[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[spiriteom]

Salut Snooky,

je suis face à un petit soucis avec un des ordinateurs appartenant à la mairie où je travail. Nous avons un win XP PRO SP1, et en antivirus McAfee.

Je dois avoir un spy dans le pc car j'ai des popup qui s'affiche en utilisant les service de message de XP, bon c'est pas grave mais il laisse entrer aussi le virus sdbot.worm!ftp qui est tout de suite bloqué par McAfee. L'ordi se connecte automatiquement à internet même si je coupe la connexion auto en fait je suis tranquille que quand je desactive la carte reseau.

Je te poste un log pour voir si tu peux y jeter un regard:

Logfile of HijackThis v1.99.1

Scan saved at 15:27:32, on 23/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe

C:\Program Files\Sharp\Sharpdesk\SharpTray.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\SHARP\Button Manager A\btnman.exe

C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\msagent\AgentSvr.exe

C:\HIJACKTHIS VF\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsu-siemens.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"

O4 - HKLM\..\Run: [MVS Splash] C:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exe

O4 - HKCU\..\Run: [sharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe"

O4 - Global Startup: Button Manager A.lnk = C:\Program Files\SHARP\Button Manager A\btnman.exe

O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsu-siemens.com

O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://fr.vs.mcafeeasap.com/VS2/bin/myCioAgt.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{FD43BE0F-2126-475F-BF4F-BC7105744FB9}: NameServer = 80.10.246.134 80.10.246.7

O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.591.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: McShield - Network Associates, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe

O23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

Merci d'avance.

[snooky]

@ spiriteom :

Tape services.msc dans Exécuter et arrête/désactive " Affichage des messages "

Il reste des processus Norton sur ton pc ...pas normal ... ou bien ?

ftp://ftp.symantec.com/public/english_us_...sgen/SymNRT.exe pour désinstaller complètement Norton .

mais il laisse entrer aussi le virus sdbot.worm!ftp

Ce n'est pas juste un avertissement du firewall McAffee qui te prévient qu'il bloque cette attaque ?

Tu dois pouvoir désactiver ces alertes dans ton firewall .

Fait ce scan Anti-trojan et donne nous le résultat :

http://www.windowsecurity.com/trojanscan/

[spiriteom]

merci snooky je vais tester ça la semaine prochaine, car je n'y serais que dans une semaine... je bosse sur 4 communes, 4 Ecoles et une mairie.

Par contre je vais nettoyer tout ce qui est Norton car c'est pas normal. Je pensais pas que Norton s'incrustait comme ça.

merci

@+

[jazu1414]

Salut Snooky....

J'ai fais une instal complette avec differents programmes et j'aurai voulu avoir ton avis sur le rapport ci-dessous...

D'avance encore merci pour ta générosité...

Logfile of HijackThis v1.99.1

Scan saved at 10:45:26, on 24.11.2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Soft4Ever\looknstop\_looknstop.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\a-squared\a2guard.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Avant Browser\avant.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bluewin.ch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Ultimate Edition 2.0

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O8 - Extra context menu item: Bloquer ce serveur... - C:\Program Files\Avant Browser\AddAllToADBlackList.htm

O8 - Extra context menu item: Bloquer cette publicité... - C:\Program Files\Avant Browser\AddToADBlackList.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Ouvrir dans une nouvelle fenêtre d'Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm

O8 - Extra context menu item: Ouvrir tous les liens de la page... - C:\Program Files\Avant Browser\OpenAllLinks.htm

O8 - Extra context menu item: Rechercher sur le Web... - C:\Program Files\Avant Browser\Search.htm

O8 - Extra context menu item: Surligner - C:\Program Files\Avant Browser\Highlight.htm

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

Suis sur qui a quelques soucis...

[snooky]

Ton rapport est clean ( si Look'N'Stop est bien ton firewall )

Tu as bien installé les drivers du CD de ta CM , USB , etc ...

[jazu1414]

Nikel, alors tout baigne maintenant...

Merci...

J'ai posté une autre question dans "hardware"

Decidement...

[overgame63]

Logfile of HijackThis v1.99.1

Scan saved at 20:36:04, on 25/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132944350938

O17 - HKLM\System\CCS\Services\Tcpip\..\{A789EB0E-04AE-4323-8E27-FBC53F28A17C}: NameServer = 80.118.196.42 80.118.192.112

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

merci

[elclem]

sa faisait longtemps

Logfile of HijackThis v1.99.1

Scan saved at 11:48:03 a.m., on 26/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe

C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe

C:\Archivos de programa\ITE\Smart Guardian\ITESmart.exe

C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Archivos de programa\MSN Messenger\msnmsgr.exe

C:\Archivos de programa\eMule\emule.exe

C:\Archivos de programa\Internet Explorer\iexplore.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARCHIV~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [smartGuardian] C:\Archivos de programa\ITE\Smart Guardian\ITESmart.exe

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock

O4 - HKLM\..\Run: [Zone Labs Client] C:\Archivos de programa\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O8 - Extra context menu item: &Download by NetAnts - C:\ARCHIV~1\NetAnts\NAGet.htm

O8 - Extra context menu item: Download &All by NetAnts - C:\ARCHIV~1\NetAnts\NAGetAll.htm

O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\ARCHIV~1\NetAnts\NetAnts.exe

O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - C:\ARCHIV~1\NetAnts\NetAnts.exe

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Archivos de programa\Archivos comunes\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Archivos de programa\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Archivos de programa\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

merci

[snooky]

@ Overgame 63 :

Lignes à fixer :

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

Le rapport est clean

@ elclem :

Scan ce fichier (C:\WINDOWS\system32\WinSys.exe ) ici On Line Malware Scan et donne nous le rapport .

[Dori66]

Voici mon rapport Snooky !

Logfile of HijackThis v1.99.1

Scan saved at 20:43:23, on 26/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\taskswitch.exe

C:\WINDOWS\system32\fast.exe

C:\WINDOWS\system32\LXSUPMON.EXE

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\LVComS.exe

C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe

C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\ScanPanel\ScnPanel.exe

C:\Program Files\SpywareGuard\sgmain.exe

C:\Program Files\SpywareGuard\sgbhp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Dori66\Bureau\KitBarV1.063.exe

C:\Program Files\KiddiesBarre\KiddiesBarre.exe

C:\Documents and Settings\Dori66\Local Settings\Apps\2.0\LHEJVQOG.G1Q\J0997LBX.EXK\prof..tion_62829291efc2db6d_0002.0003_94e424d3f8e29526\Professional_Advertising.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ntvdm.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUp.dll

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [backgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe

O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe

O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~1\Ashampoo\ASHAMP~1\PopUpKiller.exe

O4 - HKCU\..\Run: [TVAgent WiFi] C:\Program Files\Kit ADSL\Wizard\Agent_WiFi.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://213.193.138.82:81/activex/AxisCamControl.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Merci d'avance !

[elclem]

il n'a rien trouver pour Winsys.exe

Mais le truc bizarre c'est qui s'active a chaque demarrage depuis peu....

[snooky]

@elclem :

Coche et fixe cette ligne :

O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe

@ Dori66 :

Recherche et Supprime ces fichiers de ton pc :

C:\Documents and Settings\Dori66\Bureau\KitBarV1.063.exe

C:\Program Files\KiddiesBarre\KiddiesBarre.exe

C:\Documents and Settings\Dori66\Local Settings\Apps\2.0\LHEJVQOG.G1Q\J0997LBX.EXK\prof..tion_62829291efc2db6d_0002.0003_94e424d3f8e29526\Professional_Advertising.exe

[overgame63]

un autre problème je crois

Logfile of HijackThis v1.99.1

Scan saved at 01:26:53, on 27/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\System32\mssearchnet.exe

C:\WINDOWS\System32\nvctrl.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\System32\wuauclt.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - C:\WINDOWS\System32\hp8136.tmp

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1132944350938

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

merci

[snooky]

@ Overgame63 :

Ha vi ... trojans inside !

Fichiers à supprimer de ton pc :

C:\WINDOWS\System32\mssearchnet.exe

C:\WINDOWS\System32\nvctrl.exe

+ les lignes citées plus haut .

Passe A²Squared Free en mode sans échec ( désactive la restauration system )

[FaTaL1Ty]

Logfile of HijackThis v1.99.1

Scan saved at 22:58:10, on 30/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Prevx Home\PXAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Prevx Home\SAGUI.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe

C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Guillaume\Bureau\Raccourcis\RegSeeker\RegSeeker.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - (no file)

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)

O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\Prevx Home\SAGUI.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background

O4 - Global Startup: Philips FunCam Monitor.lnk = C:\Program Files\Philips Photo Manager\FunCam\Philips FunCam Monitor.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {3E4AB59A-8529-43ED-867A-4251365BF7E8} - http://www.friendset.com/friends/ABExport.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Prevx Agent (PrevxAgent) - Prevx Ltd. - C:\Program Files\Prevx Home\PXAgent.exe

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[Space]

Logfile of HijackThis v1.99.1

Scan saved at 19:22:10, on 01/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

d:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

D:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

D:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\jre\bin\java.exe

d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

d:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

D:\Program Files\Samurize\Client.exe

C:\Program Files\Mozilla Firefox\firefox.exe

D:\Program Files\Trillian\trillian.exe

C:\Documents and Settings\Maxime\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [avast!] d:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\RunOnce: [spybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: Client Default.lnk = D:\Program Files\Samurize\Client.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - d:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - d:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Maya 6 PLE Documentation Server (mple6docserver) - Unknown owner - D:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\wrapper.exe" -s "D:\Program Files\Alias\Maya 6.0 Personal Learning Edition\docs\Wrapper.conf (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[nemesis93_75]

Logfile of HijackThis v1.99.1

Scan saved at 23:12:10, on 02/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\Explorer.EXE

C:\Program Files\Motherboard Monitor 5\MBM5.EXE

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe

C:\Program Files\D4\D4.exe

C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\system32\Rundll32.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

C:\Program Files\Desktop Sidebar\dsidebar.exe

C:\Program Files\SuperCopier\SuperCopier.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\WINDOWS\System32\imapi.exe

E:\Folding@Home\winFAH.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Xfire\Xfire.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

E:\Folding@Home\FahCore_78.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\MSNMES~1\msnmsgr.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://fr.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_18_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_18_0.dll

O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"

O4 - HKLM\..\Run: [Dimension4] C:\Program Files\D4\D4.exe

O4 - HKLM\..\Run: [bDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"

O4 - HKLM\..\Run: [bDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe

O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BillP Studios\WinPatrol\winpatrol.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [RSS Xpress] C:\Program Files\RSS Xpress\RSS Xpress.exe

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [skwatAutoconnect] C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [sIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"

O4 - HKCU\..\Run: [superCopier.exe] C:\Program Files\SuperCopier\SuperCopier.exe

O4 - Startup: Folding@Home 5.03.lnk = ?

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\IncrediMail\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Program Files\Desktop Sidebar\sbhelp.dll/menuhandler.html

O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll

O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1118043929046

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125230136632

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B0788EC3-BF88-4498-9EF1-D09BD5E4C002}: NameServer = 212.151.136.242 212.247.156.70

O18 - Protocol: bw+0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {3E307D8B-03C9-4F4C-81C2-5DB3ED592B3D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: sockspy.dll MsgPlusLoader.dll

O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe

O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

merci d'avance

[snooky]

@ Space :

Désinstalle RX Toolbar.

Fixes ces lignes :

O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\PROGRA~1\RXTOOL~1\sfcont.dll

Passe Spyseeper et CWShredder.

@ nemesis93_75 :

Désinstalle un de tes 2 antivirus !

Avec Autoruns , supprime BWPlugProtocol-8876480.dll

Fixe ces lignes avec Hijackthis :

O4 - HKCU\..\Run: [LDM] \Program\

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

[azmour]

VOICI MON DERNIER SCAN suite a mon virus

Logfile of HijackThis v1.99.1

Scan saved at 13:49:13, on 03/12/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

d:\catia\intel_a\code\bin\CATSysDemon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Dantz\Retrospect\retrorun.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\sstray.exe

C:\PROGRA~1\PHILIP~1\VProperty.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\MXOALDR.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\Dit.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\a-squared\a2guard.exe

C:\Documents and Settings\amar\Mes documents\Mes téléchargements\emule2\emule.exe

C:\Program Files\RegFreeze\regfreeze.exe

C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [ToUcamVProperty] C:\PROGRA~1\PHILIP~1\VProperty.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [ssAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Dit] Dit.exe

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKCU\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKCU\..\Run: [eMuleAutoStart] C:\Documents and Settings\amar\Mes documents\Mes téléchargements\emule2\emule.exe -AutoStart

O4 - Startup: RegFreeze.lnk = C:\Program Files\RegFreeze\regfreeze.exe

O4 - Startup: RegVac.lnk = C:\Program Files\RegVac\regvac.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab

O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} - http://www.sponsoradulto.com/fr/SysWebTelecom.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup...er/imloader.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ADSLAutoconnect - Unknown owner - C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z (file missing)

O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing)

O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)

O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - d:\catia\intel_a\code\bin\CATSysDemon.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\WINDOWS\IEXPLORE.EXE" -service (file missing)

[Space]

merci

Ca sert a quoi CW Shredder ?

J'ai télécharger CW Shredder j'ai fait un scan et il me donne une liste qui commence par CW.

Qu'est ce que je doit faire avec ca

Spy seeper c'est un anti spyware ? car j'ai deja spybot ...

[Space]

Tu aurais du mettre ca dans le topic HijackThese.

Fait fusionner les deux topics

[snooky]

Coche " Move in recycle bin " dans CWShredder er clique sur Fix.

Si toutes les lignes indiquent " Not present " , c'est ok

Passe quand même Spysweeper ( désinstalle - le ensuite )

[chienbleu]

à déplacer chez Sn0oky, merci

[Space]

Est ce que spysweeper et meilleur que spybot

[lebud]

Space, oui, j'ai trouve spysweeper excelent, mais un peu cher. telecharges la version d'essai et fais toi une idée.