[OK] Win32Small-jmh

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] Win32Small-jmh

Messagede Démare » 28 Mar 2008, 16:50

bonjour je suis infecté de cheval de troie Win32Small-jmh, et je ne sais comment faire.
avast les détects et les mets en quarantaine mais même en les supprimant ils reviennent toujours
merci de m'aider
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

Messagede nickW » 28 Mar 2008, 18:54

Bonjour,

Pourrais-tu créer (puis envoyer sur le forum) deux logs (alias journaux ou rapports en français):
Si un élément te paraît obscur, demande des explications avant de commencer.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.


Note importante:
Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre" Image
pour continuer dans ce fil de discussion.


Étape 1: Deckard's System Scanner (DSS) (de Deckard)
Télécharger Deckard's System Scanner (DSS) depuis http://deckard.geekstogo.com/dss.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Navilog1 (de IL-MAFIOSO), Option 1
Fermer toutes les applications actives.
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer le fichier sur le Bureau.
Faire un double clic sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, l'outil s'exécutera automatiquement.
(Si ce n'est pas le cas, faire un double clic sur le raccourci Navilog1 présent sur le Bureau).

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir les options 2,3 ou 4 sans mon avis/accord)

Attendre jusqu'au message :
*** Analyse Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée, comme ceci:
Image

Enregistrer ce fichier sous le nom navi1.txt
Fermer le Bloc-notes.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)


Étape 3: Deckard's System Scanner (DSS) (de Deckard)
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur dss.exe situé sur le Bureau pour lancer l'installation et l'exécution de l'outil.

Cliquer sur OK lorsque cela est demandé (de 1 à 3 fois).
Lorsque l'outil a terminé le balayage, une ou deux fenêtres du Bloc-notes vont s'ouvrir, affichant le(s) rapport(s):
main.txt <- ouvert dans une fenêtre plein-écran
extra.txt <- ouvert dans une fenêtre réduite (ce fichier n'est pas créé à chaque fois)
Fermer cette (ces deux) fenêtre(s) du Bloc-notes.


Étape 4: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1.txt)

Envoyer ensuite en réponse dans deux messages distincts (à cause de la longueur des logs):
*- les rapports de Deckard's System Scanner (contenu des fichiers main.txt et extra.txt situés dans le dossier C:\Deckard\System Scanner).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Win32Small-jmh

Messagede Démare » 28 Mar 2008, 20:04

Bonjour nickW

merci de bien vouloir me dépanner
qu'est ce que tu entend et comment fait on pour créer deux logs et les envoyer sur le forum
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

résultat navilog1

Messagede Démare » 28 Mar 2008, 20:45

Search Navipromo version 3.5.1 commencé le 28/03/2008 à 20:23:15,96

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spéblurpte !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "JACQUES"

Mise à jour le 23.03.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\JACQUES\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\JACQUES\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\JACQUES\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

!! Fichier(s)/processus caché(s) différent(s) !!
!! Résultat Catchme non pris en compte par Navilog1 !!


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\JACQUES\locals~1\applic~1" *

* Recherche dans "C:\docume~1\Administrateur\locals~1\applic~1" *

* Recherche dans "C:\docume~1\Intel\locals~1\applic~1" *

gnc.exe absent, Recherche non effectuee dans "C:\docume~1\Intel\locals~1\applic~1" !



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\JACQUES\locals~1\applic~1" :


* Dans "C:\docume~1\Administrateur\locals~1\applic~1" :


* Dans "C:\docume~1\Intel\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 28/03/2008 à 20:29:19,06 ***
[/b][/url]
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

résultat main.txt

Messagede Démare » 28 Mar 2008, 20:52

merci encore,

je n'ais pas eu extra.txt

Deckard's System Scanner v20071014.68
Run by JACQUES on 2008-03-28 20:10:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
118: 2008-03-28 19:11:06 UTC - RP289 - Deckard's System Scanner Restore Point
117: 2008-03-28 18:01:27 UTC - RP288 - Point de vérification système
116: 2008-03-26 22:06:31 UTC - RP287 - Spyware Doctor: Cleaning Threats
115: 2008-03-26 19:15:26 UTC - RP286 - Google Earth a été supprimé.
114: 2008-03-25 15:59:49 UTC - RP285 - Supprimé Norton Security Scan


-- First Restore Point --
1: 2007-12-28 22:32:02 UTC - RP172 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-28 20:16:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\JACQUES\Local Settings\Temporary Internet Files\Content.IE5\JD9R3C17\dss[1].exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: DVD@ccess.lnk = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: lxct_device - Unknown owner - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


--
End of file - 16233 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not>
R2 s24trans (Transport RLAN) - c:\windows\system32\drivers\s24trans.sys <Not>
R2 tdudf (TOSHIBA UDF File System Driver) - c:\windows\system32\drivers\tdudf.sys <Not>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not>
R3 tdcmdpst (TOSHIBA Writing Engine Filter Driver) - c:\windows\system32\drivers\tdcmdpst.sys <Not>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not>

S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not>

S3 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" <Not>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte réseau 1394
Device ID: V1394\NIC1394\9940462923F69
Manufacturer: Microsoft
Name: Carte réseau 1394
PNP Device ID: V1394\NIC1394\9940462923F69
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 19:28:01 256 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2008-03-28 17:15:00 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job


-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-27 18:15:47 827 --a------ C:\Documents and Settings\JACQUES\vksabh.exe
2008-03-26 20:19:38 0 d---s---- C:\WINDOWS\system32\%SystemDrive% <SYSTE>
2008-03-26 20:19:24 0 d-------- C:\WINDOWS\WLTB Custom Button Feeds
2008-03-26 20:19:14 0 d-------- C:\WINDOWS\Google Toolbar
2008-03-26 14:32:16 0 d-------- C:\WINDOWS\pss
2008-03-25 20:36:01 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
2008-03-25 06:15:58 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-25 06:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-25 05:22:15 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Symantec
2008-03-24 23:09:59 1372 --a------ C:\Documents and Settings\JACQUES\thufnt.exe
2008-03-24 22:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-24 22:22:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-24 22:22:14 0 dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-24 19:25:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 19:24:35 0 d-------- C:\Program Files\Spyware Doctor
2008-03-24 19:24:35 0 d-------- C:\Documents and Settings\JACQUES\Application Data\PC Tools
2008-03-19 14:35:16 0 d-------- C:\Program Files\Babylon
2008-03-19 14:32:18 0 d-------- C:\Program Files\Trend Micro
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
2008-03-13 02:47:56 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-13 02:47:56 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-13 02:47:56 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-03-13 02:47:56 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-03-13 02:47:54 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-13 02:47:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-03-13 02:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 15:25:43 0 d-------- C:\Documents and Settings\JACQUES\Tracing
2008-03-11 11:55:31 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Grisoft
2008-03-11 11:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 13:52:19 0 d-------- C:\Program Files\AnVir Security Suite
2008-03-08 14:43:44 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 14:40:17 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 14:40:01 0 d-------- C:\Program Files\Windows Live
2008-03-08 14:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 13:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 02:22:23 0 d-------- C:\WINDOWS\system32\DRM


-- Find3M Report ---------------------------------------------------------------

2008-03-26 20:18:54 0 d-------- C:\Program Files\Google
2008-03-26 16:31:42 0 d-------- C:\Program Files\Alwil Software
2008-03-26 15:03:32 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-03-26 15:00:29 0 d-------- C:\Program Files\Fichiers communs
2008-03-24 19:26:29 500244 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-24 19:26:29 87236 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-17 19:11:44 0 d-------- C:\Program Files\Messenger
2008-03-16 20:00:36 0 d-------- C:\Program Files\eMule
2008-03-16 13:38:04 0 d-------- C:\Program Files\Java
2008-03-12 09:03:16 0 d-------- C:\Documents and Settings\JACQUES\Application Data\toshiba
2008-02-16 20:03:03 0 d-------- C:\Program Files\Rival Chess
2008-02-12 23:30:39 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Adobe
2008-02-11 15:40:19 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-09 04:01:45 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Anuman Interactive
2008-02-09 04:00:52 0 d-------- C:\Program Files\LiveCAD
2008-02-09 02:03:30 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-02-05 20:51:56 0 d-------- C:\Program Files\AskTBar
2008-02-04 14:57:56 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Nero
2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [17/04/2006 23:34 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 02:43 C:\WINDOWS\Alcmtr.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [24/03/2004 06:40]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 10:41]
"AGRSMMSG"="AGRSMMSG.exe" [18/03/2006 16:22 C:\WINDOWS\agrsmmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [09/12/2005 14:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [05/01/2006 06:58]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [05/01/2006 07:15]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 16:22]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [29/09/2003 15:00]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 15:15]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [16/02/2005 15:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [20/06/2006 14:37]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/07/2006 00:30]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [07/06/2006 04:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"@"="" []
"Flash Media"="C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/07/2007 18:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [23/07/2007 10:12]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [29/08/2007 15:42]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 08:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\JACQUES\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [11/12/2006 16:20:40]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [12/10/2006 13:04:39]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [18/07/2007 17:28:17]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [23/07/2007 10:12:47]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [07/07/2007 21:24:35]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 14:40:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
"TPSMain"=TPSMain.exe
"Zooming"=ZoomingHook.exe
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"TCtryIOHook"=TCtrlIOHook.exe
"TFncKy"=TFncKy.exe
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
"NDSTray.exe"=NDSTray.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b756b2e-23e2-11dc-af2e-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec49e91c-8f70-11db-aedc-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8004 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-28 20:17:41 ------------
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

Messagede nickW » 29 Mar 2008, 23:57

Bonsoir,

Tu n'as pas correctement réalisé cette étape:

Deckard's System Scanner (DSS) (de Deckard)
Télécharger Deckard's System Scanner (DSS) depuis http://deckard.geekstogo.com/dss.exe
Enregistrer ce fichier sur le Bureau.

Il faut faire un clic droit sur le lien ci-dessus, puis choisir Enregistrer la cible (du lien) sous..., dans la nouvelle fenêtre, dans Enregistrer dans: choisir le Bureau


Il y a une trace de Norton Antivirus.
As-tu cherché à le désinstaller?


Il faudrait désinstaller la barre d'outils Ask_Jeeves toolbar alias Ask toolbar


Quelques nettoyages:

Au vu de la longueur de la procédure, je te conseille de l'imprimer, d'enregistrer la page dans un fichier HTML (c'est la meilleure solution), ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection.


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).


Étape 1: Affichage tous fichiers
Vérifier que ton PC affiche bien tous les fichiers
http://assiste.com.free.fr/p/comment/co ... aches.html


Étape 2: OTMoveIt2 (de OldTimer)
Télécharger OTMoveIt2 via un clic droit sur le lien ci-dessous:
http://download.bleepingcomputer.com/ol ... oveIt2.exe
Enregistrer le fichier sur le Bureau.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK
Sélectionner toutes les lignes de la zone Code ci-dessous, puis appuyer simultanément sur les touches Ctrl et C
Code: Tout sélectionner
C:\Documents and Settings\JACQUES\vksabh.exe
C:\Documents and Settings\JACQUES\thufnt.exe


Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier (dans le menu Format) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom OTfichiers.txt
Fermer le Bloc-notes.
Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: MSNFix (de !aur3n7)
Fermer toutes les applications ouvertes (il y aura peut-être redémarrage).
Télécharger MSNFix.zip depuis http://sosvirus.changelog.fr/MSNFix.zip
Enregistrer ce fichier sur le Bureau.
Décompresser la totalité de l'archive (clic droit, Extraire tout).
Ouvrir le dossier MSNFix qui vient d'être créé sur le Bureau et faire un double clic sur MSNFix.bat pour lancer l'outil.
Choisir la langue française (F suivi de Entrée)
Choisir l'option R (Rechercher) puis faire Entrée.
Si une infection est détectée (un message le signale), appuyer sur une touche pour lancer le nettoyage.

Note :
Si une erreur de suppression est détectée, un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.


Étape 4: OTMoveIt2 (de OldTimer)
Faire un double clic sur OTMoveIt2.exe pour lancer l'outil.
Ouvrir le fichier OTfichiers.txt dans le Bloc-notes.
En sélectionner toutes les lignes puis appuyer simultanément sur les touches Ctrl et C

Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la fenêtre située en haut à gauche nommée "Paste Standard List of Files/Folders to Move" Image et choisir Coller.

Cliquer sur le bouton MoveIt! Image
Attendre la fin du travail de l'outil puis fermer OTMoveIt2.
Note: Un redémarrage est parfois nécessaire. S'il est demandé, cliquer sur Oui/Yes


Étape 5: Service
Arrêter puis désactiver un service:

Démarrer--->Exécuter
Taper services.msc puis cliquer sur OK
Descendre jusqu'à Boonty Games
Faire un clic droit dessus et choisir Propriétés
Vérifier que dans la case "Chemin d'accès des fichiers exécutables" il y a bien C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
Dans Statut du service, cliquer sur Arrêter (s'il n'est pas déjà arrêté)
Cliquer sur Appliquer,
Dans Type de démarrage, choisir Désactivé
Cliquer sur Appliquer, puis sur OK

Supprimer ce service:

Démarrer---->Exécuter
taper exactement
sc¤delete¤BOONTY
(le caractère ¤ représente un espace)
puis cliquer sur OK
Noter le message qui s'affiche (en cas d'échec).


Étape 6: HijackThis
Fermer toutes les fenêtres de programme.
Pas d'Internet Explorer ouvert.

Lancer HijackThis.
Cliquer sur le bouton "Do a system scan only" ou "Scan"
Vérifier que HijackThis fera des sauvegardes: Dans "Config", cocher "Make backups before fixing items", puis cliquer sur le bouton "Back".
Cocher la case située devant les lignes ci-dessous, puis cliquer sur Fix checked:
(si des lignes sont absentes, le signaler en réponse, après la fin de l'ensemble des étapes).

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

Fermer HijackThis.


Étape 7: Deckard's System Scanner (DSS) (de Deckard)
Fermer toutes les fenêtres de programme ouvertes.
Faire un double clic sur dss.exe situé sur le Bureau pour lancer l'installation et l'exécution de l'outil.

Cliquer sur OK lorsque cela est demandé (de 1 à 3 fois).
Lorsque l'outil a terminé le balayage, une ou deux fenêtres du Bloc-notes vont s'ouvrir, affichant le(s) rapport(s):
main.txt <- ouvert dans une fenêtre plein-écran
extra.txt <- ouvert dans une fenêtre réduite (ce fichier n'est pas créé à chaque fois)
Fermer cette (ces deux) fenêtre(s) du Bloc-notes.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de MSNFix (contenu du fichier ********-*******.txt situé dans le dossier MSNFix, les **** représentent la date et l'heure, en chiffres).
*- le rapport de OTMoveIt2 (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de Deckard's System Scanner (contenu du fichier main.txt situé dans le dossier C:\Deckard\System Scanner).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Win32Small-jmh

Messagede Démare » 30 Mar 2008, 02:25

Bonjour,
je te remercie, et espère que cette fois j'ais réussi.
pour le HijackThis, j'ais eu juste le F2, le reste n'y était pas.
je te joint les résultats que tu demande
de plus Northon a été desinstaller

merci a plus

Deckard's System Scanner v20071014.68
Run by JACQUES on 2008-03-28 20:10:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
118: 2008-03-28 19:11:06 UTC - RP289 - Deckard's System Scanner Restore Point
117: 2008-03-28 18:01:27 UTC - RP288 - Point de vérification système
116: 2008-03-26 22:06:31 UTC - RP287 - Spyware Doctor: Cleaning Threats
115: 2008-03-26 19:15:26 UTC - RP286 - Google Earth a été supprimé.
114: 2008-03-25 15:59:49 UTC - RP285 - Supprimé Norton Security Scan


-- First Restore Point --
1: 2007-12-28 22:32:02 UTC - RP172 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-28 20:16:21
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\searchindexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Neuf\Media Center\httpd\httpd.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Documents and Settings\JACQUES\Local Settings\Temporary Internet Files\Content.IE5\JD9R3C17\dss[1].exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: DVD@ccess.lnk = C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/ ... ontrol.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
O23 - Service: lxct_device - Unknown owner - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe


--
End of file - 16233 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not>
R1 TPwSav (Common Driver) - c:\windows\system32\drivers\tpwsav.sys <Not>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.9.0) - c:\windows\system32\drivers\aegisp.sys <Not>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not>
R2 DVDAccss - c:\windows\system32\drivers\dvdaccss.sys <Not>
R2 Netdevio (TOSHIBA Network Device Usermode I/O Protocol) - c:\windows\system32\drivers\netdevio.sys <Not>
R2 s24trans (Transport RLAN) - c:\windows\system32\drivers\s24trans.sys <Not>
R2 tdudf (TOSHIBA UDF File System Driver) - c:\windows\system32\drivers\tdudf.sys <Not>
R3 Iviaspi (IVI ASPI Shell) - c:\windows\system32\drivers\iviaspi.sys <Not>
R3 LVPrcMon (Logitech LVPrcMon Driver) - c:\windows\system32\drivers\lvprcmon.sys
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not>
R3 tdcmdpst (TOSHIBA Writing Engine Filter Driver) - c:\windows\system32\drivers\tdcmdpst.sys <Not>
R3 Tvs (TOSHIBA Virtual Sound with SRS technologies) - c:\windows\system32\drivers\tvs.sys <Not>

S3 PCASp50 (PCASp50 NDIS Protocol Driver) - c:\windows\system32\drivers\pcasp50.sys <Not>
S3 SymIM (Symantec Network Security Intermediate Filter Service) - c:\windows\system32\drivers\symim.sys (file missing)
S3 SymIMMP - c:\windows\system32\drivers\symim.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CFSvcs (ConfigFree Service) - c:\program files\toshiba\configfree\cfsvcs.exe <Not>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not>
R2 RegSrvc (Intel(R) PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not>
R2 TODDSrv (TOSHIBA Optical Disc Drive Service) - c:\windows\system32\toddsrv.exe <Not>

S3 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" <Not>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Carte réseau 1394
Device ID: V1394\NIC1394\9940462923F69
Manufacturer: Microsoft
Name: Carte réseau 1394
PNP Device ID: V1394\NIC1394\9940462923F69
Service: NIC1394


-- Scheduled Tasks -------------------------------------------------------------

2008-03-28 19:28:01 256 --a------ C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
2008-03-28 17:15:00 412 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job


-- Files created between 2008-02-28 and 2008-03-28 -----------------------------

2008-03-27 18:15:47 827 --a------ C:\Documents and Settings\JACQUES\vksabh.exe
2008-03-26 20:19:38 0 d---s---- C:\WINDOWS\system32\%SystemDrive% <SYSTE>
2008-03-26 20:19:24 0 d-------- C:\WINDOWS\WLTB Custom Button Feeds
2008-03-26 20:19:14 0 d-------- C:\WINDOWS\Google Toolbar
2008-03-26 14:32:16 0 d-------- C:\WINDOWS\pss
2008-03-25 20:36:01 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
2008-03-25 06:15:58 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-25 06:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-25 05:22:15 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Symantec
2008-03-24 23:09:59 1372 --a------ C:\Documents and Settings\JACQUES\thufnt.exe
2008-03-24 22:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-24 22:22:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-24 22:22:14 0 dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-24 19:25:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 19:24:35 0 d-------- C:\Program Files\Spyware Doctor
2008-03-24 19:24:35 0 d-------- C:\Documents and Settings\JACQUES\Application Data\PC Tools
2008-03-19 14:35:16 0 d-------- C:\Program Files\Babylon
2008-03-19 14:32:18 0 d-------- C:\Program Files\Trend Micro
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
2008-03-13 02:47:56 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-13 02:47:56 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-13 02:47:56 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-03-13 02:47:56 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-03-13 02:47:54 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-13 02:47:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-03-13 02:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 15:25:43 0 d-------- C:\Documents and Settings\JACQUES\Tracing
2008-03-11 11:55:31 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Grisoft
2008-03-11 11:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 13:52:19 0 d-------- C:\Program Files\AnVir Security Suite
2008-03-08 14:43:44 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 14:40:17 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 14:40:01 0 d-------- C:\Program Files\Windows Live
2008-03-08 14:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 13:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 02:22:23 0 d-------- C:\WINDOWS\system32\DRM


-- Find3M Report ---------------------------------------------------------------

2008-03-26 20:18:54 0 d-------- C:\Program Files\Google
2008-03-26 16:31:42 0 d-------- C:\Program Files\Alwil Software
2008-03-26 15:03:32 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-03-26 15:00:29 0 d-------- C:\Program Files\Fichiers communs
2008-03-24 19:26:29 500244 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-24 19:26:29 87236 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-17 19:11:44 0 d-------- C:\Program Files\Messenger
2008-03-16 20:00:36 0 d-------- C:\Program Files\eMule
2008-03-16 13:38:04 0 d-------- C:\Program Files\Java
2008-03-12 09:03:16 0 d-------- C:\Documents and Settings\JACQUES\Application Data\toshiba
2008-02-16 20:03:03 0 d-------- C:\Program Files\Rival Chess
2008-02-12 23:30:39 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Adobe
2008-02-11 15:40:19 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-09 04:01:45 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Anuman Interactive
2008-02-09 04:00:52 0 d-------- C:\Program Files\LiveCAD
2008-02-09 02:03:30 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-02-05 20:51:56 0 d-------- C:\Program Files\AskTBar
2008-02-04 14:57:56 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Nero
2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [17/04/2006 23:34 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 02:43 C:\WINDOWS\Alcmtr.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [24/03/2004 06:40]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 10:41]
"AGRSMMSG"="AGRSMMSG.exe" [18/03/2006 16:22 C:\WINDOWS\agrsmmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [09/12/2005 14:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [05/01/2006 06:58]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [05/01/2006 07:15]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 16:22]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [29/09/2003 15:00]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 15:15]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [16/02/2005 15:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [20/06/2006 14:37]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/07/2006 00:30]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [07/06/2006 04:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"@"="" []
"Flash Media"="C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/07/2007 18:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [23/07/2007 10:12]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [29/08/2007 15:42]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 08:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\JACQUES\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [11/12/2006 16:20:40]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [12/10/2006 13:04:39]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [18/07/2007 17:28:17]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [23/07/2007 10:12:47]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [07/07/2007 21:24:35]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 14:40:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
"TPSMain"=TPSMain.exe
"Zooming"=ZoomingHook.exe
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"TCtryIOHook"=TCtrlIOHook.exe
"TFncKy"=TFncKy.exe
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
"NDSTray.exe"=NDSTray.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b756b2e-23e2-11dc-af2e-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec49e91c-8f70-11db-aedc-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8004 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-03-28 20:17:41 ------------
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

Win32Small-jmh

Messagede Démare » 30 Mar 2008, 02:30

voici la suite

File/Folder C:\Documents and Settings\JACQUES\vksabh.exe not found.
File/Folder C:\Documents and Settings\JACQUES\thufnt.exe not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03302008_012047


et le rapport Deckard

Deckard's System Scanner v20071014.68
Run by JACQUES on 2008-03-30 01:53:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as JACQUES.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:53:08, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\JACQUES\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JACQUES.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 13486 bytes

-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 00:40:44 245760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not>
2008-03-28 20:20:43 0 d-------- C:\Program Files\Navilog1
2008-03-26 20:19:38 0 d---s---- C:\WINDOWS\system32\%SystemDrive% <SYSTE>
2008-03-26 20:19:24 0 d-------- C:\WINDOWS\WLTB Custom Button Feeds
2008-03-26 20:19:14 0 d-------- C:\WINDOWS\Google Toolbar
2008-03-26 14:32:16 0 d-------- C:\WINDOWS\pss
2008-03-25 20:36:01 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
2008-03-25 06:15:58 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-25 06:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-25 05:22:15 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Symantec
2008-03-24 22:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-24 22:22:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-24 22:22:14 0 dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-24 19:25:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 19:24:35 0 d-------- C:\Program Files\Spyware Doctor
2008-03-24 19:24:35 0 d-------- C:\Documents and Settings\JACQUES\Application Data\PC Tools
2008-03-19 14:35:16 0 d-------- C:\Program Files\Babylon
2008-03-19 14:32:18 0 d-------- C:\Program Files\Trend Micro
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
2008-03-13 02:47:56 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-13 02:47:56 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-13 02:47:56 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-03-13 02:47:56 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-03-13 02:47:54 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-13 02:47:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-03-13 02:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 15:25:43 0 d-------- C:\Documents and Settings\JACQUES\Tracing
2008-03-11 11:55:31 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Grisoft
2008-03-11 11:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 13:52:19 0 d-------- C:\Program Files\AnVir Security Suite
2008-03-08 14:43:44 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 14:40:17 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 14:40:01 0 d-------- C:\Program Files\Windows Live
2008-03-08 14:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 13:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 02:22:23 0 d-------- C:\WINDOWS\system32\DRM


-- Find3M Report ---------------------------------------------------------------

2008-03-26 20:18:54 0 d-------- C:\Program Files\Google
2008-03-26 16:31:42 0 d-------- C:\Program Files\Alwil Software
2008-03-26 15:03:32 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-03-26 15:00:29 0 d-------- C:\Program Files\Fichiers communs
2008-03-24 19:26:29 500244 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-24 19:26:29 87236 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-17 19:11:44 0 d-------- C:\Program Files\Messenger
2008-03-16 20:00:36 0 d-------- C:\Program Files\eMule
2008-03-16 13:38:04 0 d-------- C:\Program Files\Java
2008-03-12 09:03:16 0 d-------- C:\Documents and Settings\JACQUES\Application Data\toshiba
2008-02-16 20:03:03 0 d-------- C:\Program Files\Rival Chess
2008-02-12 23:30:39 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Adobe
2008-02-11 15:40:19 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-09 04:01:45 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Anuman Interactive
2008-02-09 04:00:52 0 d-------- C:\Program Files\LiveCAD
2008-02-09 02:03:30 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-02-05 20:51:56 0 d-------- C:\Program Files\AskTBar
2008-02-04 14:57:56 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Nero
2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [17/04/2006 23:34 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 02:43 C:\WINDOWS\Alcmtr.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [24/03/2004 06:40]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 10:41]
"AGRSMMSG"="AGRSMMSG.exe" [18/03/2006 16:22 C:\WINDOWS\agrsmmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [09/12/2005 14:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [05/01/2006 06:58]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [05/01/2006 07:15]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 16:22]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [29/09/2003 15:00]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 15:15]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [16/02/2005 15:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [20/06/2006 14:37]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/07/2006 00:30]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [07/06/2006 04:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/07/2007 18:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [23/07/2007 10:12]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [29/08/2007 15:42]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 08:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\JACQUES\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [11/12/2006 16:20:40]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [12/10/2006 13:04:39]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [18/07/2007 17:28:17]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [23/07/2007 10:12:47]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [07/07/2007 21:24:35]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 14:40:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
"TPSMain"=TPSMain.exe
"Zooming"=ZoomingHook.exe
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"TCtryIOHook"=TCtrlIOHook.exe
"TFncKy"=TFncKy.exe
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
"NDSTray.exe"=NDSTray.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b756b2e-23e2-11dc-af2e-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec49e91c-8f70-11db-aedc-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs




-- End of Deckard's System Scanner: finished at 2008-03-30 01:53:35 ------------
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

Messagede nickW » 30 Mar 2008, 08:58

Bonjour,

Un petit schmilblic dans ta dernière réponse.

Dans ton message du Ven 28/03/2008 à 20h52'36", on lit:
Deckard's System Scanner v20071014.68
Run by JACQUES on 2008-03-28 20:10:53


Dans ton message du Dim 30/03/2008 à 02h25'29", on lit:
Deckard's System Scanner v20071014.68
Run by JACQUES on 2008-03-28 20:10:53


Peux-tu envoyer le fichier main.txt daté du 30/03/2008?
(dans le dossier C:\Deckard\System Scanner)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Win32Small-jmh

Messagede Démare » 30 Mar 2008, 13:05

bonjour,
voici le rapport que tu souhaites

Deckard's System Scanner v20071014.68
Run by JACQUES on 2008-03-30 01:53:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as JACQUES.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:53:08, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Lexmark 5400 Series\lxctmon.exe
C:\Program Files\Lexmark 5400 Series\ezprint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\JACQUES\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JACQUES.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\Neuf\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe

--
End of file - 13486 bytes

-- Files created between 2008-02-29 and 2008-03-30 -----------------------------

2008-03-30 00:40:44 245760 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not>
2008-03-28 20:20:43 0 d-------- C:\Program Files\Navilog1
2008-03-26 20:19:38 0 d---s---- C:\WINDOWS\system32\%SystemDrive% <SYSTE>
2008-03-26 20:19:24 0 d-------- C:\WINDOWS\WLTB Custom Button Feeds
2008-03-26 20:19:14 0 d-------- C:\WINDOWS\Google Toolbar
2008-03-26 14:32:16 0 d-------- C:\WINDOWS\pss
2008-03-25 20:36:01 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
2008-03-25 06:15:58 0 d-------- C:\Program Files\Norton AntiVirus
2008-03-25 06:15:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-25 05:22:15 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Symantec
2008-03-24 22:22:23 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-24 22:22:15 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-24 22:22:14 0 dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-24 19:25:01 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 19:24:35 0 d-------- C:\Program Files\Spyware Doctor
2008-03-24 19:24:35 0 d-------- C:\Documents and Settings\JACQUES\Application Data\PC Tools
2008-03-19 14:35:16 0 d-------- C:\Program Files\Babylon
2008-03-19 14:32:18 0 d-------- C:\Program Files\Trend Micro
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Identities
2008-03-13 02:47:57 0 d-------- C:\Documents and Settings\Administrateur\Application Data\Adobe
2008-03-13 02:47:56 0 dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-13 02:47:56 0 d--hs---- C:\Documents and Settings\Administrateur\Cookies
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-13 02:47:56 0 dr-h----- C:\Documents and Settings\Administrateur\Application Data
2008-03-13 02:47:56 0 d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba
2008-03-13 02:47:56 0 d---s---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2008-03-13 02:47:54 0 d--h----- C:\Documents and Settings\Administrateur\Local Settings
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-13 02:47:53 0 d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\SendTo
2008-03-13 02:47:53 0 dr-h----- C:\Documents and Settings\Administrateur\Recent
2008-03-13 02:47:53 0 d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-13 02:47:53 0 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-13 02:47:51 1048576 --ah----- C:\Documents and Settings\Administrateur\NTUSER.DAT
2008-03-13 02:20:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-12 15:25:43 0 d-------- C:\Documents and Settings\JACQUES\Tracing
2008-03-11 11:55:31 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Grisoft
2008-03-11 11:55:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-09 13:52:19 0 d-------- C:\Program Files\AnVir Security Suite
2008-03-08 14:43:44 0 d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 14:40:17 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-08 14:40:01 0 d-------- C:\Program Files\Windows Live
2008-03-08 14:39:42 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 13:31:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-04 02:22:23 0 d-------- C:\WINDOWS\system32\DRM


-- Find3M Report ---------------------------------------------------------------

2008-03-26 20:18:54 0 d-------- C:\Program Files\Google
2008-03-26 16:31:42 0 d-------- C:\Program Files\Alwil Software
2008-03-26 15:03:32 0 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-03-26 15:00:29 0 d-------- C:\Program Files\Fichiers communs
2008-03-24 19:26:29 500244 --a------ C:\WINDOWS\system32\perfh00C.dat
2008-03-24 19:26:29 87236 --a------ C:\WINDOWS\system32\perfc00C.dat
2008-03-17 19:11:44 0 d-------- C:\Program Files\Messenger
2008-03-16 20:00:36 0 d-------- C:\Program Files\eMule
2008-03-16 13:38:04 0 d-------- C:\Program Files\Java
2008-03-12 09:03:16 0 d-------- C:\Documents and Settings\JACQUES\Application Data\toshiba
2008-02-16 20:03:03 0 d-------- C:\Program Files\Rival Chess
2008-02-12 23:30:39 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Adobe
2008-02-11 15:40:19 0 d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-09 04:01:45 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Anuman Interactive
2008-02-09 04:00:52 0 d-------- C:\Program Files\LiveCAD
2008-02-09 02:03:30 0 d-------- C:\Program Files\Fichiers communs\Nero
2008-02-05 20:51:56 0 d-------- C:\Program Files\AskTBar
2008-02-04 14:57:56 0 d-------- C:\Documents and Settings\JACQUES\Application Data\Nero
2008-02-01 11:17:40 587264 --a------ C:\WINDOWS\WLXPGSS.SCR <Not>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [17/04/2006 23:34 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [04/05/2005 02:43 C:\WINDOWS\Alcmtr.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [24/03/2004 06:40]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [05/12/2005 11:37]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [28/11/2005 10:41]
"AGRSMMSG"="AGRSMMSG.exe" [18/03/2006 16:22 C:\WINDOWS\agrsmmsg.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [09/12/2005 14:32]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [05/01/2006 06:58]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [05/01/2006 07:15]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [01/11/2004 16:22]
"SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [29/09/2003 15:00]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 15:15]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [16/02/2005 15:15]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" []
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [20/06/2006 14:37]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [11/07/2006 00:30]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [07/06/2006 04:05]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 10:25]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 14:00]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [01/02/2008 12:55]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" []
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [15/07/2007 18:56]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [23/07/2007 10:12]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [27/12/2006 15:53]
"Neuf Media Center"="C:\Program Files\Neuf\Media Center\MediaCenter.exe" [29/08/2007 15:42]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [03/11/2006 08:59]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 11:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SymLnch"="C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JACQUES\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAV_ESD\20070828\Setup.exe" "/UPREBOOT /temp /patched"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

C:\Documents and Settings\JACQUES\Menu D‚marrer\Programmes\D‚marrage\
Dragon NaturallySpeaking.lnk - C:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [11/12/2006 16:20:40]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [12/10/2006 13:04:39]
DVD@ccess.lnk - C:\Program Files\Apple Computer\DVD@ccess\DVDAccess.exe [18/07/2007 17:28:17]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [23/07/2007 10:12:47]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [07/07/2007 21:24:35]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [05/02/2007 14:40:46]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\JACQUES\LOCALS~1\Temp\Répertoire temporaire 1 pour catchme.zip\services.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"TOSCDSPD"=C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe
"TPNF"=C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
"TPSMain"=TPSMain.exe
"Zooming"=ZoomingHook.exe
"Tvs"=C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
"CeEKEY"=C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
"DDWMon"=C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
"TCtryIOHook"=TCtrlIOHook.exe
"TFncKy"=TFncKy.exe
"SVPWUTIL"=C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
"SmoothView"=C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
"PadTouch"=C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
"HWSetup"=C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
"NDSTray.exe"=NDSTray.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b756b2e-23e2-11dc-af2e-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec49e91c-8f70-11db-aedc-0016d42b516b}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs




-- End of Deckard's System Scanner: finished at 2008-03-30 01:53:35 ------------
cheval de troie
Démare
 
Messages: 28
Inscription: 21 Mar 2008, 13:33

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 19 invités