JLVIVI
-
Compteur de contenus
15 -
Inscription
-
Dernière visite
JLVIVI's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Bonjour ! As-tu lu mon problème ci-dessous concernant iTunes, que j'ai posté le 23 avril ? "J'ai téléchargé et installé iTunes sur mon PC Windows XP. Il me dit que l'installation s'est bien effectuée. Et quand je le lance, le contrat de licence apparaît en Français, et quand je clique sur "Accepter", la fenêtre se ferme et plus rien ne se passe. Aucun message d'erreur, mais iTunes ne se lance pas... De quoi cela peut-il venir ? Merci pour votre réponse. Jean-Luc." Merci, Jean-Luc.
-
J'ai téléchargé et installé iTunes sur mon PC Windows XP. Il me dit que l'installation s'est bien effectuée. Et quand je le lance, le contrat de licence apparaît en Français, et quand je clique sur "Accepter", la fenêtre se ferme et plus rien ne se passe. Aucun message d'erreur, mais iTunes ne se lance pas... De quoi cela peut-il venir ? Merci pour votre réponse. Jean-Luc.
-
OUI, exactement, même avec mon PC fixe, le scanner ne fonctionne plus !!! Je suis étonné de ne pas recevoir de réponse de quelqu'un qui connaît, depuis le jeudi 24 septembre...
-
Je viens d'installer mon imprimante/scanner/photocopieuse Canon "PIXMA MP150" en réseau sur ma FreeBox, sur un port TCP/IP. (en Windows XP) L'imprimante fonctionne très bien depuis les 2 PC portables de mes enfants, en Wifi, sans avoir à mettre sous tension mon PC principal. Par contre, le scanner de l'imprimante ne fonctionne plus !! Message "Impossible de communiquer avec le scanner". Comment faire ? Merci de votre réponse. Jean-Luc.
-
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Bonsoir Angélique, ça y est, c'est tout bon, tu es vraiment géniale !! Depuis que j'ai supprimé Quicktime du boot du PC comme tu me l'as indiqué ci-dessus, je n'ai plus le popup Windows. Et AntiVir se charge bien à chaque démarrage de mon PC avec le parapluie rouge dans la zone des tâches actives. J'ai aussi vérifié que les 3 processus .exe que tu m'as indiqués tournent bien. Encore merci beaucoup pour tout et @+. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Angélique, Il me reste encore un truc un peu pénible sur mon PC, qui se produisait déjà avant toutes nos manip et qui continue toujours: c'est l'apparition du popup ci-dessous à chaque ouverture de session: Windows - Pas de disque Exception Processing Message c0000013 Parameters 75afbf9c 4 75afbf9c 75afbf9c Et je dois cliquer 8 fois de suite sur "Annuler" ou "Continuer" pour que le popup disparaisse. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Bonjour, Voici mon rapport HijackThis après avoir fait ce que tu m'as demandé ci-dessus: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:32:14, on 18/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PopitNG.lnk = C:\Program Files\Popit\PopitNG.exe O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab O18 - Protocol: offline-8876480 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 8247 bytes C'est sûr que mon PC va beaucoup mieux !! Merci beaucoup. J'arrive sans problème à ouvrir Yahoo! Mail, et je surfe très rapidement sur Internet. Une petite question s'il-te-plaît: Quand j'ai lancé mon PC ce soir, j'ai vu apparaître un Popup "Avira AntiVir", mais ensuite il a disparu et je n'avais pas dans les icônes de la barre des tâches le "parapluie rouge", contrairement à hier soir. Est-ce normal ? AntiVir est-il bien lancé ? Dis-moi bien si cette fois-ci mon PC est bien nettoyé de toute cochonnerie... A bientôt, et encore merci pour tout, Jean-Luc. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Rapport d'AntiVir: Avira AntiVir Personal Report file date: mardi 17 juin 2008 01:23 Scanning for 1337442 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: JEAN-LUC Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 23:17:59 ANTIVIR3.VDF : 7.0.4.204 78336 Bytes 16/06/2008 23:17:59 Engineversion : 8.1.0.55 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.40 266618 Bytes 16/06/2008 23:18:08 AESCN.DLL : 8.1.0.21 119156 Bytes 16/06/2008 23:18:07 AERDL.DLL : 8.1.0.20 418165 Bytes 16/06/2008 23:18:07 AEPACK.DLL : 8.1.1.5 364918 Bytes 16/06/2008 23:18:06 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 16/06/2008 23:18:05 AEHEUR.DLL : 8.1.0.30 1253750 Bytes 16/06/2008 23:18:04 AEHELP.DLL : 8.1.0.15 115063 Bytes 16/06/2008 23:18:02 AEGEN.DLL : 8.1.0.28 307572 Bytes 16/06/2008 23:18:02 AEEMU.DLL : 8.1.0.6 430451 Bytes 16/06/2008 23:18:01 AECORE.DLL : 8.1.0.31 168310 Bytes 16/06/2008 23:18:00 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 17 juin 2008 01:23 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'PopitNG.exe' - '1' Module(s) have been scanned Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 33 processes with 33 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '29' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f6c8.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro2.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f6d9.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro3.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f6e6.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro4.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f701.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro5.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f707.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro6.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f70f.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro7.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f718.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro9.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '48c4f719.qua'! C:\QooBox\Quarantine\C\WA6P\Quar\undzdwqa.vir [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.7 [NOTE] The file was moved to '48bafb00.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ajcowrxw.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48b9fafd.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\axpqeirt.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48c6fb0b.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\bukxosco.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c1fb08.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\chjscycv.dll.vir [DETECTION] Is the Trojan horse TR/Mondera.93184 [NOTE] The file was moved to '48c0fafc.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\eatocwxi.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48cafaf5.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\egeueeer.dll.vir [DETECTION] Is the Trojan horse TR/Mondera.107520 [NOTE] The file was moved to '48bbfafb.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\eggbhbup.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48bdfafc.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\egpcyfim.exe.vir [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '48c6fafc.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ewppmsgh.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48c6fb0c.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\fkscfoar.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c9fb00.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\gjclywtr.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48b9fb00.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\gnbjccun.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48b8fb04.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\hlkimssy.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48c1fb02.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\icogdaxj.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c5fafa.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\jkngmraf.dll.vir [DETECTION] Is the Trojan horse TR/Mondera.108544.3 [NOTE] The file was moved to '48c4fb02.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\jwxwsdxi.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48cefb0f.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\kkyefodu.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48cffb03.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\lwgdivda.dll.vir [DETECTION] Is the Trojan horse TR/Mondera.106496.1 [NOTE] The file was moved to '48bdfb0f.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\mmtmshuc.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48cafb06.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\nmxhtmmx.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48cefb06.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\qctiaoae.dll.vir [DETECTION] Is the Trojan horse TR/Mondera.104448.2 [NOTE] The file was moved to '48cafafc.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\syvocias.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48ccfb13.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\tcdoswyc.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48bafafd.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\tnrjfagq.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c8fb08.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\tsntpalx.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c4fb0e.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\vndfkojv.exe.vir [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '48bafb09.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\wvyjfiw.exe.vir [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] The file was moved to '48cffb11.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\yclejsuu.dll.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c2faff.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\yxbrklbx.dll.vir [DETECTION] Is the Trojan horse TR/Mondera.108544 [NOTE] The file was moved to '48b8fb14.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP298\A0063044.exe [DETECTION] Is the Trojan horse TR/Dropper.Gen [NOTE] The file was moved to '4886fadf.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP325\A0064915.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886faff.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP327\A0065070.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb03.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP327\A0065109.exe [DETECTION] Is the Trojan horse TR/FakeAV.14 [NOTE] The file was moved to '4886fb05.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP327\A0065189.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb07.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP330\A0065419.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb0d.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP331\A0065477.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb10.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065580.exe [DETECTION] Is the Trojan horse TR/FakeAV.14 [NOTE] The file was moved to '4886fb12.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065690.exe [DETECTION] Is the Trojan horse TR/Fakealert.FB.14 [NOTE] The file was moved to '4886fb16.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065718.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb18.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065739.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1d91.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065740.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb1a.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0066867.dll [DETECTION] Is the Trojan horse TR/Vundo.enl.1 [NOTE] The file was moved to '4886fb1b.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP334\A0067351.dll [DETECTION] Is the Trojan horse TR/Mondera.97280.2 [NOTE] The file was moved to '4886fb24.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067610.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] The file was moved to '4886fb2c.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067611.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1da5.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067612.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '4886fb2e.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067613.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb2d.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067615.dll [DETECTION] Is the Trojan horse TR/Mondera.93184 [NOTE] The file was moved to '493d1da6.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067616.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '4886fb2f.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067617.dll [DETECTION] Is the Trojan horse TR/Mondera.107520 [NOTE] The file was moved to '493d1db8.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067618.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1da7.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067619.exe [DETECTION] Is the Trojan horse TR/PrivacySet.A [NOTE] The file was moved to '4886fb20.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067620.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '493d1da9.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067621.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb31.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067622.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '493d1dba.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067623.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb33.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067624.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '493d1dbc.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067625.dll [DETECTION] Is the Trojan horse TR/Mondera.108544.3 [NOTE] The file was moved to '4886fb30.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067626.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1db9.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067627.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '4886fb32.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067628.dll [DETECTION] Is the Trojan horse TR/Mondera.106496.1 [NOTE] The file was moved to '493d1dbb.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067629.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb35.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067631.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1dbe.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067632.dll [DETECTION] Is the Trojan horse TR/Mondera.104448.2 [NOTE] The file was moved to '4886fb37.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067633.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1db0.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067634.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb34.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067635.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1dbd.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067636.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb36.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067637.exe [DETECTION] Is the Trojan horse TR/Lowzones.SG [NOTE] The file was moved to '4886fb39.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067638.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '493d1db2.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067639.dll [DETECTION] Is the Trojan horse TR/Mondera.108544 [NOTE] The file was moved to '4886fb3b.qua'! C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP339\A0067921.dll [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4886fb3c.qua'! C:\WINDOWS\system32\eosfrg.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c9fc51.qua'! C:\WINDOWS\system32\nnyobp.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48cffc61.qua'! C:\WINDOWS\system32\vekldohj.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48c1fc65.qua'! Begin scan in 'D:\' <ACERDATA> End of the scan: mardi 17 juin 2008 01:51 Used time: 28:20 min The scan has been done completely. 6964 Scanning directories 227536 Files were scanned 76 viruses and/or unwanted programs were found 8 Files were classified as suspicious: 0 files were deleted 0 files were repaired 84 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 227460 Files not concerned 7325 Archives were scanned 6 Warnings 84 Notes -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Contenu du Scan ComboFix.txt: ComboFix 08-06-10.5 - Jean-Luc VIGNOLI 2008-06-17 0:43:24.3 - NTFSx86 Endroit: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\BM4b134963.xml C:\WINDOWS\system32\alaslrvc.dll C:\WINDOWS\system32\icogdaxj.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Claire\err.log C:\Documents and Settings\Etienne\err.log C:\Documents and Settings\Etienne\ResErrors.log C:\Documents and Settings\Invité\err.log C:\Documents and Settings\Invité\ResErrors.log C:\Documents and Settings\Jean-Luc VIGNOLI\err.log C:\Documents and Settings\Jean-Luc VIGNOLI\ResErrors.log C:\Documents and Settings\Lucie\err.log C:\WINDOWS\BM4b134963.xml C:\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe C:\WINDOWS\system32\icogdaxj.dll . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))))))) . 2008-06-11 23:12 . 2008-06-11 23:12 <REP> d-------- C:\Documents and Settings\Invité 2008-06-11 23:12 . <REP> C:\Documents and Settings\InvitÚ\Local Settings 2008-06-11 23:12 . <REP> C:\Documents and Settings\InvitÚ\Local Settings 2008-06-10 22:46 . 2008-06-10 22:46 <REP> d-------- C:\Documents and Settings\Claire\Application Data\ScanSoft 2008-06-10 22:43 . 2008-06-10 22:49 <REP> d-------- C:\Documents and Settings\Claire\Application Data\Canon 2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 22:55 . 2008-06-09 22:55 <REP> d-------- C:\Program Files\Trend Micro 2008-06-03 02:28 . 2008-06-03 02:28 364 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-25 22:48 . 2008-05-25 22:48 <REP> d-------- C:\Program Files\Alwil Software 2008-05-24 01:00 . 2008-05-24 01:00 46,592 --a------ C:\Documents and Settings\Jean-Luc VIGNOLI\fopn.sys 2008-05-23 23:37 . 2008-05-23 23:37 <REP> d-------- C:\Program Files\Lavasoft 2008-05-23 23:37 . 2008-05-23 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-23 22:52 . 2008-06-17 00:46 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-21 02:06 . 2008-05-21 02:06 <REP> d-------- C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\TuneUp Software 2008-05-21 02:06 . 2008-05-21 02:06 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-21 02:06 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-05-21 02:05 . 2008-05-25 18:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-05-21 02:05 . 2008-05-21 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-21 02:03 . 2008-05-23 23:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-19 21:35 . 2008-05-19 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-05-19 21:21 . 2008-06-17 00:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-16 21:40 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-06-16 17:36 --------- d-----w C:\Program Files\IrfanView 2008-06-11 19:22 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\Canon 2008-05-25 23:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-25 00:25 --------- d-----w C:\Program Files\Dictionnaire 2008-05-20 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-19 19:33 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\AdobeUM 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-03 15:42 --------- d-----w C:\Program Files\Google 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((( snapshot@2008-06-11_23.12.17.21 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-11 21:07:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-16 22:48:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-16 22:48:54 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_73c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-21 23:47 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 20:24 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 07:00] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-21 02:06] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-16 22:48:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-17 00:49:09 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe C:\Program Files\Popit\PopitNG.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-17 0:54:12 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-16 22:54:06 ComboFix2.txt 2008-06-11 21:33:54 ComboFix3.txt 2008-06-11 21:12:41 Pre-Run: 77,905,838,080 octets libres Post-Run: 77,897,347,072 octets libres 164 --- E O F --- 2008-06-10 21:03:23 -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
OK, j'ai lu le comparatif, je suis convaincu ! Je fais les manip ce soir et te poste les rapports. Merci, Jean-Luc. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Bonjour ! Tu crois que c'est vraiment nécessaire de remplacer Avast par Antivir ? Je ne connais personne qui ait entendu parler de cet antivirus "Antivir"... Qu'a-t-il de mieux que Avast ? Merci, Jean-Luc. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Angélique, J'ai l'impression que tu n'as pas reçu ma réponse de cette nuit, après que j'ai fait toutes les manip que tu m'avais indiquées et avec mon nouveau fichier ComboFix.txt, car je ne retrouve rien dans l'historique. Je te le renvoie donc. Et tout d'abord, grande nouvelle: ça a marché !! J'ai pu à la fin de toute la procédure de nouveau ouvrir sans problème Yahoo! Mail, essayé plusieurs sites avec une rapidité de connexion que je n'avais pas eu depuis longtemps... Donc MERCI BEAUCOUP ! Ensuite, je vais te copier/coller deux Log car en fait j'ai peut-être mal compris ta procédure et du coup j'ai lancé deux fois successives ComboFix, une fois tout seul par double clic (Log1), puis en faisant glisser CFScript.txt sur ComboFix (Log2). Merci de me dire si mon PC contient encore des "trucs" douteux, ou si je n'ai plus de soucis à avoir. Et que dois-je faire des réglages que j'ai modifiés hier soir concernant Spybot et Avast ? Log1: ComboFix 08-06-10.5 - Jean-Luc VIGNOLI 2008-06-11 22:58:08.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.133 [GMT 2:00] Endroit: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\SystemDoctor Free C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\Abbr C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ActivationCode C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\HOURS C:\Documents and Settings\All Users\Application Data\SystemDoctor Free\Data\ProductCode C:\Documents and Settings\Etienne\Application Data\SystemDoctor Free C:\Documents and Settings\Etienne\Application Data\SystemDoctor Free\Logs\update.log C:\Program Files\Fichiers communs\SystemDoctor C:\Program Files\Fichiers communs\SystemDoctor\err.log C:\WA6P C:\WA6P\Quar\~GLH0000.TMPxilarzbn C:\WA6P\Quar\~GLH0001.TMPdlvkaggm C:\WA6P\Quar\apyeshrl C:\WA6P\Quar\bhrnqdln C:\WA6P\Quar\btgfrhfs C:\WA6P\Quar\btgivuiw C:\WA6P\Quar\btipireo C:\WA6P\Quar\btjalzyg C:\WA6P\Quar\btldnjzu C:\WA6P\Quar\btnbsgde C:\WA6P\Quar\btoueoxv C:\WA6P\Quar\btqbjmbn C:\WA6P\Quar\btqeuzer C:\WA6P\Quar\btqpyzyj C:\WA6P\Quar\bttsarrw C:\WA6P\Quar\bttvleub C:\WA6P\Quar\btwjqwqy C:\WA6P\Quar\BWMIB.DLLfzkjqvni C:\WA6P\Quar\bwndvzii C:\WA6P\Quar\BWqlslkp C:\WA6P\Quar\clbwuqsl C:\WA6P\Quar\clnjidtc C:\WA6P\Quar\clpzhugg C:\WA6P\Quar\clqnilst C:\WA6P\Quar\clxlrdaq C:\WA6P\Quar\clyhtahf C:\WA6P\Quar\deyqwttq C:\WA6P\Quar\etexvpdi C:\WA6P\Quar\ethvkczj C:\WA6P\Quar\etjtumxn C:\WA6P\Quar\etpffxqc C:\WA6P\Quar\etqsndhd C:\WA6P\Quar\Iaajfxdj C:\WA6P\Quar\Iaalxyjw C:\WA6P\Quar\IAapdpyu C:\WA6P\Quar\Iaayislf C:\WA6P\Quar\Iabqdnbi C:\WA6P\Quar\Iabquiqb C:\WA6P\Quar\Iacbkcmt C:\WA6P\Quar\Iacnwtcr C:\WA6P\Quar\Iactsosb C:\WA6P\Quar\IadHide5.dlldtdbekqk C:\WA6P\Quar\Iadiupmt C:\WA6P\Quar\Iadqvumv C:\WA6P\Quar\Iadssgex C:\WA6P\Quar\Iaeoieel C:\WA6P\Quar\Iafjnihm C:\WA6P\Quar\Iafkjtik C:\WA6P\Quar\Iaghmakx C:\WA6P\Quar\Iagkjdcg C:\WA6P\Quar\Iagkwksh C:\WA6P\Quar\Iagmvdef C:\WA6P\Quar\Iagqtlrp C:\WA6P\Quar\Iahgueuv C:\WA6P\Quar\Iahlnlbx C:\WA6P\Quar\Iaipxnfl C:\WA6P\Quar\Iajhkqqy C:\WA6P\Quar\Iajndwdm C:\WA6P\Quar\Iajuevzu C:\WA6P\Quar\Iakifvke C:\WA6P\Quar\Iakrnxeh C:\WA6P\Quar\Ialkmare C:\WA6P\Quar\Iallqthe C:\WA6P\Quar\Ialslpqc C:\WA6P\Quar\Iamddwds C:\WA6P\Quar\Iamtkrvx C:\WA6P\Quar\Iannfzrq C:\WA6P\Quar\Iaorwbvj C:\WA6P\Quar\Iaorxozh C:\WA6P\Quar\IAovbcjz C:\WA6P\Quar\Iapaunjf C:\WA6P\Quar\Iaplrwlz C:\WA6P\Quar\IApnmzwn C:\WA6P\Quar\Iapwkbow C:\WA6P\Quar\Iapxzajy C:\WA6P\Quar\Iapyfgeg C:\WA6P\Quar\Iaqgpkjw C:\WA6P\Quar\Iaqkqdzx C:\WA6P\Quar\Iargpvac C:\WA6P\Quar\Iascrkwh C:\WA6P\Quar\Iasfvcol C:\WA6P\Quar\Iaskmdpk C:\WA6P\Quar\Iatayijh C:\WA6P\Quar\Iatlieqe C:\WA6P\Quar\Iatpsdpc C:\WA6P\Quar\Iatvmjoa C:\WA6P\Quar\Iatxroxc C:\WA6P\Quar\Iauaxuhz C:\WA6P\Quar\Iauhmqtr C:\WA6P\Quar\Iauxrqsu C:\WA6P\Quar\Iavxtuxu C:\WA6P\Quar\Iawahkzr C:\WA6P\Quar\Iawcywkh C:\WA6P\Quar\Iaxmpdyt C:\WA6P\Quar\Iayqxzfp C:\WA6P\Quar\Iazeitvs C:\WA6P\Quar\Iazfipob C:\WA6P\Quar\IAzltjls C:\WA6P\Quar\Iazubita C:\WA6P\Quar\IMfnarkt C:\WA6P\Quar\IMfwtxyp C:\WA6P\Quar\Index.dat C:\WA6P\Quar\inzcaiys C:\WA6P\Quar\JEaaahww C:\WA6P\Quar\JEacbplc C:\WA6P\Quar\JEacmoyi C:\WA6P\Quar\JEadcluo C:\WA6P\Quar\jeadihyt C:\WA6P\Quar\JEadmkrm C:\WA6P\Quar\JEadyvtq C:\WA6P\Quar\JEakbivy C:\WA6P\Quar\jean-luc_vignoli@bluestreak[1].txtcawvijdw C:\WA6P\Quar\jean-luc_vignoli@bluestreak[1].txtxjoutddg C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtaaplxygd C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtdwtifnwt C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtecmavaci C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtnuztixmb C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtxrijsxcs C:\WA6P\Quar\jean-luc_vignoli@doubleclick[1].txtygdhqzwm C:\WA6P\Quar\jean-luc_vignoli@weborama[1].txtdwtifnwt C:\WA6P\Quar\jean-luc_vignoli@weborama[1].txtnuztixmb C:\WA6P\Quar\jean-luc_vignoli@weborama[1].txtygdhqzwm C:\WA6P\Quar\JEaodnil C:\WA6P\Quar\JEasnqhr C:\WA6P\Quar\JEassifn C:\WA6P\Quar\JEaurhqk C:\WA6P\Quar\JEauvwlg C:\WA6P\Quar\JEaycswj C:\WA6P\Quar\JEazaamh C:\WA6P\Quar\JEazmwyn C:\WA6P\Quar\JEbacrwi C:\WA6P\Quar\JEbbcucr C:\WA6P\Quar\JEbbrpzq C:\WA6P\Quar\JEbdizge C:\WA6P\Quar\JEbdylzv C:\WA6P\Quar\JEbeluxw C:\WA6P\Quar\JEbjzgyb C:\WA6P\Quar\JEblemfa C:\WA6P\Quar\JEbnttdh C:\WA6P\Quar\JEbpotww C:\WA6P\Quar\JEbqbfru C:\WA6P\Quar\JEbtitwi C:\WA6P\Quar\JEbupvew C:\WA6P\Quar\JEbuvjrq C:\WA6P\Quar\JEbwphph C:\WA6P\Quar\JEbxacew C:\WA6P\Quar\JEbxddqr C:\WA6P\Quar\JEbxwwak C:\WA6P\Quar\JEcagkxz C:\WA6P\Quar\JEcdgciy C:\WA6P\Quar\JEcekpyg C:\WA6P\Quar\JEcivlxe C:\WA6P\Quar\JEckgamd C:\WA6P\Quar\JEckrpas C:\WA6P\Quar\JEcpbfzk C:\WA6P\Quar\JEcqoqdc C:\WA6P\Quar\JEcqwkyn C:\WA6P\Quar\JEcrijpk C:\WA6P\Quar\JEcwgins C:\WA6P\Quar\JEcwlmmg C:\WA6P\Quar\JEcxffzn C:\WA6P\Quar\JEcxsktz C:\WA6P\Quar\JEczqdtk C:\WA6P\Quar\JEdezrgy C:\WA6P\Quar\JEdghzlo C:\WA6P\Quar\JEditgpz C:\WA6P\Quar\JEdmalhy C:\WA6P\Quar\JEdmemeq C:\WA6P\Quar\JEdncwzj C:\WA6P\Quar\JEdoeitv C:\WA6P\Quar\JEdonpys C:\WA6P\Quar\JEdouqzk C:\WA6P\Quar\JEdowajo C:\WA6P\Quar\JEdplqvy C:\WA6P\Quar\JEdpmjvw C:\WA6P\Quar\JEdqkvnq C:\WA6P\Quar\JEdqoylv C:\WA6P\Quar\JEdslvhd C:\WA6P\Quar\JEdtowef C:\WA6P\Quar\JEdvllnu C:\WA6P\Quar\JEdvlxfi C:\WA6P\Quar\JEdvoggd C:\WA6P\Quar\JEdvqlrx C:\WA6P\Quar\JEdvsxvr C:\WA6P\Quar\JEdyehiw C:\WA6P\Quar\JEdyqeml C:\WA6P\Quar\JEeayhhh C:\WA6P\Quar\JEeccfme C:\WA6P\Quar\JEedxwya C:\WA6P\Quar\JEejdism C:\WA6P\Quar\JEejuajm C:\WA6P\Quar\JEeklian C:\WA6P\Quar\JEekqvgo C:\WA6P\Quar\JEeleaps C:\WA6P\Quar\JEendfer C:\WA6P\Quar\JEeqbjae C:\WA6P\Quar\JEerwjrr C:\WA6P\Quar\JEerwsom C:\WA6P\Quar\JEescgpw C:\WA6P\Quar\JEfblvlf C:\WA6P\Quar\JEfbmmnv C:\WA6P\Quar\JEfbnpav C:\WA6P\Quar\JEfczack C:\WA6P\Quar\JEfdeoxn C:\WA6P\Quar\JEfdwdcn C:\WA6P\Quar\JEfecjwj C:\WA6P\Quar\JEfetpcx C:\WA6P\Quar\JEfhbzlr C:\WA6P\Quar\JEfjniko C:\WA6P\Quar\JEfmnbfc C:\WA6P\Quar\JEfnoins C:\WA6P\Quar\JEfohpkm C:\WA6P\Quar\JEfozwkk C:\WA6P\Quar\JEfqzexi C:\WA6P\Quar\JEftmvqa C:\WA6P\Quar\JEftnwhi C:\WA6P\Quar\JEfudlxr C:\WA6P\Quar\JEfumacx C:\WA6P\Quar\JEgchfwr C:\WA6P\Quar\JEgdntcr C:\WA6P\Quar\JEgdzniv C:\WA6P\Quar\JEgeprlc C:\WA6P\Quar\jegfsnvw C:\WA6P\Quar\JEgggkae C:\WA6P\Quar\JEghjugv C:\WA6P\Quar\JEgkmzxc C:\WA6P\Quar\JEglohdu C:\WA6P\Quar\JEglrhno C:\WA6P\Quar\JEgncvnp C:\WA6P\Quar\JEgqdwyc C:\WA6P\Quar\JEgtamyv C:\WA6P\Quar\JEgvbxuf C:\WA6P\Quar\JEgvdbfm C:\WA6P\Quar\JEgwdfuo C:\WA6P\Quar\JEgwhawk C:\WA6P\Quar\JEgyeade C:\WA6P\Quar\JEgyrfur C:\WA6P\Quar\JEgzrnkl C:\WA6P\Quar\JEgzynbb C:\WA6P\Quar\JEhcekgo C:\WA6P\Quar\jehdyvbz C:\WA6P\Quar\JEhgogib C:\WA6P\Quar\JEhjthbm C:\WA6P\Quar\JEhlupur C:\WA6P\Quar\JEhmeefc C:\WA6P\Quar\JEhmjauz C:\WA6P\Quar\jehojdwq C:\WA6P\Quar\JEhpdlxi C:\WA6P\Quar\JEhunmvm C:\WA6P\Quar\JEhwzpow C:\WA6P\Quar\JEhxhzmr C:\WA6P\Quar\JEiawsyk C:\WA6P\Quar\JEicgrgy C:\WA6P\Quar\JEieggin C:\WA6P\Quar\JEifrdxy C:\WA6P\Quar\JEihtomn C:\WA6P\Quar\JEijnxon C:\WA6P\Quar\JEikngkv C:\WA6P\Quar\JEimaiam C:\WA6P\Quar\JEimlnsz C:\WA6P\Quar\JEimodca C:\WA6P\Quar\JEimootl C:\WA6P\Quar\JEinmgoh C:\WA6P\Quar\JEipfpzd C:\WA6P\Quar\JEirisdx C:\WA6P\Quar\JEirwimg C:\WA6P\Quar\JEirwmeq C:\WA6P\Quar\JEiwtsno C:\WA6P\Quar\JEixwejv C:\WA6P\Quar\JEjcvluz C:\WA6P\Quar\JEjgfmge C:\WA6P\Quar\JEjhyvuq C:\WA6P\Quar\JEjifedv C:\WA6P\Quar\JEjlauui C:\WA6P\Quar\JEjoegsd C:\WA6P\Quar\JEjoskbp C:\WA6P\Quar\JEjpwutt C:\WA6P\Quar\JEjrdfez C:\WA6P\Quar\JEjtbawj C:\WA6P\Quar\JEjvnsyt C:\WA6P\Quar\JEjxuwju C:\WA6P\Quar\JEjzawqi C:\WA6P\Quar\JEkfpdkb C:\WA6P\Quar\JEkggwze C:\WA6P\Quar\JEkgplnh C:\WA6P\Quar\JEkhtquk C:\WA6P\Quar\JEkmxhtb C:\WA6P\Quar\JEkndjmu C:\WA6P\Quar\JEkpkqqp C:\WA6P\Quar\JEkqpkyr C:\WA6P\Quar\JEkrwmzh C:\WA6P\Quar\JEktkdfa C:\WA6P\Quar\JEktoxfm C:\WA6P\Quar\JEktwjqu C:\WA6P\Quar\JEkyyclg C:\WA6P\Quar\JElcflhj C:\WA6P\Quar\JEligbte C:\WA6P\Quar\JElldaxr C:\WA6P\Quar\JElmavul C:\WA6P\Quar\JEloibpx C:\WA6P\Quar\JElpdljg C:\WA6P\Quar\JElposnl C:\WA6P\Quar\JElriccr C:\WA6P\Quar\JElrzuwc C:\WA6P\Quar\JEltfwgp C:\WA6P\Quar\JElwazjm C:\WA6P\Quar\JElxrbho C:\WA6P\Quar\JElzgohh C:\WA6P\Quar\JElzwwpw C:\WA6P\Quar\JEmbexvq C:\WA6P\Quar\JEmewbxn C:\WA6P\Quar\JEmfgjzx C:\WA6P\Quar\JEmixlcd C:\WA6P\Quar\JEmjtphf C:\WA6P\Quar\JEmlrahp C:\WA6P\Quar\JEmmlqaj C:\WA6P\Quar\JEmmrpty C:\WA6P\Quar\JEmrhvil C:\WA6P\Quar\JEmrjtuz C:\WA6P\Quar\JEmsixut C:\WA6P\Quar\JEmsmkml C:\WA6P\Quar\JEmtgvpy C:\WA6P\Quar\JEmtqvsx C:\WA6P\Quar\JEmvqpfc C:\WA6P\Quar\JEmwacvm C:\WA6P\Quar\JEmwqlux C:\WA6P\Quar\JEmxvmvy C:\WA6P\Quar\JEmxvwlu C:\WA6P\Quar\JEmymuts C:\WA6P\Quar\JEnazagk C:\WA6P\Quar\JEnbmbmw C:\WA6P\Quar\JEnchfxa C:\WA6P\Quar\JEndmfeu C:\WA6P\Quar\JEnlrprg C:\WA6P\Quar\JEnnznmr C:\WA6P\Quar\JEnoeeix C:\WA6P\Quar\JEnoobrh C:\WA6P\Quar\JEnrecaa C:\WA6P\Quar\JEntvjro C:\WA6P\Quar\JEnurtiw C:\WA6P\Quar\JEnwbvxr C:\WA6P\Quar\JEoagopx C:\WA6P\Quar\JEoarqop C:\WA6P\Quar\JEoatjlx C:\WA6P\Quar\JEobmsuz C:\WA6P\Quar\jeocdyli C:\WA6P\Quar\JEoeznai C:\WA6P\Quar\JEofdhgz C:\WA6P\Quar\JEofkapt C:\WA6P\Quar\JEoicxlh C:\WA6P\Quar\JEolsccn C:\WA6P\Quar\JEoopwnx C:\WA6P\Quar\JEormens C:\WA6P\Quar\JEosvujd C:\WA6P\Quar\JEovbbto C:\WA6P\Quar\JEowndzs C:\WA6P\Quar\JEoxgxpf C:\WA6P\Quar\JEoydigq C:\WA6P\Quar\JEozojyh C:\WA6P\Quar\JEpbcguk C:\WA6P\Quar\JEpceain C:\WA6P\Quar\jepdwlot C:\WA6P\Quar\JEpfkgen C:\WA6P\Quar\JEpfvshx C:\WA6P\Quar\JEpioxpe C:\WA6P\Quar\JEpivckk C:\WA6P\Quar\JEpjuxgc C:\WA6P\Quar\JEpjzmwk C:\WA6P\Quar\JEplunfv C:\WA6P\Quar\JEpmeyaz C:\WA6P\Quar\JEpnwyhg C:\WA6P\Quar\JEprzosr C:\WA6P\Quar\JEptenqh C:\WA6P\Quar\JEptwiyu C:\WA6P\Quar\JEptywfy C:\WA6P\Quar\JEpvdyyf C:\WA6P\Quar\JEpwouxl C:\WA6P\Quar\JEpyydbx C:\WA6P\Quar\JEpziqag C:\WA6P\Quar\JEqcxace C:\WA6P\Quar\JEqdtjwb C:\WA6P\Quar\JEqhozlt C:\WA6P\Quar\JEqhsiaw C:\WA6P\Quar\JEqhwwpa C:\WA6P\Quar\JEqiigvm C:\WA6P\Quar\JEqjgjbr C:\WA6P\Quar\JEqmhvtr C:\WA6P\Quar\JEqqnzid C:\WA6P\Quar\JEqyfixw C:\WA6P\Quar\JErbkmri C:\WA6P\Quar\JErccyod C:\WA6P\Quar\JErdwhyk C:\WA6P\Quar\JErfcaye C:\WA6P\Quar\JErkcoib C:\WA6P\Quar\JErkiyqu C:\WA6P\Quar\JErktmao C:\WA6P\Quar\JErnjsqu C:\WA6P\Quar\JErpqlsg C:\WA6P\Quar\JErrortx C:\WA6P\Quar\JEruzvnf C:\WA6P\Quar\JErywrfb C:\WA6P\Quar\JEsficyf C:\WA6P\Quar\JEsfkkyy C:\WA6P\Quar\JEsfpotg C:\WA6P\Quar\JEsgaulq C:\WA6P\Quar\JEsgrebv C:\WA6P\Quar\JEsgxtvd C:\WA6P\Quar\JEshytbd C:\WA6P\Quar\JEsjesdt C:\WA6P\Quar\JEsjsmix C:\WA6P\Quar\JEsksgdt C:\WA6P\Quar\JEslnnbp C:\WA6P\Quar\JEsmsmjp C:\WA6P\Quar\JEsmuyiy C:\WA6P\Quar\JEsnetxv C:\WA6P\Quar\JEsrpysy C:\WA6P\Quar\JEstuxrj C:\WA6P\Quar\JEsugicx C:\WA6P\Quar\JEsvgprg C:\WA6P\Quar\JEswmuqu C:\WA6P\Quar\JEswrqqz C:\WA6P\Quar\JEsxhllw C:\WA6P\Quar\JEszruwn C:\WA6P\Quar\JEtbqmwt C:\WA6P\Quar\JEtdnmeg C:\WA6P\Quar\JEteaqer C:\WA6P\Quar\JEtfsbob C:\WA6P\Quar\JEthdxmk C:\WA6P\Quar\JEtjfhlk C:\WA6P\Quar\JEtjpkig C:\WA6P\Quar\JEtkavwc C:\WA6P\Quar\JEtnyfkc C:\WA6P\Quar\JEtolmcw C:\WA6P\Quar\JEtpgmgg C:\WA6P\Quar\JEtpkdzp C:\WA6P\Quar\JEtsrfxo C:\WA6P\Quar\JEtvbelw C:\WA6P\Quar\JEtvvkvf C:\WA6P\Quar\JEtyqhaf C:\WA6P\Quar\JEtyrmnz C:\WA6P\Quar\JEtzzncq C:\WA6P\Quar\JEubsilg C:\WA6P\Quar\JEucditd C:\WA6P\Quar\JEugpqwp C:\WA6P\Quar\JEuhpqjr C:\WA6P\Quar\JEuiiabl C:\WA6P\Quar\JEujcwyl C:\WA6P\Quar\JEulkqse C:\WA6P\Quar\JEupsvrf C:\WA6P\Quar\JEurjaur C:\WA6P\Quar\JEusapjt C:\WA6P\Quar\JEuyvwyh C:\WA6P\Quar\JEvbgbze C:\WA6P\Quar\JEvcuhug C:\WA6P\Quar\JEvejjgc C:\WA6P\Quar\JEvjpdmy C:\WA6P\Quar\JEvnkkbn C:\WA6P\Quar\JEvomhue C:\WA6P\Quar\JEvoxgkk C:\WA6P\Quar\JEvpthbx C:\WA6P\Quar\JEvpynkd C:\WA6P\Quar\JEvqflvf C:\WA6P\Quar\JEvqwbfy C:\WA6P\Quar\JEvtlcwx C:\WA6P\Quar\JEvvtyfx C:\WA6P\Quar\JEvvwkqb C:\WA6P\Quar\JEvvwnpb C:\WA6P\Quar\JEvwbtwf C:\WA6P\Quar\JEvwhezo C:\WA6P\Quar\JEvydnay C:\WA6P\Quar\JEvzbymv C:\WA6P\Quar\JEwddahz C:\WA6P\Quar\JEwdigbi C:\WA6P\Quar\JEwdndoc C:\WA6P\Quar\JEwhfqvi C:\WA6P\Quar\JEwigkdi C:\WA6P\Quar\JEwlpunx C:\WA6P\Quar\JEwmdeav C:\WA6P\Quar\JEwmpbnc C:\WA6P\Quar\JEwqveyf C:\WA6P\Quar\JEwvjauj C:\WA6P\Quar\JEwvmnhw C:\WA6P\Quar\JEwvtsrk C:\WA6P\Quar\JEwwajhn C:\WA6P\Quar\JEwwkmyk C:\WA6P\Quar\JEwwolvr C:\WA6P\Quar\JEwzylyh C:\WA6P\Quar\JExekgtj C:\WA6P\Quar\JExemwcs C:\WA6P\Quar\JExeypfn C:\WA6P\Quar\JExgdfqr C:\WA6P\Quar\JExjramy C:\WA6P\Quar\JExkuhpf C:\WA6P\Quar\JExozqqa C:\WA6P\Quar\JExpcemp C:\WA6P\Quar\JExpcixd C:\WA6P\Quar\JExuklyv C:\WA6P\Quar\JExvpotw C:\WA6P\Quar\JExxiymu C:\WA6P\Quar\JExzoezf C:\WA6P\Quar\JExzwocs C:\WA6P\Quar\JEyaitjw C:\WA6P\Quar\JEygqgub C:\WA6P\Quar\JEyjjogx C:\WA6P\Quar\JEykdntw C:\WA6P\Quar\JEykxvdl C:\WA6P\Quar\JEylwbtq C:\WA6P\Quar\JEymghnr C:\WA6P\Quar\JEyqqjjd C:\WA6P\Quar\JEyraeef C:\WA6P\Quar\JEyufgoq C:\WA6P\Quar\JEyujyfn C:\WA6P\Quar\JEyvpptb C:\WA6P\Quar\JEyvxrit C:\WA6P\Quar\JEywkbvk C:\WA6P\Quar\JEyxfxhl C:\WA6P\Quar\JEyxpatg C:\WA6P\Quar\JEyycgqx C:\WA6P\Quar\JEzbzkgz C:\WA6P\Quar\JEzcgvof C:\WA6P\Quar\JEzfvnxc C:\WA6P\Quar\JEzijyzv C:\WA6P\Quar\JEzjmzkg C:\WA6P\Quar\JEzlmpcq C:\WA6P\Quar\JEzlnccp C:\WA6P\Quar\JEzmsxmp C:\WA6P\Quar\JEzrozkp C:\WA6P\Quar\JEzrzkya C:\WA6P\Quar\JEztfvlk C:\WA6P\Quar\JEztjqrq C:\WA6P\Quar\JEzupszf C:\WA6P\Quar\JEzuwqph C:\WA6P\Quar\JEzvjhkq C:\WA6P\Quar\ladobbhr C:\WA6P\Quar\luaztmrw C:\WA6P\Quar\luccvthi C:\WA6P\Quar\lufthlvk C:\WA6P\Quar\lufwnavv C:\WA6P\Quar\lukxlsnr C:\WA6P\Quar\lumaxtao C:\WA6P\Quar\luparzhu C:\WA6P\Quar\luphlxxi C:\WA6P\Quar\luzmbrau C:\WA6P\Quar\luznzzkb C:\WA6P\Quar\Medcojtf C:\WA6P\Quar\meknmjwz C:\WA6P\Quar\NPAVI32.DLLkuhyekkx C:\WA6P\Quar\NPdujlke C:\WA6P\Quar\Npirckit C:\WA6P\Quar\nvaguern C:\WA6P\Quar\nvboomcd C:\WA6P\Quar\nvbwfcco C:\WA6P\Quar\nvccoeqm C:\WA6P\Quar\nvcgtdbw C:\WA6P\Quar\nvcxdyky C:\WA6P\Quar\nvdqhnwy C:\WA6P\Quar\nvgepobc C:\WA6P\Quar\nvgldxad C:\WA6P\Quar\nvhljnxo C:\WA6P\Quar\nvhojnvm C:\WA6P\Quar\nvidbkfx C:\WA6P\Quar\nvjjgood C:\WA6P\Quar\nvmxsuir C:\WA6P\Quar\nvpaithv C:\WA6P\Quar\nvpelpmb C:\WA6P\Quar\nvpnpuqv C:\WA6P\Quar\nvpqcfna C:\WA6P\Quar\nvsgumcp C:\WA6P\Quar\nvspggom C:\WA6P\Quar\nvssoaen C:\WA6P\Quar\nvtyzmjw C:\WA6P\Quar\nvuwokmi C:\WA6P\Quar\nvvehhjw C:\WA6P\Quar\nvvkkqin C:\WA6P\Quar\nvxhamrs C:\WA6P\Quar\nvxjsaaw C:\WA6P\Quar\nvyzldsz C:\WA6P\Quar\Reawkwjh C:\WA6P\Quar\SEiecnso C:\WA6P\Quar\spwhbbkc C:\WA6P\Quar\trbfedmv C:\WA6P\Quar\undzdwqa C:\WA6P\Quar\vimpubrl C:\WA6P\Quar\vioodgpv C:\WINDOWS\cookies.ini C:\WINDOWS\pack.epk C:\WINDOWS\pskt.ini C:\WINDOWS\system32\ajcowrxw.dll C:\WINDOWS\system32\aksjkiwt.ini C:\WINDOWS\system32\axpqeirt.exe C:\WINDOWS\system32\bukxosco.dll C:\WINDOWS\system32\bwceyrnu.dll C:\WINDOWS\system32\chjscycv.dll C:\WINDOWS\system32\cvrlsala.ini C:\WINDOWS\system32\drivers\vspf_hk5.sys C:\WINDOWS\system32\drivers\vspf5.sys C:\WINDOWS\system32\eatocwxi.exe C:\WINDOWS\system32\egeueeer.dll C:\WINDOWS\system32\eggbhbup.dll C:\WINDOWS\system32\egpcyfim.exe C:\WINDOWS\system32\ewppmsgh.exe C:\WINDOWS\system32\fkscfoar.dll C:\WINDOWS\system32\gjclywtr.exe C:\WINDOWS\system32\gnbjccun.dll C:\WINDOWS\system32\hjiijjjl.ini C:\WINDOWS\system32\hjiijjjl.ini2 C:\WINDOWS\system32\hkutdxny.ini C:\WINDOWS\system32\hlkimssy.exe C:\WINDOWS\system32\ieadsdua.ini C:\WINDOWS\system32\jfaljgue.ini C:\WINDOWS\system32\jkngmraf.dll C:\WINDOWS\system32\jwxwsdxi.dll C:\WINDOWS\system32\kkyefodu.exe C:\WINDOWS\system32\lmopqqru.ini C:\WINDOWS\system32\lmopqqru.ini2 C:\WINDOWS\system32\lwgdivda.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mmtmshuc.dll C:\WINDOWS\system32\nilvbqpy.dll C:\WINDOWS\system32\nmxhtmmx.dll C:\WINDOWS\system32\nvdksahpow_navtmp.dat C:\WINDOWS\system32\qctiaoae.dll C:\WINDOWS\system32\qpoigcyc.ini C:\WINDOWS\system32\saxrensc.ini C:\WINDOWS\system32\stera.log C:\WINDOWS\system32\syvocias.dll C:\WINDOWS\system32\tcdoswyc.dll C:\WINDOWS\system32\tnrjfagq.dll C:\WINDOWS\system32\tsntpalx.dll C:\WINDOWS\system32\ucrxrxcu.ini C:\WINDOWS\system32\uwayycdd.ini C:\WINDOWS\system32\uwayycdd.ini2 C:\WINDOWS\system32\vbbdxvtb.ini C:\WINDOWS\system32\vcycsjhc.ini C:\WINDOWS\system32\vndfkojv.exe C:\WINDOWS\system32\wvyjfiw.dat C:\WINDOWS\system32\wvyjfiw.exe C:\WINDOWS\system32\wvyjfiw_nav.dat C:\WINDOWS\system32\wvyjfiw_navps.dat C:\WINDOWS\system32\xmmthxmn.ini C:\WINDOWS\system32\yclejsuu.dll C:\WINDOWS\system32\ypqbvlin.ini C:\WINDOWS\system32\yxbrklbx.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN -------\Legacy_FWSVC -------\Legacy_VSPF -------\Legacy_VSPF_HK ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))))))) . 2008-06-10 22:46 . 2008-06-10 22:46 <REP> d-------- C:\Documents and Settings\Claire\Application Data\ScanSoft 2008-06-10 22:43 . 2008-06-10 22:49 <REP> d-------- C:\Documents and Settings\Claire\Application Data\Canon 2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 22:55 . 2008-06-09 22:55 <REP> d-------- C:\Program Files\Trend Micro 2008-06-03 02:28 . 2008-06-03 02:28 364 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-27 23:22 . 2008-05-27 23:22 280,576 --a------ C:\WINDOWS\system32\urqqpoml.dll 2008-05-25 22:48 . 2008-05-25 22:48 <REP> d-------- C:\Program Files\Alwil Software 2008-05-24 01:00 . 2008-05-24 01:00 46,592 --a------ C:\Documents and Settings\Jean-Luc VIGNOLI\fopn.sys 2008-05-23 23:37 . 2008-05-23 23:37 <REP> d-------- C:\Program Files\Lavasoft 2008-05-23 23:37 . 2008-05-23 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-23 22:52 . 2008-06-11 23:05 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-21 02:06 . 2008-05-21 02:06 <REP> d-------- C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\TuneUp Software 2008-05-21 02:06 . 2008-05-21 02:06 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-21 02:06 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-05-21 02:05 . 2008-05-25 18:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-05-21 02:05 . 2008-05-21 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-21 02:03 . 2008-05-23 23:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-19 21:35 . 2008-05-19 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-05-19 21:21 . 2008-06-11 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 10:57 . 2008-05-18 10:57 118,784 --a------ C:\WINDOWS\system32\icogdaxj.dll 2008-05-18 10:52 . 2008-06-08 00:58 48 --a------ C:\WINDOWS\BM4b134963.xml 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 19:22 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\Canon 2008-06-10 21:43 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-25 23:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-25 00:25 --------- d-----w C:\Program Files\Dictionnaire 2008-05-20 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-19 19:33 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\AdobeUM 2008-05-18 15:01 --------- d-----w C:\Program Files\IrfanView 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-03 15:42 --------- d-----w C:\Program Files\Google 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4200261-FD62-41C9-ADCB-28C2CD7ECBFB}] 2008-05-27 23:22 280576 --a------ C:\WINDOWS\system32\urqqpoml.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-21 23:47 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 20:24 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff] C:\WINDOWS\system32\alaslrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 07:00] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-21 02:06] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-06-11 21:08:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 23:09:27 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hercules\WiFi Station\WiFiStation.exe C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe C:\Program Files\Popit\PopitNG.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-11 23:12:40 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-11 21:12:34 Pre-Run: 75,747,975,168 octets libres Post-Run: 77,950,996,480 octets libres 790 --- E O F --- 2008-06-10 21:03:23 Log2: ComboFix 08-06-10.5 - Jean-Luc VIGNOLI 2008-06-11 23:30:45.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.126 [GMT 2:00] Endroit: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\system32\alaslrvc.dll C:\WINDOWS\system32\egeueeer.dll C:\WINDOWS\system32\jkngmraf.dll C:\WINDOWS\system32\urqqpoml.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\urqqpoml.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-05-11 to 2008-06-11 )))))))))))))))))))))))))))))))))))) . 2008-06-11 23:12 . 2008-06-11 23:12 <REP> d-------- C:\Documents and Settings\InvitÚ 2008-06-10 22:46 . 2008-06-10 22:46 <REP> d-------- C:\Documents and Settings\Claire\Application Data\ScanSoft 2008-06-10 22:43 . 2008-06-10 22:49 <REP> d-------- C:\Documents and Settings\Claire\Application Data\Canon 2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-09 22:55 . 2008-06-09 22:55 <REP> d-------- C:\Program Files\Trend Micro 2008-06-03 02:28 . 2008-06-03 02:28 364 --a------ C:\WINDOWS\system32\MRT.INI 2008-05-25 22:48 . 2008-05-25 22:48 <REP> d-------- C:\Program Files\Alwil Software 2008-05-24 01:00 . 2008-05-24 01:00 46,592 --a------ C:\Documents and Settings\Jean-Luc VIGNOLI\fopn.sys 2008-05-23 23:37 . 2008-05-23 23:37 <REP> d-------- C:\Program Files\Lavasoft 2008-05-23 23:37 . 2008-05-23 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-05-23 22:52 . 2008-06-11 23:05 1,409 --a------ C:\WINDOWS\QTFont.for 2008-05-21 02:06 . 2008-05-21 02:06 <REP> d-------- C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\TuneUp Software 2008-05-21 02:06 . 2008-05-21 02:06 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-05-21 02:06 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-05-21 02:05 . 2008-05-25 18:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2008 2008-05-21 02:05 . 2008-05-21 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-05-21 02:03 . 2008-05-23 23:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-05-19 21:35 . 2008-05-19 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe 2008-05-19 21:21 . 2008-06-11 23:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-05-18 10:57 . 2008-05-18 10:57 118,784 --a------ C:\WINDOWS\system32\icogdaxj.dll 2008-05-18 10:52 . 2008-06-08 00:58 48 --a------ C:\WINDOWS\BM4b134963.xml 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-11 19:22 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\Canon 2008-06-10 21:43 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-05-25 23:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-05-25 00:25 --------- d-----w C:\Program Files\Dictionnaire 2008-05-20 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-05-19 19:33 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\AdobeUM 2008-05-18 15:01 --------- d-----w C:\Program Files\IrfanView 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-03 15:42 --------- d-----w C:\Program Files\Google 2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys 2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys 2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-21 23:47 32768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280] "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472] "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 20:24 77824] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] C:\Documents and Settings\Jean-Luc VIGNOLI\Menu D‚marrer\Programmes\D‚marrage\ PopitNG.lnk - C:\Program Files\Popit\PopitNG.exe [2006-10-09 22:07:56 120832] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2006-09-01 19:53:59 626176] Wireless 802.11g USB Adapter.lnk - C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe [2004-11-19 11:34:00 425984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff] C:\WINDOWS\system32\alaslrvc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 07:00] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-21 02:06] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-06-11 21:08:59 C:\WINDOWS\Tasks\Maintenance en 1 clic.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-11 23:32:40 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-06-11 23:33:53 ComboFix-quarantined-files.txt 2008-06-11 21:33:49 ComboFix2.txt 2008-06-11 21:12:41 Pre-Run: 77,990,969,344 octets libres Post-Run: 77,980,053,504 octets libres 141 --- E O F --- 2008-06-10 21:03:23 -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Bonjour Angélique, As-tu eu ma réponse de cette nuit, après que j'ai fait toutes les manip que tu m'avais indiquées et avec mon nouveau fichier ComboFix.txt ? @+, Jean-Luc. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a répondu à un(e) sujet de JLVIVI dans Analyses et éradication malwares
Merci Angélique pour ton aide précieuse. Je vais essayer tout ça ce soir chez moi car ici je suis sur le PC de mon boulot et c'est sur le mien à la maison que j'ai le problème. Au fait, c'est quoi globalement le problème que j'ai là sur mon PC ? (Virus, spyware, trojan cheval de troie, etc... ?) Je te tiens au courant dès que j'aurai fait les manip, et encore merci. Jean-Luc. -
[resolu]Demande d'aide sur mon Rapport HijackThis
JLVIVI a posté un sujet dans Analyses et éradication malwares
Bonjour ! Qui peut m'aider ? Je n'arrive plus à ouvrir Yahoo! mail... Et parfois sur Yahoo! France ou sur Google, le recherche d'un sujet de fonctionne plus: reste en attente. Voici mon log HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:14:11, on 09/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe C:\Program Files\Popit\PopitNG.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: (no name) - {02A9F7FB-DDFB-40C9-A5A6-49542CDB035A} - (no file) O2 - BHO: (no name) - {0515AD12-2FDC-4AB5-83C5-BBC338864C1D} - (no file) O2 - BHO: (no name) - {1C9A38FC-41E3-465B-8947-D7F4BAFC3C24} - C:\WINDOWS\system32\urqqpoml.dll O2 - BHO: (no name) - {2178F3FB-2560-458f-BDEE-631E2FE0DFE4} - (no file) O2 - BHO: (no name) - {2AA922C9-DCA6-47B9-907D-AF8D2B81088F} - (no file) O2 - BHO: (no name) - {3DD68D59-770C-4946-8D32-817E1D9ED950} - (no file) O2 - BHO: (no name) - {535890F8-9335-4AD5-942D-426999D1493C} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {705B8941-13F0-4557-AF8B-A0BCC3D32F20} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {A38FBEAB-94C8-434F-82F7-2FF6C6B09237} - (no file) O2 - BHO: (no name) - {AA04F9F6-AE13-49B1-8B33-81EF89972B5B} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar7.dll O2 - BHO: (no name) - {AD287403-B876-47C6-B147-F41E3CECB70C} - (no file) O2 - BHO: (no name) - {B5141620-C2B2-4d95-9F0F-134D99C87AB0} - (no file) O2 - BHO: (no name) - {D5FD78F2-469C-40D0-9DFA-805070509189} - (no file) O2 - BHO: (no name) - {DB591710-7FF3-49BC-8669-92B76439B4EB} - (no file) O2 - BHO: {0f4e4e24-ec36-7508-3354-2973bc81dede} - {eded18cb-3792-4533-8057-63ce42e4e4f0} - C:\WINDOWS\system32\jkngmraf.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar7.dll O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [48207aff] rundll32.exe "C:\WINDOWS\system32\alaslrvc.dll",b O4 - HKLM\..\Run: [rtasks] C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe O4 - HKLM\..\Run: [bM4b134963] Rundll32.exe "C:\WINDOWS\system32\egeueeer.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PopitNG.lnk = C:\Program Files\Popit\PopitNG.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab O18 - Protocol: bw+0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O20 - Winlogon Notify: urqqpnki - urqqpnki.dll (file missing) O21 - SSODL: gimmicks - {40dcff6e-af8d-4183-8ebe-a82270ac449e} - (no file) O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- End of file - 22422 bytes Merci beaucoup pour votre aide. Jean-Luc. Voici aussi le "StartupList": StartupList report, 09/06/2008, 23:18:04 StartupList version: 1.52.2 Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16640) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acer\Acer eConsole\MediaServerService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe C:\Program Files\Popit\PopitNG.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Jean-Luc VIGNOLI\Menu Démarrer\Programmes\Démarrage] PopitNG.lnk = C:\Program Files\Popit\PopitNG.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE WiFi Station.lnk = ? Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Logitech Hardware Abstraction Layer = KHALMNPR.EXE LVCOMSX = C:\WINDOWS\system32\LVCOMSX.EXE LogitechCameraAssistant = C:\Program Files\Logitech\Video\CameraAssistant.exe LogitechVideo[inspector] = C:\Program Files\Logitech\Video\InstallHelper.exe /inspect LogitechCameraService(E) = C:\WINDOWS\system32\ElkCtrl.exe /automation QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 48207aff = rundll32.exe "C:\WINDOWS\system32\alaslrvc.dll",b rtasks = C:\Program Files\WinAntiVirus Pro 2006\rtasks.exe BM4b134963 = Rundll32.exe "C:\WINDOWS\system32\egeueeer.dll",s -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\system32\MYLENE~1.SCR drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670} (no name) - (no file) - {02A9F7FB-DDFB-40C9-A5A6-49542CDB035A} (no name) - (no file) - {0515AD12-2FDC-4AB5-83C5-BBC338864C1D} (no name) - C:\WINDOWS\system32\urqqpoml.dll - {1C9A38FC-41E3-465B-8947-D7F4BAFC3C24} (no name) - (no file) - {2178F3FB-2560-458f-BDEE-631E2FE0DFE4} (no name) - (no file) - {2AA922C9-DCA6-47B9-907D-AF8D2B81088F} (no name) - (no file) - {3DD68D59-770C-4946-8D32-817E1D9ED950} (no name) - (no file) - {535890F8-9335-4AD5-942D-426999D1493C} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - (no file) - {705B8941-13F0-4557-AF8B-A0BCC3D32F20} (no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - (no file) - {A38FBEAB-94C8-434F-82F7-2FF6C6B09237} (no name) - (no file) - {AA04F9F6-AE13-49B1-8B33-81EF89972B5B} (no name) - c:\program files\google\googletoolbar7.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - (no file) - {AD287403-B876-47C6-B147-F41E3CECB70C} (no name) - (no file) - {B5141620-C2B2-4d95-9F0F-134D99C87AB0} (no name) - (no file) - {D5FD78F2-469C-40D0-9DFA-805070509189} (no name) - (no file) - {DB591710-7FF3-49BC-8669-92B76439B4EB} {0f4e4e24-ec36-7508-3354-2973bc81dede} - C:\WINDOWS\system32\jkngmraf.dll - {eded18cb-3792-4533-8057-63ce42e4e4f0} -------------------------------------------------- Enumerating Task Scheduler jobs: Maintenance en 1 clic.job -------------------------------------------------- Enumerating Download Program Files: [{2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6}] CODEBASE = http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab [YInstStarter Class] InProcServer32 = C:\Program Files\Yahoo!\Common\yinsthelper.dll CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll [PB_Uploader Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\uploader_uni.ocx CODEBASE = http://www.photoways.com/clients/uploader_uni_dd_final.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll gimmicks: *Registry key not found* WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- End of report, 8 806 bytes Report generated in 0,094 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only