Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

a l'aide

weld

Par weld
dans Analyses et éradication malwares

 Partager

Messages recommandés

weld Member

weld

Posté(e)
Posté(e)

salut les pros,j'ai un serieux probleme avec le pc de ma copine,pop pop a chaque ouverture de internet explorer,page qui ne s'ouvre pas msn,fonctionne a moitier,voila ce que j'ai fais,ad-aware,spy-bot,antivirus en ligne,nettoyage registre avec regseeker,nettoyage complet avec ccleaner,tous ca en mode sans echec et rien n'y fait toujours des problemes

 

voici le rapport

 

StartupList report, 2008-08-01, 14:25:31

StartupList version: 1.52.2

Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE

Detected: Windows XP SP2 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

C:\WINDOWS\AnyTrial.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\AV9\av2009.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Startup:

[C:\Documents and Settings\Poste\Menu Démarrer\Programmes\Démarrage]

Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

CloneDVDElbyDelay = "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

High Definition Audio Property Page Shortcut = HDAShCut.exe

HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe

NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

nwiz = nwiz.exe /install

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

RemoteControl = "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

SoundMAXPnP = C:\Program Files\Analog Devices\Core\smax4pnp.exe

DAEMON Tools = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

ISUSPM Startup = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

ISUSScheduler = "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

CloneCDTray = "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

CMPDPSRV = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

3cccb27e = rundll32.exe "C:\WINDOWS\system32\pnxfhwgd.dll",b

BM3fff81e2 = Rundll32.exe "C:\WINDOWS\system32\qihjxtlf.dll",s

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

swg = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

NBJ = "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

WMPNSCFG = C:\Program Files\Windows Media Player\WMPNSCFG.exe

AnyDVD = C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

94131419013377932983590931558262 = C:\Program Files\AV9\av2009.exe

ieupdate = "C:\WINDOWS\system32\ieupdates.exe"

 

--------------------------------------------------

 

Load/Run keys from C:\WINDOWS\WIN.INI:

 

load=*INI section not found*

run=*INI section not found*

 

Load/Run keys from Registry:

 

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*

HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*

HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*

HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*

HKCU\..\Windows NT\CurrentVersion\Windows: load=

HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*

HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=zpqopw.dll

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=C:\WINDOWS\system32\MAT2.scr

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Task Scheduler jobs:

 

AppleSoftwareUpdate.job

Vérifier les mises à jour de Windows Live Toolbar.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[CabBuilder]

CODEBASE = http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

OSD = C:\WINDOWS\Downloaded Program Files\OSDED4D.OSD

 

[stagingUI Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\StagingUI.ocx

CODEBASE = http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

 

[Creative Software AutoUpdate]

InProcServer32 = C:\WINDOWS\DOWNLO~1\CTSUEng.ocx

CODEBASE = http://www.creative.com/su/ocx/15031/CTSUEng.cab

 

[Windows Genuine Advantage Validation Tool]

InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll

CODEBASE = http://go.microsoft.com/fwlink/?linkid=39204

 

[YInstStarter Class]

InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll

CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

 

[MSN Games – Buddy Invite]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZBuddy.ocx

CODEBASE = http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

 

[MSN Photo Upload Tool]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll

CODEBASE = http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

 

[ZonePAChat Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPAChat.ocx

CODEBASE = http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

 

[bDSCANONLINE Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx

CODEBASE = http://www.zebulon.fr/scan8/oscan8.cab

 

[MSN Games - Installer]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx

CODEBASE = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[MSN Games – Game Communicator]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\StProxy.dll

CODEBASE = http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

 

[Creative Software AutoUpdate Support Package]

InProcServer32 = C:\WINDOWS\DOWNLO~1\CTPID.ocx

CODEBASE = http://www.creative.com/su/ocx/15031/CTPID.cab

 

[ChessControl Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZPA_KQRP.dll

CODEBASE = http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\system32\webcheck.dll

SysTray: C:\WINDOWS\system32\stobject.dll

WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

 

--------------------------------------------------

End of report, 9 611 bytes

Report generated in 0,032 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Bonsoir,

 

Fais un log de façon classique stp.

img-2052493qxas.png

@+

weld Member

weld

Posté(e)
  • Auteur
Posté(e)

desole c`est ma premiere fois avec ce soft

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:15, on 2008-08-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

C:\WINDOWS\AnyTrial.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wwSecure.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=fr-ca

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [3cccb27e] rundll32.exe "C:\WINDOWS\system32\pnxfhwgd.dll",b

O4 - HKLM\..\Run: [bM3fff81e2] Rundll32.exe "C:\WINDOWS\system32\qihjxtlf.dll",s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [94131419013377932983590931558262] C:\Program Files\AV9\av2009.exe

O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\ieupdates.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?efe629db3df04380bb960a069b381c61

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?efe629db3df04380bb960a069b381c61

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll

O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Poste\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab

O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: zpqopw.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp :P - C:\WINDOWS\AnyTrial.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

O24 - Desktop Component 0: (no name) - http://www.fond-ecran.com/ORIGINAUX/nature.../oceans_014.jpg

 

--

End of file - 10813 bytes

 

 

mieux comme ca?

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Re,

 

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

 

  • Lance l'installation du programme en exécutant le fichier téléchargé.
    Double-clique sur le raccourci de Toolbar-S&D.
    Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
     
     
    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu dans ta réponse.
     
    NB: Si ton Bureau ne réapparaissait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
     
    **Télécharge
SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
***Si le lien ne fonctionne pas, essaie celui-ci : http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***
 
Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\).
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
  • Redémarre ton ordinateur
  • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
  • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
  • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
  • Choisis ton compte.

Déroule la liste des instructions ci-dessous :

  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
  • Appuie sur une touche pour redémarrer le PC.
  • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
  • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

N.B.:

- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.

- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de télécharger une nouvelle version lorsque le nettoyage dure et que l'outil ne semble pas tout voir.

 

Après le radémarrage fais un nouveau log Hijackthis que tu posteras avec celui de SDFix stp.

 

@+ tard.

weld Member

weld

Posté(e)
  • Auteur
Posté(e)

rapport toolbar s&d

 

 

-----------\\ ToolBar S&D 1.0.7 XP/Vista

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : Poste ] [ "C:\Toolbar SD" ] [ Selection : 2 ]

[ 2008-08-02 | 14:16:03,32 ] [ PC : 56530CF55DC64F5 ]

[ MAJ : 25-07-2008 | 17:35 ]

 

-----------\\ SUPPRESSION

 

Supprime! - C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt

Supprime! - C:\Program Files\FBrowsingAdvisor\Logo.png

Supprime! - C:\Program Files\FBrowsingAdvisor\main.db

Supprime! - C:\Program Files\FBrowsingAdvisor\unins000.dat

Supprime! - C:\Program Files\FBrowsingAdvisor\unins000.exe

Supprime! - C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll

Supprime! - C:\Program Files\InternetSoftware\InternetSoftware-2.dll

Supprime! - C:\Program Files\InternetSoftware\InternetSoftware.dat

Supprime! - C:\Program Files\InternetSoftware\pcre3.dll

Supprime! - C:\Program Files\InternetSoftware\uninstall.exe

Supprime! - C:\Program Files\PlayMP3z\uninstall.exe

Supprime! - C:\DOCUME~1\Poste\MENUDM~1\PROGRA~1\PlayMP3z

Supprime! - C:\WINDOWS\Fonts\acrsec.fon

Supprime! - C:\WINDOWS\Fonts\acrsecB.fon

Supprime! - C:\WINDOWS\Fonts\acrsecI.fon

Supprime! - C:\DOCUME~1\Poste\LOCALS~1\Temp\tem65.tmp.exe

Supprime! - C:\DOCUME~1\Poste\LOCALS~1\Temp\tem69.tmp.exe

Supprime! - C:\DOCUME~1\Poste\LOCALS~1\Temp\tem6E.tmp.exe

Supprime! - C:\Program Files\Conduit

Supprime! - C:\Program Files\FBrowserAdvisor

Supprime! - C:\Program Files\FBrowsingAdvisor

Supprime! - C:\Program Files\InternetSoftware

Supprime! - C:\Program Files\PlayMP3z

 

-----------\\ Recherche de Fichiers / Dossiers ...

 

 

-----------\\ [..\Internet Explorer\Main]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.ca/"

"Search Page"="http://www.google.com"

"Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Default_Search_URL"="http://www.google.com/ie"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://sympatico.msn.ca/?lang=fr-ca"

 

 

-----------\\ Fin du rapport a 14:19:53,93

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Fais le scan avec SDFix en mode sans échec comme déjà demandé stp.

@+

weld Member

weld

Posté(e)
  • Auteur
Posté(e)

rapport sdfix

 

 

SDFix: Version 1.211

Run by Poste on 2008-08-02 at 14:37

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Default Security Values

Restoring Default Hosts File

 

Rebooting

 

 

Checking Files :

 

Trojan Files Found:

 

C:\Documents and Settings\Poste\Local Settings\Temp\upd70.tmp.exe - Deleted

C:\DOCUME~1\Poste\LOCALS~1\Temp\removalfile.bat - Deleted

C:\WINDOWS\system32\ieupdates.exe - Deleted

C:\WINDOWS\system32\winsrc.dll - Deleted

C:\WINDOWS\system32\nvrsul32.dll - Deleted

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

C:\WINDOWS

:2B681DE84E2766F5 24

Total size: 24 bytes.

WINDOWS: Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.

 

Checking for remaining Streams

 

C:\WINDOWS

:2B681DE84E2766F5 24

Total size: 24 bytes.

 

 

 

 

Final Check :

 

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-08-02 14:49:15

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:a1e8d9ee

"s2"=dword:4254353d

"h0"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c7,08,fe,f3,dd,f6,7e,0c,d9,7e,ab,0c,ad,de,60,47,65,3e,57,27,c1,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,1d,fc,b2,0a,fa,28,98,ec,25,a5,a4,9a,0b,f8,d8,4c,63,..

"khjeh"=hex:2d,52,b3,c1,31,c2,56,0e,c9,b3,b5,09,cf,32,4c,db,d2,52,d9,e4,ba,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:44,01,65,40,d5,6a,7f,1d,0e,4e,24,69,2f,24,f1,a5,bd,2f,a4,8c,dc,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:c7,08,fe,f3,dd,f6,7e,0c,d9,7e,ab,0c,ad,de,60,47,65,3e,57,27,c1,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"a0"=hex:20,01,00,00,1d,fc,b2,0a,fa,28,98,ec,25,a5,a4,9a,0b,f8,d8,4c,63,..

"khjeh"=hex:2d,52,b3,c1,31,c2,56,0e,c9,b3,b5,09,cf,32,4c,db,d2,52,d9,e4,ba,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:44,01,65,40,d5,6a,7f,1d,0e,4e,24,69,2f,24,f1,a5,bd,2f,a4,8c,dc,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\MPPRE10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{077ACEC7-979C-40AB-9835-435BA1511E0D}\mppre10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDM10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\wmdm10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000e3e

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\WMSET10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\wmset10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000e3e

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\MPSTUB10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\mpstub10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\WPD10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\codecs10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMFSDK10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmfsdk10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000eda

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\DRM10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drm10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000e3e

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\MPCD10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\mpcd10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}]

"FriendlyName"="Windows Media Files"

"ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}"

"Version"=dword:000a0000

"Sub-Version"=dword:00000e3e

"ExceptionInfName"=str(2):"C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\WMP10.inf"

"ExceptionCatalogName"=str(2):"C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp10.cat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwDir]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SWFlash]

"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Mass Storage]

"DeviceInterface"="{53F5630D-B6BF-11D0-94F2-00A0C91EFB8B}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Portable Audio Players]

"DeviceInterface"="{F33FDC04-D1AC-4E8E-9A30-19BBD4B108AE}"

"FilterParameter"="UseExtendedWmdm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE]

"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDeviceClasses\Windows CE RNDIS]

"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDevice]

"DeviceInterface"="{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}"

"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\KnownDevices\WinCEDeviceRNDIS]

"DeviceInterface"="{ad498944-762f-11d0-8dcb-00c04fc3358c}"

"WMDMSPCLSID"="{067B4B81-B1EC-489f-B111-940EBDC44EBE}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]

"ProgID"="MsScp.SCPTRANS.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Device Manager\Plugins\SP\NeroBurnPlugin]

"ProgID"="MDNeroBurnPlugin.MDNeroBurnPlugin"

 

scanning hidden files ...

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 0

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"

"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"C:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe"="C:\\Program Files\\SSI\\Silent Hunter II\\Shell\\SH2.exe:*:Enabled:SH2"

"C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Disabled:Torrent P2P application"

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"

"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CMpdpsrv.exe:*:Disabled:PDP RPC Server"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"

"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Thu 22 May 2008 17,408 A.SH. --- "C:\WINDOWS\AnyTrial.exe"

Sat 2 Aug 2008 84 A.SH. --- "C:\WINDOWS\SB63DE917.tmp"

Sun 12 Mar 2006 10,311,680 A.SH. --- "C:\Program Files\AVIConverter\mencoder.exe"

Mon 8 May 2006 249,856 A..H. --- "C:\Program Files\BabasChess\BabasCrashReport.exe"

Sat 3 Feb 2001 48,640 A..H. --- "C:\Program Files\BabasChess\timeseal.exe"

Mon 23 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Sun 16 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Wed 16 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT1.tmp"

 

Finished!

weld Member

weld

Posté(e)
  • Auteur
Posté(e)

nouveau hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:54:15, on 2008-08-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

C:\WINDOWS\AnyTrial.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wwSecure.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\Program Files\AV9\av2009.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Windows Live Toolbar\msn_sl.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=fr-ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKLM\..\Run: [3cccb27e] rundll32.exe "C:\WINDOWS\system32\rxxludxf.dll",b

O4 - HKLM\..\Run: [bM3fff81e2] Rundll32.exe "C:\WINDOWS\system32\ftcqmbtd.dll",s

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKCU\..\Run: [94131419013377932983590931558262] C:\Program Files\AV9\av2009.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?efe629db3df04380bb960a069b381c61

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?efe629db3df04380bb960a069b381c61

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll

O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Poste\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab

O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: zpqopw.dll zywfec.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp :P - C:\WINDOWS\AnyTrial.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

O24 - Desktop Component 0: (no name) - http://www.fond-ecran.com/ORIGINAUX/nature.../oceans_014.jpg

 

--

End of file - 10806 bytes

Apollo Devil Member !

Apollo

Posté(e)
Posté(e)

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen complet"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.

 

Avec un nouveau log Hijackthis fait après.

@+

weld Member

weld

Posté(e)
  • Auteur
Posté(e)

rapport mbam

 

Malwarebytes' Anti-Malware 1.24

Version de la base de données: 1017

Windows 5.1.2600 Service Pack 2

 

15:32:17 2008-08-02

mbam-log-8-2-2008 (15-32-17).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 88819

Temps écoulé: 17 minute(s), 47 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 2

Clé(s) du Registre infectée(s): 17

Valeur(s) du Registre infectée(s): 3

Elément(s) de données du Registre infecté(s): 2

Dossier(s) infecté(s): 3

Fichier(s) infecté(s): 42

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

C:\WINDOWS\system32\vtULffFX.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\zywfec.dll (Trojan.Vundo) -> Delete on reboot.

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{265f3caf-946e-4f6c-86be-76af44aec333} (Trojan.Vundo) -> Delete on reboot.

HKEY_CLASSES_ROOT\CLSID\{265f3caf-946e-4f6c-86be-76af44aec333} (Trojan.Vundo) -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dedaf42f-e9fd-4a1b-a0f4-415823ce96c5} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{dedaf42f-e9fd-4a1b-a0f4-415823ce96c5} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1484e0d6-2d85-4b81-87f4-48bd8e45754f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{1484e0d6-2d85-4b81-87f4-48bd8e45754f} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3cccb27e (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\94131419013377932983590931558262 (Rogue.Antivirus2009) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm3fff81e2 (Trojan.Agent) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtulfffx -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\vtulfffx -> Delete on reboot.

 

Dossier(s) infecté(s):

C:\Program Files\Live_TV (Adware.Agent) -> Quarantined and deleted successfully.

C:\Program Files\AV9 (Rogue.Antivirus2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\WINDOWS\system32\vtULffFX.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\XFffLUtv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\XFffLUtv.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\zywfec.dll (Trojan.Vundo) -> Delete on reboot.

C:\WINDOWS\system32\adqcijca.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\acjicqda.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\elbcwajb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bjawcble.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\pnxfhwgd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\dgwhfxnp.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rqRLbXRl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lRXbLRqr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\lRXbLRqr.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rxxludxf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fxdulxxr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\yxgohuoh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\houhogxy.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\gzsyfa.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\WXEB0DQR\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Local Settings\Temporary Internet Files\Content.IE5\F4PHSQM4\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Local Settings\Temporary Internet Files\Content.IE5\JZ43I2GQ\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Local Settings\Temporary Internet Files\Content.IE5\S9UVGDAF\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{094A1BB0-9F45-47DE-A788-F2430E9DF669}\RP821\A0073758.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{094A1BB0-9F45-47DE-A788-F2430E9DF669}\RP821\A0073764.cpl (Rogue.XPAntivirus) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{094A1BB0-9F45-47DE-A788-F2430E9DF669}\RP821\A0073813.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\Toolbar SD\Backup-TB\DOCUME~1\Poste\LOCALS~1\Temp\tem65.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Toolbar SD\Backup-TB\DOCUME~1\Poste\LOCALS~1\Temp\tem6E.tmp.exe (Adware.Agent) -> Quarantined and deleted successfully.

C:\Toolbar SD\Backup-TB\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ettnuuhq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Program Files\AV9\av2009.exe (Rogue.Antivirus2009) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ftcqmbtd.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM3fff81e2.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BM3fff81e2.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\fccdcATL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\Poste\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

 

 

nouveau rapport hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38:00, on 2008-08-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

C:\WINDOWS\AnyTrial.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Webshots\WebshotsTray.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/?lang=fr-ca

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [CMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CMPDPSRV.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?efe629db3df04380bb960a069b381c61

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?efe629db3df04380bb960a069b381c61

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll

O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Poste\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab

O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15031/CTPID.cab

O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O20 - AppInit_DLLs: zpqopw.dll zywfec.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\documents and settings\poste\bureau\trucs a eric\installation\a-squared free\a2service.exe

O23 - Service: BugSoft AnyTrial (AnyTrial) - Dr.Pc Putte Corp :P - C:\WINDOWS\AnyTrial.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe

O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

O24 - Desktop Component 0: (no name) - http://www.fond-ecran.com/ORIGINAUX/nature.../oceans_014.jpg

 

--

End of file - 10538 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...