gros probleme virus msn
ah non fon ke je recommence , c´etai pas dans le mode sans echecs.
je vai areter peut on reprendre demain?
et jai une derniere question, quand jaurai fini sa , mon PC sera comme avant?
Bien sur, moi même j´en ai ras le bol, plus de 6 affaires à maitriser (sans compter sur d´autres forums) c´est lourd 
Bonne nuit ++
Quand on aura fini ton PC sera plus vif, plus rapide. Si tu suis bien toutes mes consignes à la lettre, à priori 
ok
up
pour le truc de hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:25:17, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\prcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A22E1B1C-E8E3-8A85-649A-D2696FD8CC3C} - C:\DOCUME~1\MAISON\APPLIC~1\BLUETR~1\Flaw 01.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AntiSpyware Class - {F74B358E-6979-40a9-96CD-636C80B87AFF} - C:\WINDOWS\System32\ash.dll (file missing)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\tuvspqr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Multipureforkdata] C:\Documents and Settings\All Users\Application Data\startintermultipure\Error Skip.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Network Service] prcsvc.exe
O4 - HKCU\..\Run: [CTFMON32] C:\WINDOWS\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\WINDOWS\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [notepad.exe] msmsgs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´Default user´)
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l´appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra ´Tools´ menuitem: Créer un Favori de l´appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D0FBF98B-6518-483B-9ECC-58A39BCFD7DD} - (no file) (HKCU)
O9 - Extra ´Tools´ menuitem: Microsoft AntiSpyware helper - {D0FBF98B-6518-483B-9ECC-58A39BCFD7DD} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -
ms-its:mhtml:file://c:\nosuch.mht!
http://69.50.188
.110/4/s1/1/q.chm::/file.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mmail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107542185373
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequiremirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) -
http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: tuvspqr - C:\WINDOWS\SYSTEM32\tuvspqr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.
EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.
EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) -
file:///C:/Program%20Files/FunWebProducts/Shared/C
ache/InsertImage
--
End of file - 11462 bytes
et navi promo:
Rapport Navipromo.bat 0.73 effectué le 12/01/2008 à 0:12:44,55
C:\Documents and Settings\MAISON\Mes documents
-- Le programme n´est pas lancé en mode sans échec par conséquent les résultats seront probablement faussés
- Recherche...
1/ jcyaxt trouvé, recherche de jcyaxt*
C:\WINDOWS\system32\jcyaxt.dat
C:\WINDOWS\system32\jcyaxt_nav.dat
C:\WINDOWS\system32\jcyaxt_navps.dat
------------------
Fin du rapport de recherche
Adware Navipromo trouvé 1 fois avec cette méthode
- #############################################
- Nettoyage...
1/ Déplacement de jcyaxt* vers C:\Navipromo\Backups...
C:\WINDOWS\System32\jcyaxt* déplacé avec succès !
------------------
Aucune entrée de registre n´a été trouvée
- Backups :
C:\Navipromo\Backups\ARPCache.reg
C:\Navipromo\Backups\HKCURun.reg
C:\Navipromo\Backups\HKLMRun.reg
C:\Navipromo\Backups\jcyaxt.dat
C:\Navipromo\Backups\jcyaxt_nav.dat
C:\Navipromo\Backups\jcyaxt_navps.dat
C:\Navipromo\Backups\pack.epk
C:\Navipromo\Backups\Uninstall.reg
Ajout d´extension .off aux backups
- Fin du rapport de Suppression
-------------
Rapport Navipromo.bat 0.73 effectué le 12/01/2008 à 0:14:00,45
Le programme n´est pas lancé en mode sans échec par conséquent les résultats seront probablement faussés
- Suppression Heuristique
- Backups :
Aucun résultat par la recherche heuristique
- Fin du rapport Heuristique
-------------
-------------
Rapport Navipromo.bat 0.73 effectué le 12/01/2008 à 8:56:35,70
C:\Documents and Settings\MAISON\Mes documents
L´opération se déroule en mode sans échec sous le compte "MAISON"
- Recherche...
Fin du rapport de recherche
Adware Navipromo non trouvé avec cette méthode
Engagement de la méthode Heuristique
Rapport Navipromo.bat 0.73 effectué le 12/01/2008 à 8:56:35,84
L´opération se déroule en mode sans échec sous le compte "MAISON"
- Suppression Heuristique
- Backups :
Aucun résultat par la recherche heuristique
up
Bonjour,
On continue ...
- Télécharge CWShredder
http://www.intermute.com/spysubtract/cwshredder_download.html
- tutoriel (en anglais) sur
bleepingcomputer.com/forums/index.php?showtutorial
=47
- toujours télécharger la dernière version de CWShredder qui est mis à jour parfois quotidiennement !
- installer CWShredder dans un répertoire dédié
- fermer toutes les fenêtres
- lancer CWShredder et cliquer sur "Fix".
- Poster le rapport obtenue sur le forum et poster un nouveau log Hijackthis.
- * Run Keys ****
RUN: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
RUN: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
RUN: [Multipureforkdata] C:\Documents and Settings\All Users\Application Data\startintermultipure\Error Skip.exe
RUN: [UpdReg] C:\WINDOWS\UpdReg.EXE
RUN: [Dit] Dit.exe
RUN: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
RUN: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
RUN: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
RUN: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
RUN: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
RUN: [Windows Network Service] prcsvc.exe
RUN: [CTFMON32] C:\WINDOWS\System32\CTFMON32.EXE
RUN: [CSRSSU] C:\WINDOWS\System32\CSRSSU.EXE
RUN: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
RUN: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [Steam] "c:\program files\steam\steam.exe" -silent
**** Browser Helper Objects ****
BHO: [Adobe PDF Reader Link Helper] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [Windows Live Sign-in Helper] C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: [Windows Live Sign-in Helper] C:\DOCUME~1\MAISON\APPLIC~1\BLUETR~1\Flaw 01.exe
BHO: [Google Toolbar Helper] c:\program files\google\googletoolbar2.dll
BHO: [Windows Live Toolbar Helper] C:\Program Files\Windows Live Toolbar\msntb.dll
BHO: [AntiSpyware Class] C:\WINDOWS\System32\ash.dll
BHO: [AntiSpyware Class] C:\WINDOWS\system32\tuvspqr.dll
**** IE Toolbars ****
TOOLBAR: [&Google] c:\program files\google\googletoolbar2.dll
TOOLBAR: [Windows Live Toolbar] C:\Program Files\Windows Live Toolbar\msntb.dll
TOOLBAR: [Windows Live Toolbar] C:\Program Files\Windows Live Toolbar\msntb.dll
**** IE Extensions ****
IEExt: []
IEExt: [Créer un Favori de l´appareil mobile]
IEExt: [Créer un Favori de l´appareil mobile]
IEExt: [Recherche]
IEExt: [Recherche]
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe
**** Hosts File Entries ****
HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 bin.errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 br.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 br.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 br.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 de.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 de.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 download.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 download.systemdoctor.com ## added by CiD
HOSTS: 127.0.0.1 download.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 download.windrivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 download.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 es.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 fr.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 fr.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 go.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 go.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 go.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 go.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 hk.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 instlog.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 instlog.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 jsp.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 kb.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 kb.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 nl.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 se.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 secure.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 secure.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantispam.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantispy.com ## added by CiD
HOSTS: 127.0.0.1 secure.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 support.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 ulog.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 utils.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 utils.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 winfixer.com ## added by CiD
HOSTS: 127.0.0.1 www.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 www.errorprotector.com ## added by CiD
HOSTS: 127.0.0.1 www.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 www.systemdoctor.com ## added by CiD
HOSTS: 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
HOSTS: 127.0.0.1 www.win-virus-pro.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispam.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispy.com ## added by CiD
HOSTS: 127.0.0.1 www.winantispyware.com ## added by CiD
HOSTS: 127.0.0.1 www.winantivirus.com ## added by CiD
HOSTS: 127.0.0.1 www.winantiviruspro.com ## added by CiD
HOSTS: 127.0.0.1 www.windrivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 www.windrivesafe.com ## added by CiD
HOSTS: 127.0.0.1 www.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 cdn.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 cdn.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 cdn.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
HOSTS: 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
HOSTS: 127.0.0.1 instlog.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 trial.updates.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 utils.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 winfixer2006.com ## added by CiD
HOSTS: 127.0.0.1 winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 www.utils.winfixer.com ## added by CiD
HOSTS: 127.0.0.1 www.winfixer2006.com ## added by CiD
HOSTS: 127.0.0.1 www.winsoftware.com ## added by CiD
HOSTS: 127.0.0.1 www.winsoftware.com ## added by CiD
**** IE Settings ****
IEBypass: localhost
Default Page:
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search:
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\system32\blank.htm
Search Bar: http://search.msn.com/spbasic.htm
Search Page:
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** IE Context Menu (Right click) ****
IEContext: [&eBay Search] res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IEContext: [&Windows Live Search] res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IEContext: [E&xporter vers Microsoft Excel]
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**** Layered Service Providers ****
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{E19B441A-F056-4D3E-9FC9-D0A9
660860DD}] SEQPACKET 8
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{E19B441A-F056-4D3E-9FC9-D0A9
660860DD}] DATAGRAM 8
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F2D11BBC-A26D-41E5-89E7-3FAA
01E3E880}] SEQPACKET 7
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F2D11BBC-A26D-41E5-89E7-3FAA
01E3E880}] DATAGRAM 7
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{9F8C2303-E340-4BE8-844F-1F2C
8B617BE6}] SEQPACKET 5
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{9F8C2303-E340-4BE8-844F-1F2C
8B617BE6}] DATAGRAM 5
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{9C42AF21-82FF-48FD-A686-2BC6
C8E7F769}] SEQPACKET 6
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{9C42AF21-82FF-48FD-A686-2BC6
C8E7F769}] DATAGRAM 6
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F281E136-F45F-4D84-B5B3-DBB6
EEA2A464}] SEQPACKET 4
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{F281E136-F45F-4D84-B5B3-DBB6
EEA2A464}] DATAGRAM 4
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{FB21A745-72AA-4B5F-8609-F033
E88B016F}] SEQPACKET 1
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{FB21A745-72AA-4B5F-8609-F033
E88B016F}] DATAGRAM 1
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{3877B25A-BE9C-4027-8A75-C205
0843C58A}] SEQPACKET 2
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{3877B25A-BE9C-4027-8A75-C205
0843C58A}] DATAGRAM 2
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{34701773-90A2-4ADD-8C58-E3BA
0CFA3B9F}] SEQPACKET 0
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{34701773-90A2-4ADD-8C58-E3BA
0CFA3B9F}] DATAGRAM 0
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{D7A27A97-49D6-4551-A238-9C77
FB3E69EE}] SEQPACKET 3
LSP: MSAFD NetBIOS
[\Device\NetBT_Tcpip_{D7A27A97-49D6-4551-A238-9C77
FB3E69EE}] DATAGRAM 3
**** Blocked Control Panel Items ****
BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
**** Downloaded Program Files ****
{14A3221B-1678-1982-A355-7263B1281987}
[ms-its:mhtml:file://c:\nosuch.mht!
http://69.50.18
8.110/4/s1/1/q.chm::/file.exe]
{14B87622-7E19-4EA8-93B3-97215F77A6BC}
[http://messenger.zone.msn.com/binary/MessengerSta
tsPAClient.cab31267.cab] C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
{166B1BCA-3F9C-11CF-8075-444553540000}
[http://download.macromedia.com/pub/shockwave/cabs
/director/sw.cab]
{2917297F-F02B-4B9D-81DF-494B6333150B}
[http://messenger.zone.msn.com/binary/MineSweeper.
cab31267.cab]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [C:\Program Files\Yahoo!\Common\yinsthelper.dll]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}
[http://gfx1.hotmail.com/mail/w2/resources/MSNPUpl
d.cab] C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
{5D6F45B3-9043-443D-A792-115447494D24}
[http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_U
NO1.cab]
{6414512B-B978-451D-A0D8-FCFDF33E833C}
[http://v5.windowsupdate.microsoft.com/v5consumer/
V5Controls/en/x86/client/wuweb_site.cab?1107542185
373]
{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
[http://www.systemrequirementslab.com/sysreqlab2.c
ab]
{8AD9C840-044E-11D1-B3E9-00805F499D93}
[http://java.sun.com/update/1.5.0/jinstall-1_5_0_0
2-windows-i586.cab]
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
[http://messenger.zone.msn.com/binary/MessengerSta
tsClient.cab31267.cab]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
[http://messenger.msn.com/download/msnmessengerset
updownloader.cab]
{B8BE5E93-A60C-4D26-A2DC-220313175592}
[http://messenger.zone.msn.com/binary/ZIntro.cab56
649.cab]
{C3F79A2B-B9B4-4A66-B012-3EE46475B072}
[http://messenger.zone.msn.com/binary/MessengerSta
tsPAClient.cab56907.cab]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}
[http://java.sun.com/update/1.5.0/jinstall-1_5_0_0
2-windows-i586.cab]
{D1E7CBDA-E60E-4970-A01C-37301EF7BF98} [
http://www.yougamers.com/systeminfo/MSC3.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
[http://download.macromedia.com/pub/shockwave/cabs
/flash/swflash.cab]
{E6187999-9FEC-46A1-A20F-F4CA977D5643}
[http://messenger.zone.msn.com/binary/Chess.cab571
76.cab]
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}
[http://messenger.zone.msn.com/binary/MineSweeper.
cab56986.cab]
{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}
[http://messenger.zone.msn.com/binary/SolitaireSho
wdown.cab31267.cab]
suite :
**** Windows Services ****
[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state]
%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\as
pnet_state.exe
[aswUpdSv] "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[avast! Antivirus] "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
[avast! Mail Scanner] "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner] "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Boonty Games] "C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32]
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco
rsvw.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FSAA] "C:\Program Files\Securitoo\av_fw\Common\FSAA.EXE"
[FSDFWD] "C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe"
[FSMA] "C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE"
[Fswsclds] C:\Program Files\Securitoo\av_fw\fswsclds.exe
[gusvc] "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HP Port Resolver]
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.
EXE
[HP Status Server]
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.
EXE
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetSvc] C:\Program Files\Intel\NCS\Sync\NetSvc.exe
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\System32\nvsvc32.exe
[ose] C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\system32\HPZipm12.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[STI Simulator] C:\WINDOWS\System32\PAStiSvc.exe
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{A2E70549-6FEF-49E4-A2CC-66B5B4F2BBAE}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[usnjsvc] "C:\Program Files\MSN Messenger\usnsvc.exe"
[usprserv] %SystemRoot%\System32\svchost.exe -k netsvcs
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[WMPNetworkSvc] "C:\Program Files\Windows Media Player\WMPNetwk.exe"
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
**** Custom IE Search Items ****
SEARCH: [SearchAssistant]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [Search Page]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [Default_Search_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SEARCH: [SearchAssistant]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [Search Page]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [Default_Search_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
**** Complete IE Options ****
IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] no
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [AddToFavoritesExpanded]
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use Search Asst] no
IEOPT: [FormSuggest PW Ask] no
IEOPT: [HistoryViewType]
IEOPT: [StatusBarWeb]
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Start Page] http://www.google.com
IEOPT: [Search Page]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Play_Animations] yes
IEOPT: [Secondary Start Pages]
https://www.jeuxvideo.com/etajvbis.htm
IEOPT: [SearchDefaultBranded]
IEOPT: [CompatibilityFlags]
IEOPT: [SearchMigrated]
IEOPT: [SearchMigratedDefaultName] Lycos
IEOPT: [SearchMigratedDefaultURL]
http://suche.lycos.de/autosearch.html?srch=~XXX~&query={searchTerms}
IEOPT: [SearchMigratedInstalled]
IEOPT: [RunOnceHasShown]
IEOPT: [RunOnceComplete]
IEOPT: [AutoHide] yes
IEOPT: [AlwaysShowMenus]
IEOPT: [Search Bar]
http://search.msn.com/spbasic.htm
IEOPT: [SearchAssistant]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IEOPT: [CustomizeSearch]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IEOPT: [Default_Page_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Use Custom Search URL]
IEOPT: [Default_Page_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.google.com
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [AddClsReg]
IEOPT: [SEHlpID]
IEOPT: [SEHlputid]
IEOPT: [SEHlpiftid] 4ž B
IEOPT: [SEHlpittid]
IEOPT: [SEHlpistid] Gz,B
IEOPT: [SEHlpBnxt]
IEOPT: [Default_Secondary_Page_URL]
http://www.01net.com/
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Search Page]
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [Check_Associations] yes
IEOPT: [Secondary Start Pages]
http://www.01net.com/
IEOPT: [Search Bar]
http://search.msn.com/spbasic.htm
IEOPT: [SearchAssistant]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IEOPT: [CustomizeSearch]
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IEOPT: [Use Custom Search URL]
IEOPT: [Use search Asst] no
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:23:49, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\prcsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A22E1B1C-E8E3-8A85-649A-D2696FD8CC3C} - C:\DOCUME~1\MAISON\APPLIC~1\BLUETR~1\Flaw 01.exe (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AntiSpyware Class - {F74B358E-6979-40a9-96CD-636C80B87AFF} - C:\WINDOWS\System32\ash.dll (file missing)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\tuvspqr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Multipureforkdata] C:\Documents and Settings\All Users\Application Data\startintermultipure\Error Skip.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Windows Network Service] prcsvc.exe
O4 - HKCU\..\Run: [CTFMON32] C:\WINDOWS\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\WINDOWS\System32\CSRSSU.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKLM\..\Policies\Explorer\Run: [notepad.exe] msmsgs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´Default user´)
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l´appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra ´Tools´ menuitem: Créer un Favori de l´appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D0FBF98B-6518-483B-9ECC-58A39BCFD7DD} - (no file) (HKCU)
O9 - Extra ´Tools´ menuitem: Microsoft AntiSpyware helper - {D0FBF98B-6518-483B-9ECC-58A39BCFD7DD} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -
ms-its:mhtml:file://c:\nosuch.mht!
http://69.50.188
.110/4/s1/1/q.chm::/file.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/mmail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107542185373
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequiremirementslab.com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) -
http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: tuvspqr - C:\WINDOWS\SYSTEM32\tuvspqr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.
EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.
EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O24 - Desktop Component 0: (no name) -
file:///C:/Program%20Files/FunWebProducts/Shared/C
ache/InsertImage
--
End of file - 11235 bytes
Re,
On progresse, mais il reste du boulot.
Relance Hijackthis, coche les lignes :
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {A22E1B1C-E8E3-8A85-649A-D2696FD8CC3C} - C:\DOCUME~1\MAISON\APPLIC~1\BLUETR~1\Flaw 01.exe (file missing)
O2 - BHO: AntiSpyware Class - {F74B358E-6979-40a9-96CD-636C80B87AFF} - C:\WINDOWS\System32\ash.dll (file missing)
O2 - BHO: (no name) - {FC1B64D9-3499-4791-82D5-AABAC3FAEA45} - C:\WINDOWS\system32\tuvspqr.dll
O4 - HKLM\..\Run: [Multipureforkdata] C:\Documents and Settings\All Users\Application Data\startintermultipure\Error Skip.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Network Service] prcsvc.exe
O4 - HKCU\..\Run: [CTFMON32] C:\WINDOWS\System32\CTFMON32.EXE
O4 - HKCU\..\Run: [CSRSSU] C:\WINDOWS\System32\CSRSSU.EXE
O4 - HKLM\..\Policies\Explorer\Run: [notepad.exe] msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D0FBF98B-6518-483B-9ECC-58A39BCFD7DD} - (no file) (HKCU)
O9 - Extra ´Tools´ menuitem: Microsoft AntiSpyware helper - {D0FBF98B-6518-483B-9ECC-58A39BCFD7DD} - (no file) (HKCU)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} -
ms-its:mhtml:file://c:\nosuch.mht!
http://69.50.188
.110/4/s1/1/q.chm::/file.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn[...]Client.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn[...]weeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx1.hotmail.com/m[...]ources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn[...]-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.m[...]e.cab?1107542185373
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.systemrequirem[...].com/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn[...]Client.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/[...]setupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn[...]ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn[...]Client.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) -
http://www.yougamers.com/systeminfo/MSC3.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn[...]/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn[...]weeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn[...]owdown.cab31267.cab
O20 - Winlogon Notify: tuvspqr - C:\WINDOWS\SYSTEM32\tuvspqr.dll
O24 - Desktop Component 0: (no name) -
file:///C:/Program%20Files/FunWebProducts/Shared/C
ache/InsertImage
Fermer toutes les fenêtres hormis Hijackthis et cliquer sur "Fix Checked".
Télécharge OTMoveIt (de Old_Timer) sur ton bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
- Double-clique sur OTMoveIt.exe
- Vérifie que la case "Unregister Dll´s and Ocx´s" soit bien cochée.
- Copie le texte ci-dessous, et colle le dans le cadre dans OTMoveIt appelé "Paste List of Files/Folders to be moved".
C:\WINDOWS\system32\tuvspqr.dll
C:\Documents and Settings\All Users\Application Data\startintermultipure\Error Skip.exe
C:\WINDOWS\System32\CTFMON32.EXE
C:\WINDOWS\System32\CSRSSU.EXE
C:\WINDOWS\system32\prcsvc.exe
- Clique sur MoveIt!.
- Quand le résultat apparaît dans le cadre Results, clique sur Exit.
- Puis redémarre le PC.
- Enfin, envoie le rapport de OTMoveIt situé dans C:\_OTMoveIt\MovedFiles.
Télécharge combofix (par sUBs) puis redémarre en mode sans échec.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
- Double clique sur combofix.exe.
- Appuie sur Y (Yes) pour lancer le scan.
- Quand le scan sera terminé, Copie/Colle le rapport ici.
- Ps: Si le rapport ne s´ouvre pas, tu peux le trouver ici : C:\Combofix.txt
Poste aussi un nouveau log Hijackthis
DllUnregisterServer procedure not found in C:\WINDOWS\system32\tuvspqr.dll
C:\WINDOWS\system32\tuvspqr.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\tuvspqr.dll scheduled to be moved on reboot.
File/Folder C:\Documents and Settings\All Users\Application Data\startintermultipure\Error Skip.exe not found.
File/Folder C:\WINDOWS\System32\CTFMON32.EXE not found.
File/Folder C:\WINDOWS\System32\CSRSSU.EXE not found.
C:\WINDOWS\system32\prcsvc.exe moved successfully.
File/Folder not found.
Created on 01/12/2008 13:44:22
sa fai 5min quil me met : ne lancez aucun programme tant que combofix nest pas fini
est ce normal?
la fenetre a disparut mais je ne trouve pas : C:\combofix.txt
Décidément toi entre Vundofix et Combofix ...
Refais combofix, en mode sans échec hein.
ah non cest bon ^^ dsl
ComboFix 08-01-09.2 - MAISON 2008-01-12 14:06:30.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.347 [GMT 1:00]
Running from: C:\Documents and Settings\MAISON\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\MAISON\Application Data\inst.exe
C:\Documents and Settings\MAISON\Application Data\macromedia\Flash Player\#SharedObjects\GWG5TMN8\iforex.com
C:\Documents and Settings\MAISON\Application Data\macromedia\Flash
Player\macromedia.com\support\flashplayer\sys\#ifo
rex.com
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\jkkjifd.dll
C:\WINDOWS\system32\mljghee.dll
C:\WINDOWS\system32\tuvspqr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services
)))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\runtime
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-12 to 2008-01-12 ))))))))))))))))))))))))))))))))))))
.
2008-01-12 14:02 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-12 09:02 . 2008-01-12
09:02 <REP> d-------- C:\WINDOWS\system32\bfubacku
ps
2008-01-12 00:13 . 2008-01-12 00:13 <REP> d-------- C:\Navipromo
2008-01-11 21:11 . 2008-01-11 21:11 <REP> d-------- C:\Program Files\Trend Micro
2008-01-11 20:46 . 2008-01-11 23:11 <REP> d-------- C:\VundoFix Backups
2008-01-08 21:08 . 2008-01-08 21:08 <REP> d-------- C:\Program Files\Electronic Arts
2008-01-07 13:11 . 2008-01-07 13:11 49 --a------ C:\VTS_01 - Chapter Information - OGG.txt.chap
2008-01-07 13:11 . 2008-01-07 13:11 17 --a------ C:\vobs.lst
2008-01-07 10:48 . 2008-01-07 13:10 668,751,872 --a------ C:\film_04.avi
2008-01-07 10:33 . 2008-01-07 13:11 124,928 --a------ C:\VTS_01_0.IFO
2008-01-07 10:33 . 2008-01-07 13:11 0 --a------ C:\VTS_01_1.VOB
2008-01-04 13:18 . 2008-01-04 17:43 734,830,592 --a------ C:\film.avi
2008-01-04 12:34 . 2008-01-07 10:26 <REP> d-------- C:\m4ng_TMP
2008-01-01 18:53 . 2001-05-11
13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c3
2.dll
2008-01-01 18:53 . 2001-03-26
04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds
32.ax
2008-01-01 17:38 . 2008-01-01 17:40 <REP> d-------- C:\Program Files\m4ng
2007-12-29 14:37 . 2007-12-29 14:37 <REP> d-------- C:\Program Files\RocketDock
2007-12-29 14:14 . 2007-12-29 14:14 <REP> d-------- C:\Program Files\Stardock
2007-12-29 14:14 . 2007-12-29 14:14 <REP> d-------- C:\Program Files\Fichiers communs\Stardock
2007-12-27 12:23 . 2007-12-27 12:23 <REP> d-------- C:\Program Files\Lavalys
2007-12-16 10:31 . 2007-12-16 10:32 <REP> d-------- C:\Program Files\Screamer Radio
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-12 13:20 --------- d-----w C:\Program Files\Steam
2008-01-09 18:49 --------- d-----w C:\Program Files\AviSynth 2.5
2008-01-08 20:08 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-07 09:06 --------- d-----w C:\Documents and Settings\MAISON\Application Data\ChessBase
2008-01-05 15:40 --------- d-----w C:\Documents and Settings\MAISON\Application Data\dvdcss
2008-01-03 20:16 --------- d-----w C:\Program Files\WinASPI
2008-01-02 19:01 --------- d-----w C:\Program Files\Incomplete
2008-01-02 19:00 --------- d-----w C:\Program Files\LimeWire
2007-12-28 16:14 --------- d-----w C:\Program Files\EA GAMES
2007-12-28 13:32 --------- d-----w C:\Documents and Settings\MAISON\Application Data\LimeWire
2007-12-25 18:57 --------- d-----w C:\Documents and Settings\MAISON\Application Data\Roxio
2007-12-25 14:18 --------- d-----w C:\Program Files\eMule
2007-12-25 09:39 --------- d-----w C:\Program Files\Return to Castle Wolfenstein
2007-12-21 14:43 --------- d-----w C:\Program Files\MSN Messenger
2007-12-21 14:43 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-09 10:14 --------- d-----w C:\Program Files\Red Kawa
2007-11-29 18:50 --------- d-----w C:\Documents and Settings\MAISON\Application Data\Teleca
2007-11-29 18:49 --------- d-----w C:\Documents and Settings\MAISON\Application Data\Sony Ericsson
2007-11-29 18:40 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2007-11-29 18:40 --------- d-----w C:\Program Files\Fichiers communs\Sony Ericsson Shared
2007-11-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Teleca
2007-11-29 18:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2007-11-29 18:39 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-18 08:21 47,360 ----a-w C:\Documents and Settings\MAISON\Application Data\pcouffin.sys
2007-11-18 08:21 --------- d-----w C:\Documents and Settings\MAISON\Application Data\Vso
2007-11-13
10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\s
ecdrv.sys
2007-11-13 06:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-11-13
05:56 47,360 ----a-w C:\WINDOWS\system32\drivers\p
couffin.sys
2007-11-13 05:56 --------- d-----w C:\Program Files\VSO
2007-07-28 19:25 5,214 ----a-w C:\Program Files\INSTALL.LOG
2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
- Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curr
entVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-04-20 08:57 847872]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
"Steam"="c:\program files\steam\steam.exe" [2007-11-30 06:56 1266936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur
rentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 02:36 36975]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-03 13:46 4800512]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-03-22 08:39 167936]
"DataLayer"="C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe" [2005-03-31 08:30 1106944]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"
[2007-09-06 11:06 79224]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2005-10-28 19:08 335872]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cu
rrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
ol\SafeBoot\Minimal\Jos40.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Serveur NevoMedia.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Serveur NevoMedia.lnk
backup=C:\WINDOWS\pss\Serveur NevoMedia.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Supervision de Photo Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Supervision de Photo Loader.lnk
backup=C:\WINDOWS\pss\Supervision de Photo Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^MAISON^Menu Démarrer^Programmes^Démarrage^FreeBot.lnk]
path=C:\Documents and Settings\MAISON\Menu Démarrer\Programmes\Démarrage\FreeBot.lnk
backup=C:\WINDOWS\pss\FreeBot.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAISON^Menu Démarrer^Programmes^Démarrage^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\MAISON\Menu Démarrer\Programmes\Démarrage\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAISON^Menu Démarrer^Programmes^Démarrage^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\MAISON\Menu Démarrer\Programmes\Démarrage\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\64corn]
C:\DOCUME~1\MAISON\APPLIC~1\JUMPIN~1\first idol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-03-31 08:30 1106944 C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
--a------ 2002-04-03 01:01 135264 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\Securitoo\av_fw\Common\FSM32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2004-02-25 00:20 401491 C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 01:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jcyaxt]
c:\windows\system32\jcyaxt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--------- 2007-01-19 11:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared
tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-03-22 08:39 167936 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-04-20 08:57 847872 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhilipsDM]
--a------ 2006-09-28 09:31 655360 C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-02-26 16:50 253952 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-02-27 04:36 757760 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-02-27 05:31 69632 C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stoplinkslowaim]
C:\Documents and Settings\All Users\Application Data\INFO DENT STOP LINK\LiesAdmin.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
--a------ 2006-01-14 19:55 100056 C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Themes"=2 (0x2)
"TermService"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"SharedAccess"=2 (0x2)
"SBService"=2 (0x2)
"gusvc"=3 (0x3)
"ERSvc"=2 (0x2)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Boonty Games"=3 (0x3)
"SAVScan"=3 (0x3)
"Planificateur LiveUpdate automatique"=2 (0x2)
"LiveUpdate"=3 (0x3)
R0 FSDFW;F-Secure Distributed Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2003-09-24 13:41]
R3
WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\
windrvr6.sys [2003-08-10 07:17]
S2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Securitoo\av_fw\Common\FSfilter.sys []
S2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Securitoo\av_fw\Common\fsgk.sys []
S2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Securitoo\av_fw\Common\FSrec.sys []
S2 FSpm;F-Secure Policy Manager;C:\Program Files\Securitoo\av_fw\Common\FSPM.SYS []
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 09:46]
S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12]
S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12]
S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12]
S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12]
S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12]
S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX
Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys
[2006-11-30 15:12]
S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 07:04]
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-09 16:38]
S4 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe []
.
Contenu du dossier ´Scheduled Tasks/Tƒches planifi‚es´
"2007-04-01 14:46:23 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35, on 2008-01-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\NCS\Sync\NetSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\program files\steam\steam.exe
C:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Int
ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SERVICE LOCAL´)
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SERVICE RÉSEAU´)
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´SYSTEM´)
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ´Default user´)
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Créer un Favori de l´appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra ´Tools´ menuitem: Créer un Favori de l´appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ´Tools´ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.
EXE
O23 - Service: HP Status Server - Hewlett-Packard Company -
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.
EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 7669 bytes
- Aide à l'achat Mac
- Macintosh
- Création de Jeux
- Programmation
- Création de sites web
- Linux
- Internet
- Steam Deck
- Hardware