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\laetitia\LOCALS~1\Temp\R�pertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition D�couverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R�SEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Outil de mise � jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175625156609 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 7010 bytes
  12. willow31
    slt merci a vous deux. et pas de soucis, je suis sur qu'avec votre coup de main ça ira. voici le rapport navilog1 Creation de la liste des programmes installes Veuillez patienter Search Navipromo version 3.3.8 commence le 04/04/2008 a 11:51:56,37 !!! Attention,ce rapport peut indiquer des fichiers/programmes legitimes !!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie desinfection sans l'avis d'un specialiste !!! *** Recherche programmes installes *** Veuillez patienter Recherche terminee *** Recherche dossiers dans C:\WINDOWS *** Veuillez patienter Recherche terminee *** Recherche dossiers dans C:\Program Files *** Veuillez patienter Recherche terminee *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 *** Veuillez patienter Recherche terminee *** Recherche dossiers dans "C:\Documents and Settings\laetitia\application da " *** Veuillez patienter Recherche terminee *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 *** Veuillez patienter Recherche terminee *** Recherche avec Catchme par gmer *** pour + d'infos : http://www.gmer.net Veuillez patienter ... Le scan peut durer une dizaine de minutes ... C:\WINDOWS\system32\rwynzhufj_nav.dat C:\WINDOWS\system32\rwynzhufj.dat C:\WINDOWS\system32\rwynzhufj.exe C:\WINDOWS\system32\rwynzhufj_nav.dat C:\WINDOWS\system32\rwynzhufj_navps.dat *** Recherche avec GenericNaviSearch *** Veuillez patienter 1 fichier(s) copié(s). GenericNaviCheck v0.2 for IL-MAFIOSO Credits: Malware Analysis & Diagnostic Coded by fRoGGz - SecuBox Labs (FRANCE) ┌────────────────────────────────────────────────────────┐ └────────────────────────────────────────────────────────┘ 1 fichier(s) opié(s). GenericNaviCheck v0.2 for IL-MAFIOSO Credits: Malware Analysis & Diagnostic Coded by fRoGGz - SecuBox Labs (FRANCE) ┌────────────────────────────────────────────────────────┐ └────────────────────────────────────────────────────────┘ *** Recherche fichiers *** Veuillez patienter Recherche terminee *** Recherche cles specifiques dans le Registre *** Veuillez patienter ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Lanconfig LAN REG_SZ UP *** Module de Recherche complementaire *** Veuillez patienter... ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\TrustedPublisher\Certi cates\62119EF862C6B3A0D853419B87EB3E2F6C78640A Blob REG_BINARY 0F0000000100000010000000718B9510613CCAF8AFCAFC 945663A103000000010000001400000062119EF862C6B3A0D853419B87EB3E2F6C78640A200000 01000000DF030000308203DB30820344A00302010202033FC398300D06092A864886F70D010104 003055310B3009060355040613025A4131253023060355040A131C54686177746520436F6E7375 74696E67202850747929204C74642E311F301D0603550403131654686177746520436F64652053 676E696E67204341301E170D3035303831353031353134345A170D303730393136313332353132 30818B310B3009060355040613024652310E300C0603550408130552686F6E65310D300B060355 0713044C796F6E31193017060355040A1310656C656374726F6E69632D67726F75703127302506 55040B131E536563757265204170706C69636174696F6E20446576656C6F706D656E7431193017 035504031310656C656374726F6E69632D67726F757030820122300D06092A864886F70D010101 000382010F003082010A0282010100E2754D8A4E6D4DB6E025B0073520DDD7EEEC116A813940FD C4C66F7A354ADB3036188D4078F8891B3FE15D467DFBA5E17984CAC2B246C27C052E63956DFE81 B423B9615BDDFDDAADAC5E2AC0F41F583EDD24D7830F5875DF2937A9152B741EEF3950E5116E76 E7E3FFDF6FCB5858AF26F5E2EFFD019A1F82B98D7F21ED089D5BB8553CD89C823BECAEB62EA1CC 455CB4E93E8AC715320F31DC3FBC2D0BE0D65C608C58C19FF06DA7BC1EC48A45EF0219EEF40294 4E2663B1C9DAD6A2241DF996C59CF110B706285FBAEAE0C55D776573536218C3C7AE248B82CAE0 13CD8B2828A94F4A70BA6E199919A0F5EAE20643FEAABEBE2BA3B2819E92790203010001A381FD 81FA301F0603551D250418301606082B06010505070303060A2B06010401823702011630110609 86480186F8420101040403020410301D0603551D0404163014300E300C060A2B06010401823702 160302078030230603551D11041C301A82187777772E656C656374726F6E69632D67726F75702E 6F6D303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E7468617774652E 6F6D2F546861777465436F64655369676E696E6743412E63726C303206082B0601050507010104 3024302206082B060105050730018616687474703A2F2F6F6373702E7468617774652E636F6D30 0603551D130101FF04023000300D06092A864886F70D01010405000381810075160A692F4BC209 CE67C58B0D88320552104E4D35F5018BC2AB1BE03ECAE3C0ABE7DB45629B1B3C1812039145C15D 2774C211A2C86F93A819573D58A3C0E66D1E19E84638800E3372880B4E9CDCF70CC769BDEFF236 3AC6F20E370122FA791E71B0EA8BE78077FFC288C382B201D78EA8BBF9E9457FAD4EE80273279C *** Analyse terminee le 04/04/2008 a 11:58:18,12 *** Appuyez sur une touche pour continuer...
  13. willow31
    Bonjour Zonk Merci d'avoir pris en charge mon message. voila tout est fait et avast a laissé place a antivir, normal puisque plus performant. -->> Dès mon retour en mode normal et le lancement de firefox pour saisir le rapport, l'alerte spyware secure est de nouveau lancé Le rapport HiJackThis : ******** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:53:00, on 03/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition D�couverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Defender\MSASCui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\DOCUME~1\laetitia\LOCALS~1\Temp\R�pertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition D�couverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE R�SEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Outil de mise � jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175625156609 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe --
  14. willow31
    Bonjour D'abord bonne année Je me prend la tête sur l'ordi d'un copain qui affiche plain de fenetre pop up une particulièrement enervante : alerte de securité, votre pc est infecté, télécharger ..... " SpywareSecure_trial_setup.exe qui est un fichier de type:applicationà partir de http://www.spyware-secure.com " ... J'ai essayé de chercher sur internet et de regler ce probleme mais rien a faire. alors votre aide me sera de grande utilité. Merci d'avance. ci-dessus les rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 00:57:54, on 30/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Photoshop Album Edition D�couverte\3.0\Apps\apdproxy.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\laetitia\Mes documents\telechargement\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1 O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition D�couverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Outil de mise � jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175625156609 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  15. willow31
    Re Non, plus de problème. tout semble fonctionner normalement et aucun soucis. Merci encore
  16. willow31
    re Voici le rapport : KASPERSKY ON-LINE SCANNER REPORT Saturday, February 10, 2007 6:41:09 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 10/02/2007 Enregistrements dans la base antivirus Kaspersky : 251696 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail A:\ C:\ F:\ G:\ H:\ Z:\ Statistiques de l'analyse Total d'objets analysés 272182 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 01:47:22 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\walid\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Historique\History.IE5\MSHist012007021020070211\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Temp\~DF5331.tmp L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Temp\~DF5358.tmp L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Temp\~DF72C7.tmp L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Temp\~DF72D4.tmp L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\walid\Mes documents\Mes documents\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\Documents and Settings\walid\Mes documents\Mes documents\System Volume Information\_restore{C5825416-033B-49D1-9C09-8DA18AA20058}\RP2\change.log L'objet est verrouillé ignoré C:\Documents and Settings\walid\Mes documents\Mes documents\Telechargement\mandriva-free-2007-DVD.iso.part L'objet est verrouillé ignoré C:\Documents and Settings\walid\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\walid\NTUSER.DAT.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\eMule\Temp18.part L'objet est verrouillé ignoré C:\Program Files\eMule\Temp20.part L'objet est verrouillé ignoré C:\Program Files\eMule\Temp78.part L'objet est verrouillé ignoré C:\Program Files\eMule\Temp84.part L'objet est verrouillé ignoré C:\Program Files\eMule\Temp85.part L'objet est verrouillé ignoré C:\Program Files\eMule\Temp86.part L'objet est verrouillé ignoré C:\Program Files\eMule\Temp87.part L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\BWDocMap.pht L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\BWInfopakMap.pht L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\chandir.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\chandir.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\chn.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\chn.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\D0000000.FCS L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\inuse.txt L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\L0000002.FCS L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\main.log L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_die.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_die.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_dnd.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_dnd.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_ext.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_ext.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_rcv.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\prs_rcv.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\storydb.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\walid\Data\storydb.idx L'objet est verrouillé ignoré C:\Program Files\Sygate\SPF\debug.log L'objet est verrouillé ignoré C:\Program Files\Sygate\SPF\rawlog.log L'objet est verrouillé ignoré C:\Program Files\Sygate\SPF\seclog.log L'objet est verrouillé ignoré C:\Program Files\Sygate\SPF\syslog.log L'objet est verrouillé ignoré C:\Program Files\Sygate\SPF\tralog.log L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{C5825416-033B-49D1-9C09-8DA18AA20058}\RP2\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_37c.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_d4.dat L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\hiberfil.sys L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré F:\System Volume Information\_restore{C5825416-033B-49D1-9C09-8DA18AA20058}\RP2\change.log L'objet est verrouillé ignoré Analyse terminée.
  17. willow31
    bjr :P Je pense que c'est réglé !! Comme SpyBot m'affaichait toujours au demarrage le retour puis supression des fichiers cités dans mon premier message et que les autres spyware ne trouvaient pas , j'ai désinstallé SpyBot et les autres programmes installés pendant les procédures indiquées ci-haut. et j'ai redemarré mon systeme. J'ai fait une recherche manuelle dans la base de registre (regedit) / chercher sur les noms des fichiers que SpyBot m'indiqait. J'ai trouvé le fichier "TkBellExe" (les autres: rien). j'ai supprimé la clé correspondante. J'ai installé Spyware Terminator, mis a jour et activé le bouclier Clam Av et fait analyser ma machine: rien a signaler. Systeme redemarré une nouvelle fois, Spyware Terminator (bouclier logiciel) a bloqué une application (nom inconnu). Bouton supprimé et .... plus rien ! j'ai refait analyser le systeme, redemarrer la machine, rechercher dans la base de registre. Plus rien Je pense que c'est réglé. Un grand, même énorme, merci à bruce lee
  18. willow31
    slt Voici le rapport "Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033" ["DT Soft Ltd."] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [MS] "SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data] "RaidTool" = "C:\Program Files\VIA\RAID\raid_tool.exe" ["VIA Technologies"] "SmcService" = "C:\PROGRA~1\Sygate\SPF\smc.exe -startgui" ["Sygate Technologies, Inc."] "PinnacleDriverCheck" = "C:\WINDOWS\System32\PSDrvCheck.exe" [empty string] "PCMService" = ""C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"" [empty string] "OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."] "OPSE reminder" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"" ["ScanSoft, Inc."] "iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"" ["Sun Microsystems, Inc."] "MediaLifeService" = ""C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"" ["Logitech Corp."] "DAEMON Tools" = ""C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon" ["DT Soft Ltd."] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."] "SpywareTerminator" = ""C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"" ["Crawler.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "Aide pour le lien d'Adobe PDF Reader" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Périphériques Plug and Play universels" -> {HKLM...CLSID} = "Périphériques Plug and Play universels" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{F5D92341-0A64-11D0-9956-0000E8096023}" = "CD Copy Shell Extension" -> {HKLM...CLSID} = "CD Copy Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."] "{F5D92342-0A64-11D0-9956-0000E8096023}" = "CD Wizard Shell Extension" -> {HKLM...CLSID} = "CD Wizard Shell Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\Shellext\CDWshext.dll" ["Pinnacle Systems, Inc."] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes" -> {HKLM...CLSID} = "iTunes" \InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{BD88A479-9623-4897-8546-BC62B9628F44}" = "SPTHandler" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"| [file not found] HKLM\Software\Classes\Folder\shellex\ColumnHandlers\ {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info" -> {HKLM...CLSID} = "PDF Shell Extension" \InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ SPTContMenu\(Default) = "{BD88A479-9623-4897-8546-BC62B9628F44}" -> {HKLM...CLSID} = "SPTHandler" \InProcServer32\(Default) = "C:\Program Files\Spyware Terminator\sptcontmenu.dll" ["Crawler.com"] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\ "HomePage" = (REG_DWORD) hex:0x00000001 {Disable changing home page settings} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\walid\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "walid" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Adobe Reader Synchronizer" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe" [null data] "Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"] "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS] Enabled Scheduled Tasks: ------------------------ "AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."] "At1" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At10" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At11" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At12" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At13" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At14" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At15" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At16" -> launches: "C:\WINDOWS\dr.exe" [file not found] "At2" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At3" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At4" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At5" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At6" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At7" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At8" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] "At9" -> launches: "C:\WINDOWS\system32\wunauclt.exe" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint" -> {HKLM...CLSID} = "Easy-WebPrint" \InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint" Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <<H>> "(Default)" = "www.yahoo.fr" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["Anti-Malware Development a.s."] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\System32\CTSvcCDA.EXE" ["Creative Technology Ltd"] iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."] Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS] Service Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\System32\svchost.exe -k usnsvc" {"C:\Program Files\MSN Messenger\usnsvc.dll" [MS]} Services TCP/IP simplifiés, SimpTcp, "C:\WINDOWS\System32\tcpsvcs.exe" [MS] Spyware Terminator Clam Service, sp_clamsrv, "C:\Program Files\WinClamAVShield\sp_clamsrv.exe" ["Crawler.com"] Spyware Terminator Realtime Shield Service, sp_rssrv, "C:\Program Files\Spyware Terminator\sp_rsser.exe" ["Crawler.com"] Sygate Personal Firewall, SmcService, "C:\Program Files\Sygate\SPF\smc.exe" ["Sygate Technologies, Inc."] WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\System32\MsPMSPSv.exe" [MS] X10 Device Network Service, x10nets, "C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe" ["X10"] Écouteur RIP, Iprip, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\iprip.dll" [MS]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Canon BJ Language Monitor MP150\Driver = "CNMLM7K.DLL" ["CANON INC."] CutePDF Writer Monitor\Driver = "cpwmon2k.dll" [null data] Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 46 seconds, including 18 seconds for message boxes)
  19. willow31
    slt procédure terminée. apres redemarrage en mode normal, le probleme est toujours là. comme une petite fenetre qui s'ouvre et se referme rapidement et spyBot qui bloque des fichiers qui se remettent en place (ps: la restauration system est desactivée) voici le rapport spybot 09/02/2007 22:22:37 Autorisé(e) value "ATIPTA" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:39 Autorisé(e) value "QuickTime Task" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:41 Autorisé(e) value "TkBellExe" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:41 Autorisé(e) value "rkpjfywu" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:43 Autorisé(e) value "PrevxOne" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:43 Autorisé(e) value "wsyxinfl" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:44 Autorisé(e) value "kniadyxm" (new data: "") supprimé(e) in System Startup global entry! 09/02/2007 22:22:45 Autorisé(e) value "Local Page" (new data: "http://www.yahoo.fr/"'>http://www.yahoo.fr/") modifié(e) in Browser page! 09/02/2007 22:22:46 Autorisé(e) value "Local Page" (new data: "http://www.yahoo.fr/") modifié(e) in Browser page! 09/02/2007 22:22:48 Autorisé(e) value "UserInit" (new data: "C:\WINDOWS\SYSTEM32\Userinit.exe,") modifié(e) in Winlogon! 09/02/2007 22:22:49 Autorisé(e) value "Shell" (new data: "explorer.exe") modifié(e) in Winlogon! voici le rapport AVG antispyware : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 22:18:57 09/02/2007 + Résultat de l'analyse: :mozilla.71:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Administrateur\Cookies\administrateur@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\walid@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\walid@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Documents and Settings\walid\Cookies\walid@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\walid@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\walid@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\Cookies\Low\walid@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\Cookies\Low\walid@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. F:\Users\walid\Cookies\walid@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.123:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.124:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.63:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.64:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.106:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.62:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\lucille\Cookies\lucille@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\walid@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\walid@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Documents and Settings\walid\Cookies\walid@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\walid@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\walid@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Users\walid\Cookies\Low\walid@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé. F:\Users\walid\Cookies\walid@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.52:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.192:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.193:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.194:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.72:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. F:\Users\walid\Cookies\Low\walid@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.133:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.89:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.90:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.91:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.100:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.101:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.102:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. F:\Users\walid\Cookies\Low\walid@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\walid\Cookies\walid@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.108:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.109:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.110:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.111:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.112:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.113:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.55:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.59:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.60:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\walid\Cookies\walid@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. F:\Users\walid\Cookies\Low\walid@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.14:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.16:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.7:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.56:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.57:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.58:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Documents and Settings\walid\AppData\Roaming\Microsoft\Windows\Cookies\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Documents and Settings\walid\Application Data\Microsoft\Windows\Cookies\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Documents and Settings\walid\Cookies\Low\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Documents and Settings\walid\Cookies\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\Low\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Users\walid\AppData\Roaming\Microsoft\Windows\Cookies\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\Low\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Users\walid\Application Data\Microsoft\Windows\Cookies\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Users\walid\Cookies\Low\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. F:\Users\walid\Cookies\walid@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.184:C:\Documents and Settings\walid\Application Data\Mozilla\Firefox\Profiles\ocxml94z.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport et le nouveau rapport HijackThis : Logfile of HijackThis v1.99.1 Scan saved at 22:28:06, on 09/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Logitech\MediaLife\MediaLifeService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\walid\Mes documents\Mes documents\Telechargement\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.fr/ O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe est-ce le fait que spybot est en fonction et qu'il supprime ces fichiers peut masquer le problème ?
  20. willow31
    je vais faire tous ça et revenir pour le rapport. Merci à toi. à +
  21. willow31
    oups ! y'a pas de reboot.exe sur c:\ tu veux parler de boot.ini ou peut etre du dossier boot ?
  22. willow31
    oups ! y'a
  23. willow31
    re Voici le rapport , qui se trouve dans c:\rapport.txt SmitFraudFix v2.141 Rapport fait à 20:12:02,35, 09/02/2007 c'est vide, quand je clique sur le choix 1, la fenetre se ferme de suite. est-ce normal ?
  24. willow31
    Au debut c'etait un fichier appelé ctpmon.exe que j'ai supprimé (et aussi de la base de registre), puis j'avais la fenetre cmd qui se lançait qu demarrage de mon system, et je me retrouvais avec la fenetre de ligne de commande (le bureau ne s'affichait pas) donc j'ai supprimé la commande shell qui le lançait ! J'ai utilisé un scan en ligne de microsoft et celui de bitdefender (celui de microsoft a réparrer 2 erreurs !!). voila, on essai d'apprendre de ceux qui savent et aider ceux qui ne savent pas quand on maitrise mieux ! voici le rapport BlackLight : 02/09/07 18:49:29 [info]: BlackLight Engine 1.0.55 initialized 02/09/07 18:49:29 [info]: OS: 5.1 build 2600 (Service Pack 2) 02/09/07 18:49:29 [Note]: 7019 4 02/09/07 18:49:29 [Note]: 7005 0 02/09/07 18:49:32 [Note]: 7006 0 02/09/07 18:49:32 [Note]: 7011 2232 02/09/07 18:49:32 [Note]: 7026 0 02/09/07 18:49:32 [Note]: 7026 0 02/09/07 18:49:35 [Note]: FSRAW library version 1.7.1021 visiblement pas de fichier cachés ! mais le problème est toujours la !
  25. willow31
    Bonjour Mon a ordi a chopé une m...., et j'ai essayé de faire le nettoyage en lisant à gauche et à droite sur le net et sur ce forum. c'est presque fait mais presque n'est pas totalement , j'ai installé Spybot qui se charge à chaque demarrage de me nettoyer les fichier qui se remettent en place alors ça marche mais a chaque demarrage ça se remet en place et spybot s'encharge mais je n'ai pas réussi à trouver le fichier qui les fait revenir : Voici le log de Spybot à chaque demarrage : Autorisé(e) value "ATIPTA" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "QuickTime Task" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "TkBellExe" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "rkpjfywu" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "PrevxOne" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "wsyxinfl" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "kniadyxm" (new data: "") supprimé(e) in System Startup global entry! Autorisé(e) value "Local Page" (new data: "http://www.yahoo.fr/"'>http://www.yahoo.fr/") modifié(e) in Browser page! Autorisé(e) value "Local Page" (new data: "http://www.yahoo.fr/") modifié(e) in Browser page! Autorisé(e) value "Shell" (new data: "") supprimé(e) in Winlogon! Comment les faire disparaitre pour du bon svp voici le rapport HijackThis Logfile of HijackThis v1.99.1 Scan saved at 17:48:29, on 09/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Logitech\MediaLife\MediaLifeService.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\System32\CTSvcCDA.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\eMule\emule.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Documents and Settings\walid\Mes documents\Mes documents\Telechargement\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.yahoo.fr/ F2 - REG:system.ini: Shell= F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\reboot.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab O18 - Protocol: bw+0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {1D5F9AB6-58C2-41CA-9E9D-AD2578208253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Prevx Agent (PrevxAgent) - Unknown owner - C:\Program Files\Prevx Pro\PXAgent.exe" -f (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
×
×
  • Créer...