Aller au contenu

Dark Sauron

Membres
  • Compteur de contenus

    39
  • Inscription

  • Dernière visite

Dark Sauron's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Bonjour, Je viens de monter mon PC mais quand je veux booter le cd du système d'exploitation (en l'occurrence vista), j'obtiens cette erreur : disk boot failure, insert system disk and press enter Ce que j'ai déjà vérifié : -les branchements à l'intérieur du PC : tout a l'air OK : je précise que mon HD est en SATA master et il est reconnu en temps que tel par le bios -CDROM est bien en First Boot Device Merci de votre aide !
  2. Salut, Le PC a l'air de bien aller, je te remercie !
  3. C'est fait ! Voilà le rapport : BitDefender Online Scanner Scan report generated at: Wed, Aug 15, 2007 - 19:59:08 Scan path: C:\;D:\;E:\; Statistics Time 01:21:48 Files 267198 Folders 8358 Boot Sectors 4 Archives 7164 Packed Files 9315 Results Identified Viruses 1 Infected Files 1 Suspect Files 2 Warnings 0 Disinfected 0 Deleted Files 3 Engines Info Virus Definitions 712333 Engine build AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22) Scan plugins 14 Archive plugins 37 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\{8E94F725-8C1B-4DBD-B9F5-A623113F7B57}\Pando.msi=>(Embedded CAB)=>oovooinst.exe Suspected of: BehavesLike:Trojan.Downloader C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\{8E94F725-8C1B-4DBD-B9F5-A623113F7B57}\Pando.msi=>(Embedded CAB)=>oovooinst.exe Disinfection failed C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\{8E94F725-8C1B-4DBD-B9F5-A623113F7B57}\Pando.msi=>(Embedded CAB)=>oovooinst.exe Deleted C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\{8E94F725-8C1B-4DBD-B9F5-A623113F7B57}\Pando.msi=>(Embedded CAB) Update failed C:\Program Files\Pando Networks\Pando\oovooInst.exe Suspected of: BehavesLike:Trojan.Downloader C:\Program Files\Pando Networks\Pando\oovooInst.exe Disinfection failed C:\Program Files\Pando Networks\Pando\oovooInst.exe Deleted C:\Program Files\Saxo\Modules\MachineID.dll Infected with: Backdoor.Pcclient.GV C:\Program Files\Saxo\Modules\MachineID.dll Disinfection failed C:\Program Files\Saxo\Modules\MachineID.dll Deleted
  4. Salut, désolé du retard mais j'étais en vacances Voici le rapport Vundofix : VundoFix V6.3.17 Checking Java version... Java version is 1.5.0.7 Old versions of java are exploitable and should be removed. Java version is 1.5.0.9 Old versions of java are exploitable and should be removed. Java version is 1.5.0.10 Scan started at 18:44:08 25/03/2007 Listing files found while scanning.... No infected files were found. Et le scan Kaspersky n'a rien trouvé.
  5. Le sky sweeper de ton lien est une nouvelle version, ce qui fait que ton tutorial ne marche pas pour celui là. J'ai réussi à faire un scan mais pas moyende trouver de log. Je vais te mettre le nom de ce qu'il m'a mis en quarantaine : virtumonde mediaplex cookie overture cookie pointroll cookie yieldmanager cookie weborama cookie atlas dmt cookie bluestreak cookie xiti cookie Et voilà !
  6. Et voilà ! Logfile of HijackThis v1.99.1 Scan saved at 08:42:34, on 25/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Realtek\InstallShield\AzMixerSel.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\lvcomsx.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\DAP\DAP.EXE C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe C:\WINDOWS\system32\ctfmon.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\eMule\emule.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Mozilla Firefox\firefox.exe D:\Mes documents\Mes téléchargements\Scanner.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {749BFA5F-D5BB-4932-9F46-4CFFAF8DF94C} - C:\WINDOWS\system32\pmkhf.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: ssqqron - ssqqron.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
  7. Salut regis56 et merci de m'aider ! Concernant l'infection c'était une infection Ultimatefixer que j'ai traiter selon la méthode décrite ici. Voici le premier rapport : Rapport lopxpMH2 version 2.0 fait à 21:32:25,90 le 24/07/2007 C:\Documents and Settings\Cyril D'Halluin\Bureau ****************************************** ## Répertoires Application Data Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\Administrateur\Application Data 01/06/2007 23:12 <REP> . 01/06/2007 23:12 <REP> .. 01/06/2007 23:12 <REP> Identities 01/06/2007 23:12 <REP> Microsoft 01/06/2007 23:13 62 desktop.ini 1 fichier(s) 62 octets 4 Rép(s) 3 310 860 288 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data 01/06/2007 23:12 <REP> . 01/06/2007 23:12 <REP> .. 01/06/2007 23:12 <REP> Acer Arcade 01/06/2007 23:12 <REP> ApplicationHistory 01/06/2007 23:12 <REP> Microsoft 01/06/2007 23:12 135 fusioncache.dat 01/06/2007 23:12 34 232 GDIPFONTCACHEV1.DAT 01/06/2007 23:13 1 930 896 IconCache.db 3 fichier(s) 1 965 263 octets 5 Rép(s) 3 310 845 952 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\All Users\Application Data 15/04/2006 16:41 <REP> . 15/04/2006 16:41 <REP> .. 06/02/2007 21:57 <REP> Adobe 19/09/2006 10:36 <REP> Apple Computer 15/04/2006 17:05 <REP> CyberLink 29/06/2007 21:57 <REP> Grisoft 19/09/2006 03:22 <REP> Intel 31/10/2006 17:15 <REP> Macrovision 15/04/2006 16:41 <REP> Microsoft 07/06/2007 17:32 <REP> NtiDvdCopy 19/09/2006 11:23 <REP> Spybot - Search & Destroy 15/04/2006 17:26 <REP> Symantec 06/05/2007 13:44 <REP> TEMP 19/09/2006 09:18 <REP> Windows Genuine Advantage 15/04/2006 16:41 62 desktop.ini 01/10/2006 22:58 203 hpzinstall.log 06/06/2007 15:20 57 344 jmrotsvu.exe 26/11/2006 14:34 1 759 QTSBandwidthCache 4 fichier(s) 59 368 octets 14 Rép(s) 3 310 844 416 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\Cyril D'Halluin\Application Data 19/09/2006 03:16 <REP> . 19/09/2006 03:16 <REP> .. 19/09/2006 13:15 <REP> Adobe 19/09/2006 13:16 <REP> AdobeUM 26/11/2006 14:34 <REP> Apple Computer 19/09/2006 03:20 <REP> ATI 15/10/2006 20:25 <REP> BSplayer 25/11/2006 20:37 <REP> CopyToDvd 18/09/2006 22:08 <REP> CyberLink 24/07/2007 11:09 <REP> Google 19/09/2006 03:16 <REP> Identities 19/09/2006 11:16 <REP> Lavasoft 16/11/2006 11:18 <REP> Leadertech 19/09/2006 03:16 <REP> Macromedia 19/09/2006 03:16 <REP> Microsoft 19/09/2006 09:03 <REP> Mozilla 22/10/2006 20:14 <REP> My Games 06/06/2007 19:06 <REP> Publish Providers 19/09/2006 10:38 <REP> Real 04/11/2006 13:58 <REP> SMov 06/06/2007 14:14 <REP> Sony 19/09/2006 23:51 <REP> Sun 04/11/2006 13:50 <REP> Talkback 24/07/2007 11:18 <REP> Ultimate Fixer 19/09/2006 11:14 <REP> vlc 25/11/2006 20:35 <REP> Vso 19/09/2006 03:16 62 desktop.ini 25/11/2006 20:35 81 920 ezpinst.exe 25/11/2006 20:35 7 176 pcouffin.cat 25/11/2006 20:35 1 144 pcouffin.inf 25/11/2006 20:35 34 pcouffin.log 25/11/2006 20:35 47 360 pcouffin.sys 6 fichier(s) 137 696 octets 26 Rép(s) 3 310 841 344 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data 19/09/2006 03:16 <REP> . 19/09/2006 03:16 <REP> .. 19/09/2006 03:16 <REP> Acer Arcade 19/09/2006 13:15 <REP> Adobe 20/09/2006 22:30 <REP> Apple Computer 19/09/2006 03:16 <REP> ApplicationHistory 19/09/2006 03:20 <REP> ATI 19/09/2006 10:38 <REP> Google 17/06/2007 18:00 <REP> Help 02/10/2006 19:05 <REP> Identities 19/09/2006 03:16 <REP> Microsoft 19/09/2006 09:04 <REP> Mozilla 18/09/2006 22:09 <REP> Powercinema 06/06/2007 14:14 <REP> Sony 27/10/2006 22:32 <REP> Stardock 19/09/2006 19:30 100 352 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 19/09/2006 03:16 138 fusioncache.dat 19/09/2006 03:16 54 648 GDIPFONTCACHEV1.DAT 29/10/2006 00:52 2 042 572 IconCache.db 4 fichier(s) 2 197 710 octets 15 Rép(s) 3 310 841 344 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\Default User\Application Data 15/04/2006 16:41 <REP> . 15/04/2006 16:41 <REP> .. 19/09/2006 03:15 <REP> Identities 15/04/2006 16:41 <REP> Microsoft 15/04/2006 16:41 62 desktop.ini 1 fichier(s) 62 octets 4 Rép(s) 3 310 841 344 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data 15/04/2006 16:41 <REP> . 15/04/2006 16:41 <REP> .. 19/09/2006 03:15 <REP> Acer Arcade 19/09/2006 03:15 <REP> ApplicationHistory 15/04/2006 16:46 <REP> Microsoft 19/09/2006 03:15 135 fusioncache.dat 19/09/2006 03:15 34 232 GDIPFONTCACHEV1.DAT 2 fichier(s) 34 367 octets 5 Rép(s) 3 310 840 832 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\LocalService\Application Data 15/04/2006 16:50 <REP> . 15/04/2006 16:50 <REP> .. 15/04/2006 16:41 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 3 310 840 320 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data 15/04/2006 16:50 <REP> . 15/04/2006 16:50 <REP> .. 15/04/2006 16:50 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 3 310 839 808 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\NetworkService\Application Data 15/04/2006 16:50 <REP> . 15/04/2006 16:50 <REP> .. 15/04/2006 16:41 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 3 310 839 296 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data 15/04/2006 16:50 <REP> . 15/04/2006 16:50 <REP> .. 15/04/2006 16:50 <REP> Microsoft 0 fichier(s) 0 octets 3 Rép(s) 3 310 839 296 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data 15/04/2006 16:41 <REP> . 15/04/2006 16:41 <REP> .. 19/09/2006 03:15 <REP> Identities 19/09/2006 03:22 <REP> Intel 15/04/2006 16:41 <REP> Microsoft 19/09/2006 03:15 <REP> Symantec 15/04/2006 16:41 62 desktop.ini 1 fichier(s) 62 octets 6 Rép(s) 3 310 838 272 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data 15/04/2006 16:41 <REP> . 15/04/2006 16:41 <REP> .. 19/09/2006 03:15 <REP> Acer Arcade 19/09/2006 03:15 <REP> ApplicationHistory 15/04/2006 16:46 <REP> Microsoft 19/09/2006 03:15 135 fusioncache.dat 19/09/2006 03:15 34 232 GDIPFONTCACHEV1.DAT 19/09/2006 03:15 2 662 646 IconCache.db 3 fichier(s) 2 697 013 octets 5 Rép(s) 3 310 802 944 octets libres ****************************************** Recherche des taches planifiées dans C:\WINDOWS\tasks ****************************************** ## Répertoires de C:\Program Files Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 787E-4840 Répertoire de C:\Program Files 24/07/2007 16:29 <REP> . 24/07/2007 16:29 <REP> .. 19/09/2006 09:26 <REP> 7-Zip 15/04/2006 17:04 <REP> Acer 15/04/2006 17:02 <REP> Acer Inc 15/04/2006 17:03 <REP> Adobe 06/10/2006 19:49 <REP> Alcohol Soft 17/07/2007 20:45 <REP> Alice 19/09/2006 11:44 <REP> Alwil Software 03/06/2007 22:00 <REP> ApprenezLesPremiersSecours 30/06/2007 15:23 <REP> Ascaron Entertainment 30/06/2007 12:50 <REP> Atari 19/09/2006 03:17 <REP> ATI Technologies 04/07/2007 21:00 <REP> BitComet 01/12/2006 21:17 <REP> Black Isle 19/09/2006 11:14 <REP> CCleaner 16/12/2006 13:29 <REP> Common Files 15/04/2006 16:45 <REP> ComPlus Applications 15/04/2006 17:04 <REP> CyberLink 08/05/2007 18:24 <REP> DAP 24/07/2007 16:29 <REP> DivX 18/09/2006 23:21 <REP> EA GAMES 13/04/2007 19:23 <REP> EasyPHP1-8 24/07/2007 20:47 <REP> eMule 06/06/2007 15:21 <REP> Fichiers communs 01/11/2006 16:39 <REP> FileZilla 22/10/2006 20:03 <REP> Firaxis Games 06/05/2007 16:57 <REP> FlashGet 27/10/2006 21:43 <REP> FLVPlayer 31/12/2006 17:53 <REP> Freecorp 25/11/2006 23:12 <REP> Gabest 26/11/2006 01:19 <REP> GIMP-2.0 24/07/2007 11:09 <REP> Google 01/06/2007 23:06 <REP> Grisoft 01/10/2006 23:00 <REP> Hewlett-Packard 07/06/2007 17:56 <REP> InfraRecorder 15/04/2006 16:52 <REP> Intel 10/11/2006 22:41 <REP> IntelliTamper 16/06/2007 02:31 <REP> Internet Explorer 06/06/2007 19:12 <REP> Java 09/02/2007 12:05 <REP> JoWood 19/09/2006 08:56 <REP> Kit ADSL 19/09/2006 03:28 <REP> Launch Manager 19/09/2006 11:16 <REP> Lavasoft 04/11/2006 12:47 <REP> Macromedia 05/07/2007 22:24 <REP> Managed DirectX (0901) 28/11/2006 18:28 <REP> MaxTV Online 07/06/2007 17:53 <REP> Messenger 20/09/2006 21:19 <REP> Microsoft ActiveSync 15/04/2006 16:47 <REP> microsoft frontpage 11/05/2007 20:25 <REP> Microsoft Games 19/09/2006 03:35 <REP> Microsoft Office 19/09/2006 03:35 <REP> Microsoft Works 15/04/2006 16:45 <REP> Movie Maker 24/07/2007 17:52 <REP> Mozilla Firefox 27/10/2006 22:26 <REP> MP3 Player Utilities 3.57 15/04/2006 16:44 <REP> MSN 15/04/2006 16:45 <REP> MSN Gaming Zone 18/02/2007 21:47 <REP> MSN Messenger 18/11/2006 07:06 <REP> MSXML 4.0 20/09/2006 22:06 <REP> MultiProxy 06/06/2007 15:37 <REP> Navilog1 23/07/2007 22:23 <REP> NetMeeting 15/04/2006 17:10 <REP> NewTech Infosystems 15/04/2006 16:45 <REP> Online Services 16/06/2007 02:33 <REP> Outlook Express 07/07/2007 15:07 <REP> Project 3 Interactive 19/09/2006 10:36 <REP> QuickTime 19/09/2006 10:38 <REP> Real 15/04/2006 16:55 <REP> Realtek 23/07/2007 21:41 <REP> RealVNC 05/07/2007 22:37 <REP> ReflexiveArcade 27/10/2006 22:56 <REP> Replay Converter 26/02/2007 11:06 <REP> Saxo 15/04/2006 16:46 <REP> Services en ligne 15/10/2006 15:01 <REP> SlySoft 06/06/2007 14:13 <REP> Sony 06/06/2007 14:08 <REP> Sony Setup 09/02/2007 12:17 <REP> SpellForce 06/06/2007 19:44 <REP> Spybot - Search & Destroy 31/12/2006 17:31 <REP> SubSync 19/09/2006 11:46 <REP> Sunbelt Software 15/04/2006 17:00 <REP> Synaptics 10/11/2006 20:15 <REP> The Adventure Company 19/09/2006 11:15 <REP> ToniArts 24/07/2007 11:18 <REP> Ultimate Fixer 31/12/2006 17:43 <REP> URUSoft 19/09/2006 08:57 <REP> USB Driver-Express 19/09/2006 11:13 <REP> VideoLAN 25/11/2006 20:35 <REP> VSO 06/06/2007 14:11 <REP> Vstplugins 15/10/2006 20:25 <REP> Webteh 19/09/2006 11:33 <REP> Windows Installer Clean Up 15/12/2006 21:19 <REP> Windows Media Connect 2 13/04/2007 19:23 <REP> Windows Media Player 15/04/2006 16:44 <REP> Windows NT 19/09/2006 03:22 <REP> WinPCap 15/04/2006 16:47 <REP> xerox 0 fichier(s) 0 octets 98 Rép(s) 3 310 827 520 octets libres ****************************************** ## Popups autorisées * Internet Explorer ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow * Mozilla Firefox (1 autorisé 2 interdit) ---------- C:\DOCUMENTS AND SETTINGS\CYRIL D'HALLUIN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\B1043Z5L.DEFAULT\HOSTPERM.1 ****************************************** ## Registre * [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] jmrotsvu.exe REG_SZ C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe ****************************************** ## Zones de sécurité * HKCU Domains (4) * P3P History (5) ****************************************** ## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif" *************** Fin du rapport **************** Et voici le rapport combofix : "Cyril D'Halluin" - 2007-07-24 21:41:49 [GMT 2:00] - ComboFix 07-07-24 - Service Pack 2 NTFS ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\DOCUME~1\CYRILD~1\APPLIC~1.\Ultimate Fixer C:\DOCUME~1\CYRILD~1\APPLIC~1.\Ultimate Fixer\settings.dat C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe C:\Program Files\Ultimate Fixer C:\Program Files\Ultimate Fixer\program.info C:\Program Files\Ultimate Fixer\ufixer.pkg C:\Program Files\Ultimate Fixer\UltimateFixer.db C:\Program Files\Ultimate Fixer\UltimateFixer.exe C:\Program Files\Ultimate Fixer\Uninstall.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\scchk32.exe C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) -------\NPF ((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 ))))))))))))))))))))))))))))))) 2007-07-24 21:37 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-07-24 16:29 <REP> d-------- C:\Program Files\DivX 2007-07-24 11:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-07-24 11:44 5,032 --a------ C:\WINDOWS\system32\tmp.reg 2007-07-24 11:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-07-24 11:43 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-07-24 11:21 14,241 --a------ C:\dnsbak.reg 2007-07-24 11:09 <REP> d-------- C:\Program Files\Google 2007-07-24 11:09 <REP> d-------- C:\DOCUME~1\CYRILD~1\APPLIC~1\Google 2007-07-24 10:57 <REP> d-------- C:\WINDOWS\system32\atbpfvnf 2007-07-23 21:41 <REP> d-------- C:\Program Files\RealVNC 2007-07-17 20:45 <REP> d-------- C:\Program Files\Alice 2007-07-09 21:07 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll 2007-07-09 21:07 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll 2007-07-07 15:13 4,096 --a------ C:\WINDOWS\d3dx.dat 2007-07-07 15:07 <REP> d-------- C:\Program Files\Project 3 Interactive 2007-07-05 22:37 <REP> d-------- C:\Program Files\ReflexiveArcade 2007-07-05 22:24 <REP> d-------- C:\Program Files\Managed DirectX (0901) 2007-07-05 22:21 <REP> d-------- C:\Photos 2007-06-30 15:23 <REP> d-------- C:\Program Files\Ascaron Entertainment (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-07-24 18:47:22 -------- d-----w C:\Program Files\eMule 2007-07-24 14:29:36 3,213 ----a-w C:\WINDOWS\mozver.dat 2007-07-24 09:38:26 1,046 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err 2007-07-23 20:33:43 76,574 ----a-w C:\WINDOWS\system32\perfc00C.dat 2007-07-23 20:33:43 470,278 ----a-w C:\WINDOWS\system32\perfh00C.dat 2007-07-23 11:59:29 2,560 ----a-w C:\WINDOWS\system32\BitCometRes.dll 2007-07-05 20:28:07 290,816 ------w C:\WINDOWS\Setup1.exe 2007-07-04 19:00:05 -------- d-----w C:\Program Files\BitComet 2007-06-30 10:50:59 -------- d--h--w C:\Program Files\InstallShield Installation Information 2007-06-30 10:50:55 -------- d-----w C:\Program Files\Atari 2007-06-07 15:56:30 -------- d-----w C:\Program Files\InfraRecorder 2007-06-07 15:53:09 -------- d-----w C:\Program Files\Messenger 2007-06-07 15:34:39 -------- d-----w C:\DOCUME~1\CYRILD~1\APPLIC~1\Vso 2007-06-06 17:06:13 -------- d-----w C:\DOCUME~1\CYRILD~1\APPLIC~1\Publish Providers 2007-06-06 13:37:51 -------- d-----w C:\Program Files\Navilog1 2007-06-06 12:14:09 -------- d-----w C:\DOCUME~1\CYRILD~1\APPLIC~1\Sony 2007-06-06 12:13:11 -------- d-----w C:\Program Files\Sony 2007-06-06 12:11:56 -------- d-----w C:\Program Files\Vstplugins 2007-06-06 12:08:35 -------- d-----w C:\Program Files\Sony Setup 2007-06-03 20:00:30 -------- d-----w C:\Program Files\ApprenezLesPremiersSecours 2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll 2007-05-08 16:23:21 0 ----a-w C:\WINDOWS\tmlpwin.exe 2007-05-06 11:43:51 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll 2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr 2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll 2006-11-25 18:35:24 81,920 ----a-w C:\DOCUME~1\CYRILD~1\APPLIC~1\ezpinst.exe 2006-11-25 18:35:24 47,360 ----a-w C:\DOCUME~1\CYRILD~1\APPLIC~1\pcouffin.sys 2005-07-14 20:31:20 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 23:32:28 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-22 06:37:42 45,568 --sha-r C:\WINDOWS\system32\cygz.dll ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{749BFA5F-D5BB-4932-9F46-4CFFAF8DF94C}] C:\WINDOWS\system32\pmkhf.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-29 08:49] "AGRSMMSG"="AGRSMMSG.exe" [2006-03-16 18:24 C:\WINDOWS\AGRSMMSG.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 18:28 C:\WINDOWS\RTHDCPL.exe] "Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 15:21] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-08 08:17] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-08 08:16] "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 01:12] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 18:15] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 16:00] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 17:39] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 19:08] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 23:12] "LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [2006-03-30 14:56] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 17:43] "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 20:00] "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 20:06] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 16:57] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-19 10:38] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 17:42] "DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-05-06 13:50] "jmrotsvu.exe"="C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe" [2007-06-06 15:20] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 06:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:55] C:\Documents and Settings\Cyril D'Halluin\Menu D‚marrer\Programmes\D‚marrage\ Y'z ToolBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe [2002-09-29 16:41:00] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 12:37:58] Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqqron] ssqqron.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winubg32] winubg32.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] R0 agpCPQ;Filtre de bus AGP Compaq;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x);C:\WINDOWS\system32\drivers\sfsync04.sys R0 sfvfs02;StarForce Protection VFS Driver (version 2.x);C:\WINDOWS\system32\drivers\sfvfs02.sys R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI;C:\WINDOWS\system32\DRIVERS\wmiacpi.sys R2 EpmPsd;Acer EPM Power Scheme Driver;\??\C:\WINDOWS\system32\drivers\epm-psd.sys R2 EpmShd;Acer EPM System Hardware Driver;\??\C:\WINDOWS\system32\drivers\epm-shd.sys R2 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe R2 int15;int15;\??\C:\WINDOWS\system32\drivers\int15.sys R2 s24trans;Transport RLAN;C:\WINDOWS\system32\DRIVERS\s24trans.sys R2 tvicport;tvicport;\??\C:\WINDOWS\system32\drivers\tvicport.sys R2 zntport;zntport;\??\C:\WINDOWS\system32\drivers\zntport.sys R3 DKbFltr;Dritek Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DKbFltr.sys R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys R3 LVPrcMon;Logitech LVPrcMon Driver;\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys R3 LVUSBSta;Logitech USB Monitor Filter;C:\WINDOWS\system32\drivers\lvusbsta.sys R3 NTIDrvr;Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys R3 pcouffin;VSO Software pcouffin;C:\WINDOWS\system32\Drivers\pcouffin.sys R3 psdfilter;psdfilter;\??\C:\WINDOWS\system32\Drivers\psdfilter.sys R3 psdvdisk;psdvdisk;\??\C:\WINDOWS\system32\Drivers\psdvdisk.sys R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver;C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys R3 usbehci;Pilote miniport de contr“leur d'h“te am‚lior‚ Microsoft USB 2.0;C:\WINDOWS\system32\DRIVERS\usbehci.sys R3 usbhub;Concentrateur USB2;C:\WINDOWS\system32\DRIVERS\usbhub.sys R3 usbuhci;Pilote miniport de contr“leur h“te universel USB Microsoft;C:\WINDOWS\system32\DRIVERS\usbuhci.sys R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver;C:\WINDOWS\system32\DRIVERS\w39n51.sys S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;\??\C:\WINDOWS\system32\eLock2BurnerLockDriver.sys S2 eLock2FSCTLDriver;eLock2FSCTLDriver;\??\C:\WINDOWS\system32\eLock2FSCTLDriver.sys S3 HidUsb;Pilote de classe HID Microsoft;C:\WINDOWS\system32\DRIVERS\hidusb.sys S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\system32\DRIVERS\HPZius12.sys S3 lac97inf;lac97inf;\??\C:\DOCUME~1\CYRILD~1\LOCALS~1\Temp\lac97inf.sys S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys S3 usbccgp;Pilote parent g‚n‚rique USB Microsoft;C:\WINDOWS\system32\DRIVERS\usbccgp.sys S3 usbprint;Classe d'imprimantes USB Microsoft;C:\WINDOWS\system32\DRIVERS\usbprint.sys S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS S3 vaxscsi;vaxscsi;C:\WINDOWS\system32\Drivers\vaxscsi.sys ************************************************************************** catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-24 21:52:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... C:\WINDOWS\system32\cmd.exe [6744] 0x86E49948 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Completion time: 2007-07-24 21:56:15 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-07-24 21:56 --- E O F --- Et voilà !
  8. Salut à tous, je viens de sortir mon PC d'une grosse infection alors je poste un rapport hijack pour voir s'il ne reste rien ! Logfile of HijackThis v1.99.1 Scan saved at 17:29:32, on 24/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Realtek\InstallShield\AzMixerSel.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE D:\Mes documents\Mes téléchargements\Scanner.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {08C134D3-087C-4139-A98C-3A078358DFDE} - C:\WINDOWS\system32\ssqqron.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {749BFA5F-D5BB-4932-9F46-4CFFAF8DF94C} - C:\WINDOWS\system32\pmkhf.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [jmrotsvu.exe] C:\Documents and Settings\All Users\Application Data\jmrotsvu.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: ssqqron - ssqqron.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winubg32 - winubg32.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing) Merci d'avance !
  9. Et voila le nouveau rapport Saturday, June 02, 2007 9:04:38 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 2/06/2007 Enregistrements dans la base antivirus Kaspersky : 315574 Paramètres d'analyse Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai Cible de l'analyse Poste de travail C:\ D:\ E:\ Statistiques de l'analyse Total d'objets analysés 63950 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 00:34:17 Nom de l'objet infecté Nom du virus Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Temp\~DFE9FB.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Cyril D'Halluin\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP229\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptddrv1.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_208.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_620.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\sqlite_aNhHQzO3C9MBZOV L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\_restore{82EF6D9A-EAAC-4F6A-8B24-1FBFBEB37E63}\RP229\change.log L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 - 10x16 - Bad Guys - vostfr.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate sg1 S10 EP20 VOSTFR\stargate.sg1.s10e20.hdtv.xvid-hv.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate sg1 S10 EP19 VOSTFR\stargate.sg-1.s10e19.hdtv.xvid-sfm.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate sg1 S10 EP18 VOSTFR\stargate.sg-1.s10e18.hdtv.xvid-sfm.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate sg1 S10 EP17 VOSTFR\stargate.sg-1.s10e17.hdtv.xvid-sfm.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 6 à 10)\Stargate SG-1 Saison 10 Episode 06 200 - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 6 à 10)\Stargate SG-1 Saison 10 Episode 06 200 - VF.srt.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 6 à 10)\Stargate SG-1 Saison 10 Episode 07 Counterstrike - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 6 à 10)\Stargate SG-1 Saison 10 Episode 08 Memento Mori - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 6 à 10)\Stargate SG-1 Saison 10 Episode 09 Company of thieves - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 6 à 10)\Stargate SG-1 Saison 10 Episode 10 The Quest Part 1 - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 11 à 15)\Stargate SG-1 Saison 10 Episode 11 The Quest Part 2 - VF - SFM.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 11 à 15)\Stargate SG-1 Saison 10 Episode 12 Line in the Sand - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 11 à 15)\Stargate SG-1 Saison 10 Episode 13 The Road Not Taken - VF - HDTV.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 11 à 15)\Stargate SG-1 Saison 10 Episode 14 The Shroud - VF - HDTV.avi.bc! L'objet est verrouillé ignoré D:\Downloads\Stargate SG-1 Saison 10 Vostfr (Episodes 11 à 15)\Stargate SG-1 Saison 10 Episode 15 Bounty - VF.avi.bc! L'objet est verrouillé ignoré D:\Downloads\(ES) Stargate.SG1.S10E01.FRENCH.PDTV.XViD\Stargate.SG-1.10x01.L'Oricy.DvbRip.Fr.avi.bc! L'objet est verrouillé ignoré Analyse terminée.
  10. Hello, Voilà le rapport cleannavi suivi du rapport AVG et du nouvel Hijack ! Clean Navipromo version 2.0.2 commencé le 02/06/2007 à 6:36:34,43 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** Creation backups fichiers trouvés par Blacklight *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Blacklight *** c:\WINDOWS\system32\fsomrb.dat supprimé ! C:\windows\system32\fsomrb.exe supprimé ! c:\WINDOWS\system32\fsomrb_nav.dat supprimé ! c:\WINDOWS\system32\fsomrb_navps.dat supprimé ! ** 2ème passage ** C:\WINDOWS\system32\fsomrb.exe absent ! C:\WINDOWS\system32\fsomrb.dat absent ! C:\WINDOWS\system32\fsomrb_nav.dat absent ! C:\WINDOWS\system32\fsomrb_navps.dat absent ! C:\WINDOWS\system32\fsomrb_navup.dat absent ! C:\WINDOWS\system32\fsomrb_navtmp.dat absent ! C:\WINDOWS\system32\fsomrb_m2s.xml absent ! C:\WINDOWS\prefetch\fsomrb*.pf trouvé ! Copie C:\WINDOWS\prefetch\fsomrb*.pf réalise avec succes ! C:\WINDOWS\prefetch\fsomrb*.pf supprimé ! *** Suppression dossiers dans C:\WINDOWS *** *** Suppression dossiers dans C:\Program Files *** C:\Program Files\Instant Access ...suppression... C:\Program Files\Instant Access supprimé ! *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans C:\Documents and Settings\Cyril D'Halluin\Application Data *** *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\tmlpcert2007 supprimé ! C:\WINDOWS\system32\linkprd.exe supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Cyril D'Halluin\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi*** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * ** *** **** ***** C:\WINDOWS\System32\pbvflrk_navtmp.dat trouvé ! Copie C:\WINDOWS\system32\pbvflrk_navtmp.dat réalise avec succes ! C:\WINDOWS\system32\pbvflrk_navtmp.dat supprimé ! ****** ******* C:\WINDOWS\System32\zjrgcy.exe trouvé ! Copie C:\WINDOWS\system32\zjrgcy.exe réalise avec succes ! C:\WINDOWS\system32\zjrgcy.exe supprimé ! ******** C:\WINDOWS\System32\utknbb.exe trouvé ! Copie C:\WINDOWS\system32\utknbb.exe réalise avec succes ! C:\WINDOWS\system32\utknbb.exe supprimé ! C:\WINDOWS\System32\wceifxger.exe trouvé ! Copie C:\WINDOWS\system32\wceifxger.exe réalise avec succes ! C:\WINDOWS\system32\wceifxger.exe supprimé ! 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! *** Nettoyage termine le 02/06/2007 à 6:40:18,87 *** --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 06:33:44 02/06/2007 + Résultat de l'analyse: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). HKU\S-1-5-21-1746996803-2816227411-2503537991-1006\Software\egdhtml -> Dialer.Generic : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.153:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Cyril D'Halluin\Cookies\cyril_d'halluin@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.117:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.118:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\Cyril D'Halluin\Cookies\cyril_d'halluin@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.75:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.76:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Cyril D'Halluin\Cookies\cyril_d'halluin@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.42:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.43:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.44:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.46:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.187:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.20:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Cyril D'Halluin\Cookies\cyril_d'halluin@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.45:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.31:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.125:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.145:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.146:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.22:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.91:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.68:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.69:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.70:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Cyril D'Halluin\Cookies\cyril_d'[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.126:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.127:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.128:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.129:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.130:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.131:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.53:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.25:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.26:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.27:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Cyril D'Halluin\Cookies\cyril_d'halluin@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.121:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.122:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.123:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.124:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.37:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.38:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.39:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.40:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.41:C:\Documents and Settings\Cyril D'Halluin\Application Data\Mozilla\Firefox\Profiles\b1043z5l.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 06:46:28, on 02/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\fxssvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\explorer.exe C:\WINDOWS\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Mes documents\Mes téléchargements\Scanner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6852F72F-BFED-4D81-ADBE-EAB5E051E889}: NameServer = 86.64.145.143 84.103.237.143 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  11. Et voilà le rapport : Search Navipromo version 2.0.2 commencé le 01/06/2007 à 13:51:39,09 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** Instant Access *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** C:\Program Files\Instant Access trouvé ! *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Cyril D'Halluin\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : c:\WINDOWS\system32\fsomrb.dat C:\windows\system32\fsomrb.exe c:\WINDOWS\system32\fsomrb_nav.dat c:\WINDOWS\system32\fsomrb_navps.dat Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\fsomrb.exe *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\tmlpcert2007 trouvé ! C:\WINDOWS\system32\linkprd.exe trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-1746996803-2816227411-2503537991-1006\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\fsomrb.dat trouvé ! ** C:\WINDOWS\system32\fsomrb.dat trouvé ! *** **** C:\WINDOWS\system32\fsomrb_navps.dat trouvé ! ***** C:\WINDOWS\system32\pbvflrk_navtmp.dat trouvé ! ****** ******* C:\WINDOWS\system32\zjrgcy.exe trouvé ! ******** C:\WINDOWS\system32\linkprd.exe trouvé ! C:\WINDOWS\system32\utknbb.exe trouvé ! C:\WINDOWS\system32\wceifxger.exe trouvé ! C:\WINDOWS\system32\zjrgcy.exe trouvé ! *** Analyse Terminé le 01/06/2007 à 14:00:18,04 ***
  12. Salut à tous. Depuis quelque jours j'ai sans cesse des pubs crazy girl, winantispyware, spydoctor... qui s'affichent et laissent une icône sur mon bureau et je voudrait y remédier. Je joins donc un rapport Hijack et un rapport Blacklight. Logfile of HijackThis v1.99.1 Scan saved at 13:12:15, on 01/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Realtek\InstallShield\AzMixerSel.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePresentation\ePresentation.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\Program Files\Acer\OrbiCam\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe C:\Program Files\BitComet\BitComet.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Mes documents\fsbl.exe D:\Mes documents\Mes téléchargements\Scanner.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\linkprd.exe /res O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4..._1071_em_XP.cab O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4..._1069_em_XP.cab O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6852F72F-BFED-4D81-ADBE-EAB5E051E889}: NameServer = 86.64.145.141 84.103.237.141 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe 06/01/07 13:11:48 [info]: BlackLight Engine 1.0.61 initialized 06/01/07 13:11:48 [info]: OS: 5.1 build 2600 (Service Pack 2) 06/01/07 13:11:50 [Note]: 7019 4 06/01/07 13:11:50 [Note]: 7005 0 06/01/07 13:12:53 [Note]: 7006 0 06/01/07 13:12:53 [Note]: 7011 224 06/01/07 13:12:53 [Note]: 7026 0 06/01/07 13:12:53 [Note]: 7026 0 06/01/07 13:12:53 [Note]: 7024 3 06/01/07 13:12:53 [info]: Hidden process: C:\windows\system32\fsomrb.exe 06/01/07 13:13:00 [Note]: FSRAW library version 1.7.1021 06/01/07 13:19:40 [info]: Hidden file: c:\WINDOWS\system32\fsomrb.dat 06/01/07 13:19:40 [Note]: 10002 1 06/01/07 13:19:41 [info]: Hidden file: C:\windows\system32\fsomrb.exe 06/01/07 13:19:41 [Note]: 10002 1 06/01/07 13:19:41 [info]: Hidden file: c:\WINDOWS\system32\fsomrb_nav.dat 06/01/07 13:19:41 [Note]: 10002 1 06/01/07 13:19:41 [info]: Hidden file: c:\WINDOWS\system32\fsomrb_navps.dat 06/01/07 13:19:41 [Note]: 10002 1 Voilà, merci d'avance !
  13. Ca y est c'est fait ! Voilà le rapport Vundo suivit du nouvel Hijack ! VundoFix V6.3.15 Checking Java version... Scan started at 18:10:47 12/03/2007 Listing files found while scanning.... C:\WINDOWS\system32\ainndena.dll C:\WINDOWS\system32\aqplgsuk.dll C:\WINDOWS\system32\arkjndch.exe C:\WINDOWS\system32\awvtr.dll C:\WINDOWS\system32\bmahpovc.dll C:\WINDOWS\system32\bowwxsaf.exe C:\WINDOWS\system32\bplswiqn.exe C:\WINDOWS\system32\bsxslemo.dll C:\WINDOWS\system32\bwycwtxu.exe C:\WINDOWS\system32\cgmsabml.dll C:\WINDOWS\system32\chrykhko.dll C:\WINDOWS\system32\chxgsqgf.exe C:\WINDOWS\system32\dcjujsmj.dll C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\system32\elfdxchy.exe C:\WINDOWS\system32\fagsecfl.exe C:\WINDOWS\system32\frrcwqef.dll C:\WINDOWS\system32\fxeowwij.dll C:\WINDOWS\system32\gftceuea.dll C:\WINDOWS\system32\gpbfpsrx.exe C:\WINDOWS\system32\hyvkbart.exe C:\WINDOWS\system32\isgaclwo.dll C:\WINDOWS\system32\jiswuvgh.dll C:\WINDOWS\system32\jtofedke.dll C:\WINDOWS\system32\kljxwjmb.exe C:\WINDOWS\system32\knivaboh.exe C:\WINDOWS\system32\krasvqno.exe C:\WINDOWS\system32\kschwbky.dll C:\WINDOWS\system32\larlhghh.dll C:\WINDOWS\system32\llquondo.dll C:\WINDOWS\system32\mxsfssbp.dll C:\WINDOWS\system32\njwghype.dll C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\nqstv.ini2 C:\WINDOWS\system32\nqstv.tmp C:\WINDOWS\system32\oasqidpg.dll C:\WINDOWS\system32\opmlkpro.exe C:\WINDOWS\system32\pmkhg.dll C:\WINDOWS\system32\psldbdwl.exe C:\WINDOWS\system32\pugwjggw.exe C:\WINDOWS\system32\pylrobyu.dll C:\WINDOWS\system32\qhwugesv.dll C:\WINDOWS\system32\qlwamptt.dll C:\WINDOWS\system32\qmjjower.dll C:\WINDOWS\system32\qoijtura.exe C:\WINDOWS\system32\quuxtqtf.dll C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\tjhebgtg.dll C:\WINDOWS\system32\umfgnhnw.dll C:\WINDOWS\system32\unlpvmlh.exe C:\WINDOWS\system32\uosovwrc.dll C:\WINDOWS\system32\vtsqn.dll C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vvbatvgr.exe C:\WINDOWS\system32\wgwyhiif.dll C:\WINDOWS\system32\whbcfxxc.dll C:\WINDOWS\system32\yeumslmo.dll C:\WINDOWS\system32\yormmwls.exe Beginning removal... Attempting to delete C:\WINDOWS\system32\ainndena.dll C:\WINDOWS\system32\ainndena.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\aqplgsuk.dll C:\WINDOWS\system32\aqplgsuk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\arkjndch.exe C:\WINDOWS\system32\arkjndch.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\awvtr.dll C:\WINDOWS\system32\awvtr.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bmahpovc.dll C:\WINDOWS\system32\bmahpovc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\bowwxsaf.exe C:\WINDOWS\system32\bowwxsaf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bplswiqn.exe C:\WINDOWS\system32\bplswiqn.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\bwycwtxu.exe C:\WINDOWS\system32\bwycwtxu.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\cgmsabml.dll C:\WINDOWS\system32\cgmsabml.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\chrykhko.dll C:\WINDOWS\system32\chrykhko.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\chxgsqgf.exe C:\WINDOWS\system32\chxgsqgf.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\dcjujsmj.dll C:\WINDOWS\system32\dcjujsmj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\ddayw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddccy.dll C:\WINDOWS\system32\ddccy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\elfdxchy.exe C:\WINDOWS\system32\elfdxchy.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\fagsecfl.exe C:\WINDOWS\system32\fagsecfl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\frrcwqef.dll C:\WINDOWS\system32\frrcwqef.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fxeowwij.dll C:\WINDOWS\system32\fxeowwij.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gftceuea.dll C:\WINDOWS\system32\gftceuea.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\gpbfpsrx.exe C:\WINDOWS\system32\gpbfpsrx.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\hyvkbart.exe C:\WINDOWS\system32\hyvkbart.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\isgaclwo.dll C:\WINDOWS\system32\isgaclwo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jiswuvgh.dll C:\WINDOWS\system32\jiswuvgh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jtofedke.dll C:\WINDOWS\system32\jtofedke.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\kljxwjmb.exe C:\WINDOWS\system32\kljxwjmb.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\knivaboh.exe C:\WINDOWS\system32\knivaboh.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\krasvqno.exe C:\WINDOWS\system32\krasvqno.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\kschwbky.dll C:\WINDOWS\system32\kschwbky.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\larlhghh.dll C:\WINDOWS\system32\larlhghh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mxsfssbp.dll C:\WINDOWS\system32\mxsfssbp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\njwghype.dll C:\WINDOWS\system32\njwghype.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.bak1 C:\WINDOWS\system32\nqstv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.bak2 C:\WINDOWS\system32\nqstv.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.ini C:\WINDOWS\system32\nqstv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.ini2 C:\WINDOWS\system32\nqstv.ini2 Has been deleted! Attempting to delete C:\WINDOWS\system32\nqstv.tmp C:\WINDOWS\system32\nqstv.tmp Has been deleted! Attempting to delete C:\WINDOWS\system32\oasqidpg.dll C:\WINDOWS\system32\oasqidpg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\opmlkpro.exe C:\WINDOWS\system32\opmlkpro.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pmkhg.dll C:\WINDOWS\system32\pmkhg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\psldbdwl.exe C:\WINDOWS\system32\psldbdwl.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pugwjggw.exe C:\WINDOWS\system32\pugwjggw.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\pylrobyu.dll C:\WINDOWS\system32\pylrobyu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qhwugesv.dll C:\WINDOWS\system32\qhwugesv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qmjjower.dll C:\WINDOWS\system32\qmjjower.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qoijtura.exe C:\WINDOWS\system32\qoijtura.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\quuxtqtf.dll C:\WINDOWS\system32\quuxtqtf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqrp.dll C:\WINDOWS\system32\ssqrp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tjhebgtg.dll C:\WINDOWS\system32\tjhebgtg.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\umfgnhnw.dll C:\WINDOWS\system32\umfgnhnw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\unlpvmlh.exe C:\WINDOWS\system32\unlpvmlh.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\uosovwrc.dll C:\WINDOWS\system32\uosovwrc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqn.dll C:\WINDOWS\system32\vtsqn.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtsqo.dll C:\WINDOWS\system32\vtsqo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vvbatvgr.exe C:\WINDOWS\system32\vvbatvgr.exe Has been deleted! Attempting to delete C:\WINDOWS\system32\wgwyhiif.dll C:\WINDOWS\system32\wgwyhiif.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\whbcfxxc.dll C:\WINDOWS\system32\whbcfxxc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yeumslmo.dll C:\WINDOWS\system32\yeumslmo.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\yormmwls.exe C:\WINDOWS\system32\yormmwls.exe Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 18:37:37, on 12/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\msiexec.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\eMule\emule.exe C:\Program Files\BitComet\BitComet.exe C:\Documents and Settings\Propriétaire\Bureau\Scanner.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {018857DA-2A08-47D2-9FAA-468AA24F08A2} - C:\WINDOWS\system32\vtsqn.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0EE959E0-8EC4-427B-A758-BD92BD870DD0} - C:\WINDOWS\system32\fclfypsd.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\cbaojdje.dll",setvm O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{118E2270-8D58-413F-B146-79504B0EC152}: NameServer = 86.64.145.146 84.103.237.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{118E2270-8D58-413F-B146-79504B0EC152}: NameServer = 86.64.145.146 84.103.237.146 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  14. Salut à tous ! Quand j'allume mon PC, j'ai à chaque fois 3 ou 4 messages d'avast m'indiquant que j'ai des malwares, des virus et des vers. Je les supprime à chaque fois mais ils reviennent avec un nouveau nom. Je poste donc une rapport hijack, si quelqu'un pourrait l'analyser ça serait sympa ! Logfile of HijackThis v1.99.1 Scan saved at 13:40:04, on 12/03/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\eMule\emule.exe C:\Documents and Settings\Propriétaire\Bureau\Scanner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr9.hpwis.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {018857DA-2A08-47D2-9FAA-468AA24F08A2} - C:\WINDOWS\system32\vtsqn.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0EE959E0-8EC4-427B-A758-BD92BD870DD0} - C:\WINDOWS\system32\fclfypsd.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {D38439EC-4A7F-42b4-90C2-D810D7778FDD} - C:\WINDOWS\system32\yeumslmo.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\cbaojdje.dll",setvm O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: LG SyncManager.lnk = C:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exe O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{118E2270-8D58-413F-B146-79504B0EC152}: NameServer = 84.103.237.146 86.64.145.146 O17 - HKLM\System\CS1\Services\Tcpip\..\{118E2270-8D58-413F-B146-79504B0EC152}: NameServer = 84.103.237.146 86.64.145.146 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: vtsqn - C:\WINDOWS\system32\vtsqn.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Merci d'avance.
×
×
  • Créer...