Voili voilou !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:47:00, on 18/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared
Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft
Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
C:\Program Files\Lexmark 4300 Series\ezprint.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers
communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\miniMIZE\miniMIZE.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft
Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Carole\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Search Bar =
search.msn.fr…
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL =
[C:\APPS\IE\offline\fr.htm…](file://C:\APPS\IE\offline\fr.htm)
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Start Page =
go.microsoft.com…
LinkId=56626&homepage=http://www.microsoft.com/isapi/r
edir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver=
{SUB_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Connection
Wizard,ShellNext = www.google.fr…
R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-
C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Fichiers
communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-
0000E86C26F6} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-
BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion
Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6}
- C:\Program Files\Fichiers communs\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM…\Run: [IMJPMIG8.1]
“C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE” /Spoil /RemAdvDef
/Migration32
O4 - HKLM…\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM…\Run: [PHIME2002A] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM…\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM…\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM…\Run: [PCMService]
“c:\Apps\Powercinema\PCMService.exe”
O4 - HKLM…\Run: [LXCECATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM…\Run: [lxcemon.exe] "C:\Program
Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM…\Run: [EzPrint] "C:\Program Files\Lexmark
4300 Series\ezprint.exe"
O4 - HKLM…\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM…\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM…\Run: [Zone Labs Client] "C:\Program
Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1
\Avast4\ashDisp.exe
O4 - HKLM…\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKLM…\Run: [Windows Defender] "C:\Program
Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM…\Run: [ISUSPM Startup] C:\PROGRA~1
\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM…\Run: [ISUSScheduler] "C:\Program
Files\Fichiers
communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM…\Run: [ZoneAlarm Client] "C:\Program
Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM…\Run: [TkBellExe] "C:\Program
Files\Fichiers communs\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM…\Run: [Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0
\Reader\Reader_sl.exe"
O4 - HKCU…\Run: [MsnMsgr] "C:\Program Files\Windows
Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32
\ctfmon.exe
O4 - HKCU…\Run: [Pando] "C:\Program Files\Pando
Networks\Pando\Pando.exe" /Minimized
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Raccourci vers miniMIZE.lnk = C:\Program
Files\miniMIZE\miniMIZE.exe
O4 - Global Startup: Thumbs.db
O8 - Extra context menu item: &Search -
ko.bar.need2find.com…
O8 - Extra context menu item: E&xporter vers Microsoft
Excel - C:\PROGRA~1\MICROS~2\Office12…
\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique
&Bluetooth… - C:\Program Files\WIDCOMM\Bluetooth
Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-
AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-
B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12
\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-
46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program
Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-
98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF:
START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} -
messenger.zone.msn.com…
.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
(Windows Genuine Advantage Validation Tool) -
go.microsoft.com…
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1}
(CMediaMix Object) -
musicmix.messenger.msn.com…
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN
Photo Upload Tool) -
1630rovellodrive.spaces.live.com…
snPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
(UnoCtrl Class) - messenger.zone.msn.com…
FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
update.microsoft.com…
ols/en/x86/client/muweb_site.cab?1177619417765
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
messenger.zone.msn.com…
ent.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7}
(PhotoPickConvert Class) -
appdirectory.messenger.msn.com…
pps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
messenger.zone.msn.com…
lient.cab56907.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} -
msnfr.oberon-…
media.com/online2/MSN_INTL_FRANCE/diner_dash/DinerDash
.1.0.0.80.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8}
(GoPetsWeb Control) -
secure.gopetslive.com…
O18 - Filter hijack: text/html - (no CLSID) - (no
file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice)
- Lavasoft - C:\Program Files\Lavasoft\Ad-
Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) -
America Online, Inc. - C:\PROGRA~1\FICHIE~1
\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv)
- ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies
Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner -
C:\Program Files\Fichiers communs\BOONTY
Shared\Service\Boonty.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom
Corporation. - C:\Program Files\WIDCOMM\Bluetooth
Software\bin\btwdins.exe
O23 - Service: CyberLink Background Capture Service
(CBCS) (CLCapSvc) - Unknown owner -
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS)
(CLSched) - Unknown owner -
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service -
Cyberlink - C:\Program Files\CyberLink\Shared
Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input
Collections (GenericHidService) - Unknown owner -
c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google
- C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT)
- Unknown owner - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
(file missing)
O23 - Service: iPod Service - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxce_device - Lexmark International,
Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: MySqlInventime - Unknown owner -
c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SmartLinkService (SLService) - -
C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) -
Zone Labs, LLC - C:\WINDOWS\system32
\ZoneLabs\vsmon.exe
–
End of file - 11746 bytes