Aller au contenu

KS_Croc

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    109

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par KS_Croc

  1. KS_Croc
    Bonjour, Depuis quelques temps, à chaque boot de mon PC, Antivir m'indique que j'ai un trojan dans C:\Windows\Temp\startdrv.exe. Je le supprime à chaque fois, mais il revient... De plus, mon ordinateur a tendance à être lent en ce moment, c'est peut-être lié, mais peut-être pas. Du coup, j'aimerais faire appel à vos lumières! ^__^ J'ai suivi la procédure décrite et vous trouverez ci-dessous mon rapport HijackThis. Merci de m'indiquer s'il y a un problème, ou comment retirer définitivement le fichier startdrv.exe. __________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 17:13:50, on 15/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\tools\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\tools\EVEREST Ultimate Edition\everest.exe C:\Program Files\Apoint2K\Apntex.exe C:\tools\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\tools\DesktopEarth\DesktopEarth.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\tools\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\tools\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [EVEREST AutoStart] C:\tools\EVEREST Ultimate Edition\everest.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\tools\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\tools\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0....0/Installer.exe O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://www.driveragent.com/files/driveragent.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\tools\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\tools\SiSoftware Sandra Lite XII\RpcSandraSrv.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  2. KS_Croc
    Petit update avec le rapport F-Secure BlackLight: 08/21/06 18:55:12 [info]: BlackLight Engine 1.0.46 initialized 08/21/06 18:55:12 [info]: OS: 5.1 build 2600 (Service Pack 2) 08/21/06 18:55:12 [Note]: 7019 4 08/21/06 18:55:12 [Note]: 7005 0 08/21/06 18:55:16 [Note]: 7006 0 08/21/06 18:55:16 [Note]: 7011 1976 08/21/06 18:55:16 [Note]: 7026 0 08/21/06 18:55:16 [Note]: 7026 0 08/21/06 18:55:26 [Note]: FSRAW library version 1.7.1019 08/21/06 18:59:06 [Note]: 7007 0
  3. KS_Croc
    Bonjour, depuis quelques temps mon Internet est vraiment très lent (peu importe l'usage: mail, vidéo, echanges de fichiers...). Alors, plutôt que de taper tout de suite sur mon FAI (Club-internet et sa prioritisation des usages), je me pose des questions... Serait-il possible qu'un malware (mal intentionné par essence) se soit infiltré malgré mon combat acharné contre ce type d'intrusion? Est-ce qu'une massue peut régler le problème? Que se racontent 2 malwares quand ils se rencontrent? Beaucoup de questions qui m'empêchent actuellement de profiter d'un sommeil paisible et qui risquent à terme d'agrandir encore un peu le légendaire "trou d'la Sécu" de part le fait d'une utilisation de produits médicamenteux jugés efficaces dans la recherche du fameux repos du guerrier... En conséquence de quoi je peux affirmer haut et fort qu'un jour, vos petits enfants vous remercieront de m'avoir aidé! En vous remerciant par avance... ^__^ _______________________________________________________ En mode "sans echec": AdAware: Rien Spybot: Rien AntiVir: Rien Je ne peux pas réinstaller "ewido" (30 jours dépassés) _______________________________________________________ Et voici mon Log HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 15:14:20, on 21/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Apoint2K\Apntex.exe C:\tools\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\tools\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\WTablet\TabUserW.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\Tablet.exe C:\tools\DesktopEarth\DesktopEarth.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\tools\SYSTRAN\5.0\IEPlugIn.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\tools\SYSTRAN\5.0\RegistryController.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\tools\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\tools\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\tools\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Open and Translate in Word - res://C:\tools\SYSTRAN\5.0\IEShellExt.dll /10 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0....0/Installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D6DBC4-88AB-45FA-BED8-2398C56C91FD}: NameServer = 192.168.1.1,194.117.200.10 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\tools\SiSoftware Sandra\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\tools\SiSoftware Sandra\RpcSandraSrv.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
  4. KS_Croc
    Ca semble être règlé, merci! ^__^ Voici tout de même les rapport, si quelqu'un pouvait juste checker... Merci d'avance! --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 10:58:53 12/07/2006 + Scan result: Nothing found. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 11:06:38, on 12/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe C:\tools\iTunes\iTunesHelper.exe C:\tools\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\TPSBattM.exe C:\tools\ewido anti-spyware 4.0\ewido.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\tools\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\tools\ewido anti-spyware 4.0\guard.exe C:\tools\DesktopEarth\DesktopEarth.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\TPSMain.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Documents and Settings\Nico\Bureau\securite\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\tools\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\tools\SYSTRAN\5.0\IEPlugIn.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\tools\SYSTRAN\5.0\RegistryController.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\tools\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\tools\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "C:\tools\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\tools\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\tools\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Open and Translate in Word - res://C:\tools\SYSTRAN\5.0\IEShellExt.dll /10 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\tools\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\tools\SiSoftware Sandra\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\tools\SiSoftware Sandra\RpcSandraSrv.exe
  5. KS_Croc
    ______ RESOLU ______ Hello! Des pop-ups sont générées sur mon laptop dès que je navigue sur Internet... J'ai suivi les procédures, mais le problème à l'air de rester... Help! ^__^ Hijack This Logfile of HijackThis v1.99.1 Scan saved at 19:08:34, on 11/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe C:\Program Files\TOSHIBA\TouchPad\TPTray.exe C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe C:\WINDOWS\system32\ZoomingHook.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\soft\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\tools\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\tools\ewido anti-spyware 4.0\ewido.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\tools\ewido anti-spyware 4.0\guard.exe C:\tools\DesktopEarth\DesktopEarth.exe C:\Program Files\iPod\bin\iPodService.exe C:\soft\eMule\emule.exe C:\tools\Winamp\winamp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Nico\Bureau\securite\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\soft\Adobe\Acrobat 7.0 \ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\tools\SYSTRAN\5.0 \IEPlugIn.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [WinampAgent] C:\tools\Winamp\winampa.exe O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\tools\SYSTRAN\5.0\RegistryController.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\soft\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\tools\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\tools\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "C:\tools\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 - reboot 1 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: DesktopEarth AutoStart.lnk = ? O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0 \Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\soft\Adobe\Acrobat 7.0 \Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Open and Translate in Word - res://C:\tools\SYSTRAN\5.0\IEShellExt.dll /10 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0 \bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11 \REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://file.nx.com/activex/public_new/nxpm.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\tools\ewido anti-spyware 4.0 \guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\tools\SiSoftware Sandra\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\tools\SiSoftware Sandra\RpcSandraSrv.exe F-Secure Blacklight 07/11/06 18:58:21 [info]: BlackLight Engine 1.0.42 initialized 07/11/06 18:58:21 [info]: OS: 5.1 build 2600 (Service Pack 2) 07/11/06 18:58:29 [Note]: 7019 4 07/11/06 18:58:29 [Note]: 7005 0 07/11/06 18:58:34 [Note]: 7006 0 07/11/06 18:58:34 [Note]: 7011 1908 07/11/06 18:58:35 [Note]: 7026 0 07/11/06 18:58:35 [Note]: 7026 0 07/11/06 18:58:35 [Note]: 7024 3 07/11/06 18:58:35 [info]: Hidden process: C:\windows\system32\iqasgplnue.exe 07/11/06 18:58:36 [Note]: FSRAW library version 1.7.1019 07/11/06 19:01:58 [Note]: 4013 54617 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54617 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54653 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54653 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54648 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54648 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54534 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:01:58 [Note]: 4013 54534 07/11/06 19:01:58 [Note]: 4020 59131 196608 07/11/06 19:01:58 [Note]: 4018 59131 196608 07/11/06 19:02:46 [info]: Hidden file: c:\WINDOWS\system32\iqasgplnue_nav.dat 07/11/06 19:02:46 [Note]: 10002 1 07/11/06 19:02:47 [info]: Hidden file: c:\WINDOWS\system32\iqasgplnue.dat 07/11/06 19:02:47 [Note]: 10002 1 07/11/06 19:02:47 [info]: Hidden file: C:\windows\system32\iqasgplnue.exe 07/11/06 19:02:47 [Note]: 10002 1 07/11/06 19:02:47 [info]: Hidden file: c:\WINDOWS\system32\iqasgplnue_navps.dat 07/11/06 19:02:47 [Note]: 10002 1 07/11/06 19:05:09 [Note]: 7007 0 Chercher.zip C:\WINDOWS\System32\wpa.dbl -->11/07/2006 13:15:10 C:\WINDOWS\System32\avsda.dll -->10/07/2006 20:11:02 C:\WINDOWS\System32\CONFIG.NT -->10/07/2006 19:58:35 C:\WINDOWS\System32\nvs2.inf -->26/06/2006 21:39:57 C:\WINDOWS\System32\nscompat.tlb -->24/06/2006 21:37:02 C:\WINDOWS\System32\amcompat.tlb -->24/06/2006 21:37:02 C:\WINDOWS\System32\FNTCACHE.DAT -->19/06/2006 22:11:09 C:\WINDOWS\System32\MRT.exe -->09/06/2006 03:19:50 C:\WINDOWS\System32\d3d9caps.dat -->05/06/2006 16:58:43 C:\WINDOWS\System32\rmoc3260.dll -->04/06/2006 21:56:25 C:\WINDOWS\System32\pndx5032.dll -->04/06/2006 21:56:16 C:\WINDOWS\System32\pndx5016.dll -->04/06/2006 21:56:16 C:\WINDOWS\System32\pncrt.dll -->04/06/2006 21:56:14 C:\WINDOWS\System32\jgpl400.dll -->01/06/2006 20:48:44 C:\WINDOWS\System32\jgdw400.dll -->01/06/2006 20:48:44 C:\WINDOWS\winamp.ini -->11/07/2006 18:06:21 C:\WINDOWS\WindowsUpdate.log -->11/07/2006 13:21:02 C:\WINDOWS\0.log -->11/07/2006 13:14:35 C:\WINDOWS\ntbtlog.txt -->11/07/2006 12:41:45 C:\WINDOWS\SchedLgU.Txt -->11/07/2006 10:35:22 C:\WINDOWS\QTFont.qfn -->04/07/2006 03:08:18 C:\WINDOWS\HARRAPF.INI -->03/07/2006 16:02:27 C:\WINDOWS\win.ini -->03/07/2006 12:08:31 C:\WINDOWS\mozver.dat -->29/06/2006 09:21:51 C:\WINDOWS\QTFont.for -->28/06/2006 00:05:27 C:\WINDOWS\pack.epk -->26/06/2006 21:39:35 C:\WINDOWS\wininit.ini -->26/06/2006 20:50:49 C:\WINDOWS\nsreg.dat -->26/06/2006 20:12:32 C:\WINDOWS\WMSysPr9.prx -->24/06/2006 21:33:29 C:\WINDOWS\nmconew.dll -->22/06/2006 00:04:42 Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 08A3-0448 R‚pertoire de C:\Program Files 10/07/2006 20:07 <REP> . 10/07/2006 20:07 <REP> .. 02/06/2006 16:15 <REP> Adobe 10/07/2006 20:12 <REP> AntiVir PersonalEdition Classic 17/03/2005 11:39 <REP> Apoint2K 17/03/2005 12:02 <REP> Atheros 26/09/2005 19:22 <REP> ATI Technologies 17/03/2005 09:18 <REP> ComPlus Applications 26/09/2005 21:28 <REP> directx 04/06/2006 21:56 <REP> Fichiers communs 20/06/2006 10:41 <REP> Google 10/03/2006 15:27 <REP> Intel 14/06/2006 09:03 <REP> Internet Explorer 23/03/2005 11:35 <REP> InterVideo 24/05/2006 00:13 <REP> iPod 17/03/2005 09:30 <REP> Java 21/04/2006 23:53 <REP> Ligos 17/03/2005 11:56 <REP> ltmoh 28/02/2006 23:40 <REP> Messenger 26/09/2005 19:29 <REP> microsoft frontpage 17/03/2006 01:19 <REP> Microsoft Office 26/09/2005 19:34 <REP> Microsoft Visual Studio 30/03/2005 09:25 <REP> Microsoft Works 18/03/2005 10:58 <REP> Microsoft.NET 17/03/2005 09:19 <REP> Movie Maker 10/07/2006 22:30 <REP> Mozilla Firefox 10/07/2006 16:36 <REP> Mozilla Thunderbird 17/03/2005 09:17 <REP> MSN 17/03/2005 09:17 <REP> MSN Gaming Zone 03/04/2006 23:40 <REP> MSN Messenger 17/03/2005 09:19 <REP> NetMeeting 27/06/2006 11:58 <REP> Nexon 17/03/2005 09:18 <REP> Online Services 13/04/2006 03:00 <REP> Outlook Express 22/04/2006 13:37 <REP> Player Metaboli 26/09/2005 22:51 <REP> QuickTime 17/03/2005 09:19 <REP> Services en ligne 17/03/2005 13:52 <REP> Sonic 28/02/2006 22:31 <REP> Symantec 08/04/2006 20:25 <REP> SYSTRAN 30/03/2005 09:22 <REP> TOSHIBA 26/06/2006 22:55 <REP> Web Media Player 26/09/2005 21:28 <REP> Windows Media Components 24/06/2006 21:34 <REP> Windows Media Player 17/03/2005 09:17 <REP> Windows NT 17/03/2005 09:21 <REP> xerox 28/02/2006 23:58 <REP> Yahoo! 0 fichier(s) 0 octets 47 R‚p(s) 14ÿ244ÿ708ÿ352 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 08A3-0448 R‚pertoire de C:\Program Files\fichiers communs 04/06/2006 21:56 <REP> . 04/06/2006 21:56 <REP> .. 02/06/2006 16:12 <REP> Adobe 08/04/2006 20:48 <REP> Adobe Systems Shared 09/03/2006 02:12 <REP> Designer 17/03/2005 12:15 <REP> InstallShield 17/03/2005 09:30 <REP> Java 03/06/2006 10:59 <REP> Macromedia 03/04/2006 00:54 <REP> Microsoft Shared 17/03/2005 09:19 <REP> MSSoap 17/03/2005 10:13 <REP> ODBC 04/06/2006 21:56 <REP> Real 17/03/2005 09:19 <REP> Services 17/03/2005 10:13 <REP> SpeechEngines 28/02/2006 22:33 <REP> Symantec Shared 13/04/2006 03:00 <REP> System 15/04/2006 19:33 <REP> Totem Shared 26/09/2005 21:28 <REP> Vbox 04/06/2006 21:56 <REP> xing shared 0 fichier(s) 0 octets 19 R‚p(s) 14ÿ244ÿ704ÿ256 octets libres Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 08A3-0448 R‚pertoire de C:\ c:\Documents and Settings\All Users\Application Data\Exetender\Setup.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D- F79CD06EDD85}\ARPPRODUCTICON.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B} \ARPPRODUCTICON.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{C45F4811-31D5-4786-801D-F79CD06EDD85} \ARPPRODUCTICON.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4} \_6FEFF9B68218417F98F549.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4} \_C1A9BF9D98647632ED5172.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4} \_CE4FFA1DD37E7C505AED29.exe c:\Documents and Settings\Nico\Bureau\DivXPlay.exe c:\Documents and Settings\Nico\Bureau\klcodec272f.exe c:\Documents and Settings\Nico\Bureau\chercher\LFiles.exe c:\Documents and Settings\Nico\Bureau\clean\pskill.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\emulateurs\Snes\zsnesw.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\gba\VisualBoyAdvance.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\poker\e-book\ebook and reader 50pgs, complete texas holdem poker strategy.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\poker\Texas Holdem Calculatem 4.21 + Keygen\Keygen.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\poker\Texas Holdem Calculatem 4.21 + Keygen\TexasCalcSetup.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\poker\Texas Holdem Calculatem 4.21 + Keygen\Party Poker + Bonus Codes\LicenceWM.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\poker\Texas Holdem Calculatem 4.21 + Keygen\Party Poker + Bonus Codes\pPokerSetup.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\aawsepersonal.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\ccsetup127.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\DivXPlay.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\eMule0.47a-Installer.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\FileZilla_2_2_18_setup.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\googletalk-setup.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\indeo511.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\Install_MSN_Messenger.EXE c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\msgr7fr.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\setupfre.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\SkypeSetup.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\spybotsd14.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\wrar351fr.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\soft\old\xanadusetup.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\travaux\Copie de souldesign\download\fichier\cutkiller.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\travaux\Copie de souldesign\download\fichier\renmultifiles.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\travaux\Copie de souldesign\download\fichier\zplay290.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\travaux\souldesign\download\fichier\cutkiller.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\travaux\souldesign\download\fichier\renmultifiles.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\travaux\souldesign\download\fichier\zplay290.exe c:\Documents and Settings\Nico\Bureau\repertoires\divers\ziq\Sinclair\Sinclair - Que Justice Soit Faite\Damn_NFO_Viewer 2.0.1 (beta-2)\DAMN_NFO_Viewer_v201b2.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\backup\marketing\nespresso\documents\NESPRESSO.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\backup\Numero de serie pour nstallation individuel des logiciels\Serie Version-Cue-Seul.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\backup\_old\Lingerie\old\images\Aubade\le tout aubade collection complete\aubade_screen saver 2001.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\backup\_old\marketing\nespresso\documents\NESPRESSO.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\mind manager\mm2002dictionaries-171.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\mind manager\mm2002ent-f-171.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\mind manager\mm2002highressymbols-171.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\mind manager\mm2002sdk-171.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\mind manager\Viewer MindManager (mmv2002-e-243).exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\sp\convert.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\sp\mspinstl.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\sp\strip.exe c:\Documents and Settings\Nico\Bureau\repertoires\temp\WOW\world_of_warcraft_patch_v1.10_francais_19469.exe c:\Documents and Settings\Nico\Bureau\repertoires\travaux\cdYW\Office\daemon403-x86.exe c:\Documents and Settings\Nico\Bureau\repertoires\travaux\cdYW\Office\wrar351fr.exe c:\Documents and Settings\Nico\Bureau\securite\aawsepersonal.exe c:\Documents and Settings\Nico\Bureau\securite\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\Nico\Bureau\securite\blbeta.exe c:\Documents and Settings\Nico\Bureau\securite\cwshredder.exe c:\Documents and Settings\Nico\Bureau\securite\ewido-setup_4.0.0.172a.exe c:\Documents and Settings\Nico\Bureau\securite\HijackThis.exe c:\Documents and Settings\Nico\Mes documents\_soft\acehtml5pro.exe c:\Documents and Settings\Nico\Mes documents\_soft\AdbeRdr70_fra_full.exe c:\Documents and Settings\Nico\Mes documents\_soft\BitComet_0.70_setup.exe c:\Documents and Settings\Nico\Mes documents\_soft\directx_9c_redist.exe c:\Documents and Settings\Nico\Mes documents\_soft\DivXPlay.exe c:\Documents and Settings\Nico\Mes documents\_soft\FirefoxGoogleToolbarSetup.exe c:\Documents and Settings\Nico\Mes documents\_soft\GoogleEarthWin.exe c:\Documents and Settings\Nico\Mes documents\_soft\HijackThis.exe c:\Documents and Settings\Nico\Mes documents\_soft\MaxTVsetup.exe c:\Documents and Settings\Nico\Mes documents\_soft\QuickTimeInstaller.exe c:\Documents and Settings\Nico\Mes documents\_soft\renmultifiles.exe c:\Documents and Settings\Nico\Mes documents\_soft\setup.exe c:\Documents and Settings\Nico\Mes documents\_soft\Thunderbird Setup 1.5.0.4.exe c:\Documents and Settings\Nico\Mes documents\_soft\Visual_Basic_6.0_-VB6-_runtime_SP5.exe c:\Documents and Settings\Nico\Mes documents\_soft\winamp51_full.exe c:\Documents and Settings\Nico\Mes documents\_soft\wrar342fr.exe c:\Documents and Settings\Nico\Mes documents\_soft\zp451std.exe c:\Documents and Settings\Nico\Temp\Disk0\cnmunins.exe c:\Documents and Settings\Nico\Temp\Disk0\cnmvsa.exe c:\Documents and Settings\Nico\Temp\Disk0\setup.exe Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler
  6. KS_Croc
    [réglé...]
  7. KS_Croc
    Merci beaucoup, je crois que c'est reglé... J'envoie les résultats tout de même... ^__^ Sunday, July 09, 2006 12:13:20 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 9/07/2006 Kaspersky Anti-Virus database records: 193575 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ F:\ G:\ P:\ Scan Statistics Total number of scanned objects 122209 Number of viruses found 0 Number of infected objects 0 / 0 Number of suspicious objects 0 Duration of the scan process 01:01:54 Infected Object Name Virus Name Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Nico\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Nico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Nico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Nico\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Nico\Local Settings\Historique\History.IE5\MSHist012006070920060710\index.dat Object is locked skipped C:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Nico\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Nico\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{7CF534B2-5FA3-43F7-951A-43A5CCA55FB3}\RP1773\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 02:11:27 09/07/2006 + Scan result: C:\Kit Tiscali\Elements_Kit\PC1\Dialer Tiscali\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. C:\Kit Tiscali\Elements_Kit\PC\Dialer\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. C:\Kit Tiscali\Programs\InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. C:\Kit Tiscali\Tiscali.exe/Kit Tiscali/Elements_Kit/PC/Dialer/InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. C:\Kit Tiscali\Tiscali.exe/Kit Tiscali/Elements_Kit/PC1/Dialer Tiscali/InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. C:\Kit Tiscali\Tiscali.exe/Kit Tiscali/Programs/InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. D:\Tools\Tiscali\Tiscali.exe/Kit Tiscali/Elements_Kit/PC/Dialer/InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. D:\Tools\Tiscali\Tiscali.exe/Kit Tiscali/Elements_Kit/PC1/Dialer Tiscali/InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. D:\Tools\Tiscali\Tiscali.exe/Kit Tiscali/Programs/InstallDialer.exe/Dialer.exe -> Heuristic.Win32.Dialer : Ignored. C:\Documents and Settings\Nico\Cookies\nico@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@estat[1].txt -> TrackingCookie.Estat : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@weborama[1].txt -> TrackingCookie.Weborama : Cleaned. C:\Documents and Settings\Nico\Cookies\nico@zedo[1].txt -> TrackingCookie.Zedo : Cleaned. C:\WINDOWS\system32\victoria_in_the_sky.scr -> Trojan.NSAnti.A : Cleaned with backup (quarantined). ::Report end Script clean par Malekal_morte - http://www.malekal.com *** SUPPRESSION DES FICHIERS *** Suppressions de trojans/vers sur... C:\WINDOWS\inf\unregmp2.exe FOUND C:\WINDOWS\system32\javaws.exe FOUND *** Suppressions des adware connus... 07/09/06 12:16:15 [info]: BlackLight Engine 1.0.42 initialized 07/09/06 12:16:15 [info]: OS: 5.1 build 2600 (Service Pack 2) 07/09/06 12:16:15 [Note]: 7019 4 07/09/06 12:16:15 [Note]: 7005 0 07/09/06 12:16:37 [Note]: 7006 0 07/09/06 12:16:37 [Note]: 7011 1244 07/09/06 12:16:37 [Note]: 7026 0 07/09/06 12:16:37 [Note]: 7026 0 07/09/06 12:16:43 [Note]: FSRAW library version 1.7.1019 07/09/06 12:19:02 [Note]: 2000 1006 07/09/06 12:25:38 [Note]: 7007 0 Logfile of HijackThis v1.99.1 Scan saved at 12:26:03, on 09/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Dit.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\DitExp.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\tools\ewido anti-spyware 4.0\guard.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\tools\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe D:\Tools\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Nico\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Tools\FreshDownload\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Tools\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Tools\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] D:\Tools\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\tools\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\tools\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [mrniqc] c:\windows\system32\mrniqc.exe mrniqc O4 - HKLM\..\Run: [!ewido] "C:\tools\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Aide mémoire.lnk = ? O4 - Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = D:\Tools\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\tools\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  8. KS_Croc
    Voilà! F-Secure Blacklight 07/09/06 00:32:46 [info]: BlackLight Engine 1.0.42 initialized 07/09/06 00:32:46 [info]: OS: 5.1 build 2600 (Service Pack 2) 07/09/06 00:32:47 [Note]: 7019 4 07/09/06 00:32:47 [Note]: 7005 0 07/09/06 00:32:49 [Note]: 7006 0 07/09/06 00:32:49 [Note]: 7011 1000 07/09/06 00:32:49 [Note]: 7026 0 07/09/06 00:32:50 [Note]: 7026 0 07/09/06 00:32:50 [Note]: 7024 3 07/09/06 00:32:50 [info]: Hidden process: C:\windows\system32\mrniqc.exe 07/09/06 00:32:50 [Note]: FSRAW library version 1.7.1019 07/09/06 00:35:44 [info]: Hidden file: c:\WINDOWS\Prefetch\MRNIQC.EXE-1823E466.pf 07/09/06 00:35:44 [Note]: 10002 1 07/09/06 00:36:15 [info]: Hidden file: c:\WINDOWS\system32\mrniqc.dat 07/09/06 00:36:15 [Note]: 10002 1 07/09/06 00:36:16 [info]: Hidden file: C:\windows\system32\mrniqc.exe 07/09/06 00:36:16 [Note]: 10002 1 07/09/06 00:36:16 [info]: Hidden file: c:\WINDOWS\system32\mrniqc_nav.dat 07/09/06 00:36:16 [Note]: 10002 1 07/09/06 00:36:16 [info]: Hidden file: c:\WINDOWS\system32\mrniqc_navps.dat 07/09/06 00:36:16 [Note]: 10002 1 07/09/06 00:38:05 [Note]: 7007 0 chercher.zip C:\WINDOWS\System32\wpa.dbl -->08/07/2006 23:32:03 C:\WINDOWS\System32\WgaLogon.dll -->19/06/2006 16:20:42 C:\WINDOWS\System32\LegitCheckControl.dll -->19/06/2006 16:19:42 C:\WINDOWS\System32\WgaTray.exe -->19/06/2006 16:19:26 C:\WINDOWS\System32\nvs2.inf -->15/06/2006 05:40:09 C:\WINDOWS\System32\HotTVPlayer.dll -->15/06/2006 05:40:04 C:\WINDOWS\System32\avsda.dll -->11/06/2006 23:41:04 C:\WINDOWS\System32\MRT.exe -->08/06/2006 18:19:52 C:\WINDOWS\System32\jgpl400.dll -->01/06/2006 20:48:44 C:\WINDOWS\System32\jgdw400.dll -->01/06/2006 20:48:44 C:\WINDOWS\System32\shdocvw.dll -->29/05/2006 17:29:14 C:\WINDOWS\System32\mshtml.dll -->19/05/2006 17:09:50 C:\WINDOWS\System32\jscript.dll -->18/05/2006 07:31:21 C:\WINDOWS\System32\rasmans.dll -->14/05/2006 10:48:16 C:\WINDOWS\System32\xpsp3res.dll -->11/05/2006 10:57:36 C:\WINDOWS\wiadebug.log -->08/07/2006 23:32:08 C:\WINDOWS\wiaservc.log -->08/07/2006 23:32:07 C:\WINDOWS\0.log -->08/07/2006 23:32:02 C:\WINDOWS\ModemLog_Creatix V.9X DSP Data Fax Modem.txt -->08/07/2006 23:32:01 C:\WINDOWS\WindowsUpdate.log -->08/07/2006 23:32:00 C:\WINDOWS\bootstat.dat -->08/07/2006 23:31:55 C:\WINDOWS\SchedLgU.Txt -->08/07/2006 23:31:15 C:\WINDOWS\win.ini -->08/07/2006 23:31:07 C:\WINDOWS\system.ini -->08/07/2006 23:31:07 C:\WINDOWS\ntbtlog.txt -->07/07/2006 01:51:30 C:\WINDOWS\setupapi.log -->07/07/2006 00:49:02 C:\WINDOWS\WgaNotify.log -->06/07/2006 01:32:44 C:\WINDOWS\spupdsvc.log -->16/06/2006 03:34:20 C:\WINDOWS\wmsetup.log -->16/06/2006 03:19:02 C:\WINDOWS\tsoc.log -->16/06/2006 03:19:02 Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est C02B-0FB6 R‚pertoire de C:\Program Files 15/06/2006 05:40 <REP> . 15/06/2006 05:40 <REP> .. 01/02/2006 22:17 <REP> Adobe 04/05/2006 23:38 <REP> AntiVir PersonalEdition Classic 06/11/2004 19:14 <REP> backburner 2 05/05/2005 19:04 <REP> C-Media 3D Audio 10/04/2005 16:21 <REP> Club-Internet 12/06/2004 12:02 <REP> Common Files 22/09/2003 11:19 <REP> ComPlus Applications 22/09/2003 13:06 <REP> CyberLink 07/12/2003 13:59 <REP> directx 06/12/2003 22:48 <REP> DivX 05/06/2005 18:31 <REP> EPSON 25/12/2005 20:53 <REP> Fichiers communs 05/07/2006 20:18 <REP> Google 07/07/2006 01:48 <REP> HotTVPlayer 22/09/2003 13:14 <REP> InstantCD+DVD 16/06/2006 03:00 <REP> Internet Explorer 03/12/2005 00:55 <REP> iPod 23/12/2005 01:04 <REP> Java 22/09/2003 12:54 <REP> Make bootable flashcards 04/10/2004 23:34 <REP> Managed DirectX (0901) 22/09/2003 13:06 <REP> Medion 09/02/2005 04:15 <REP> Messenger 11/01/2004 19:30 <REP> microsoft frontpage 19/03/2005 00:56 <REP> Microsoft Office 11/01/2004 19:33 <REP> Microsoft Visual Studio 22/09/2003 13:29 <REP> Microsoft Works 19/03/2005 00:56 <REP> Microsoft.NET 10/10/2004 13:49 <REP> Movie Maker 22/09/2003 11:19 <REP> MSN Gaming Zone 13/02/2006 14:26 <REP> MSN Messenger 05/05/2005 19:06 <REP> MUSICMATCH 24/11/2005 19:38 <REP> NetMeeting 14/04/2006 03:00 <REP> Outlook Express 19/12/2003 00:43 <REP> Padus 08/05/2004 23:16 <REP> Real 06/12/2003 19:48 <REP> SAGEM 06/11/2003 20:35 <REP> SEC 22/09/2003 11:20 <REP> Services en ligne 22/09/2003 13:36 <REP> SiSLan 28/06/2005 23:51 <REP> SLD Codec Pack 06/11/2004 19:39 <REP> vg 22/09/2003 13:03 <REP> Windows Journal Viewer 16/02/2006 14:54 <REP> Windows Media Player 10/10/2004 13:43 <REP> Windows NT 12/02/2005 20:15 <REP> WinRAR 22/09/2003 11:21 <REP> xerox 0 fichier(s) 0 octets 48 R‚p(s) 59ÿ917ÿ819ÿ904 octets libres Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est C02B-0FB6 R‚pertoire de C:\Program Files\fichiers communs 25/12/2005 20:53 <REP> . 25/12/2005 20:53 <REP> .. 10/04/2005 16:19 <REP> Adobe 11/06/2004 14:31 <REP> Ahead 06/11/2004 19:14 <REP> Autodesk Shared 19/06/2004 19:29 <REP> Bcgsoft 06/11/2005 23:57 <REP> Borland Shared 14/08/2004 00:01 <REP> DAZ 11/01/2004 19:33 <REP> Designer 27/11/2005 20:07 <REP> EPSON 31/03/2004 00:30 <REP> InstallShield 04/11/2005 00:26 <REP> Java 25/12/2005 20:58 <REP> Macromedia 06/11/2004 19:15 <REP> Macrovision Shared 19/03/2005 00:57 <REP> Microsoft Shared 22/09/2003 11:19 <REP> MSSoap 17/11/2004 00:41 <REP> Nikon 22/09/2003 12:17 <REP> ODBC 08/05/2004 23:16 <REP> Real 22/09/2003 11:19 <REP> Services 22/09/2003 12:17 <REP> SpeechEngines 14/04/2006 03:00 <REP> System 06/09/2004 23:03 <REP> Totem Shared 08/05/2004 23:16 <REP> xing shared 0 fichier(s) 0 octets 24 R‚p(s) 59ÿ917ÿ819ÿ904 octets libres Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est C02B-0FB6 R‚pertoire de C:\Program Files\common files 12/06/2004 12:02 <REP> . 12/06/2004 12:02 <REP> .. 30/07/2004 23:38 <REP> System 12/06/2004 12:02 <REP> Totem Shared 0 fichier(s) 0 octets 4 R‚p(s) 59ÿ917ÿ819ÿ904 octets libres Le volume dans le lecteur C s'appelle BOOT Le num‚ro de s‚rie du volume est C02B-0FB6 R‚pertoire de C:\ c:\Documents and Settings\Michel\Local Settings\Temp\ANTIVIR\UPDATE\antivir_workstation_winh_en.exe c:\Documents and Settings\Nico\.housecall\getMac.exe c:\Documents and Settings\Nico\.housecall\patch.exe c:\Documents and Settings\Nico\.housecall\tsc.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{885A63EA-382B-4DD4-A755-14809B8557D6}\ARPPRODUCTICON.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{91057632-CA70-413C-B628-2D3CDBBB906B}\ARPPRODUCTICON.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_165d6e64.exe c:\Documents and Settings\Nico\Application Data\Microsoft\Installer\{BAE4D301-FE3F-4B41-813C-81165BD1FB30}\_3cec1c82.exe c:\Documents and Settings\Nico\Bureau\blbeta.exe c:\Documents and Settings\Nico\Bureau\cwshredder.exe c:\Documents and Settings\Nico\Bureau\HijackThis.exe c:\Documents and Settings\Nico\Bureau\SPYCOP.EXE c:\Documents and Settings\Nico\Bureau\chercher\LFiles.exe c:\Documents and Settings\Nico\Bureau\perso\divers\visual boy 1.7.1\VisualBoyAdvance.exe c:\Documents and Settings\Nico\Bureau\perso\divers_02\feelinks\data\feelinks.exe c:\Documents and Settings\Nico\Bureau\perso\gba\VisualBoyAdvance.exe c:\Documents and Settings\Nico\Bureau\perso\meb\Etude de secteur\_Lingerie\le tout aubade collection complete\aubade_screen saver 2001.exe c:\Documents and Settings\Nico\Bureau\perso\meb\marketing\divers\NESPRESSO.exe c:\Documents and Settings\Nico\Bureau\perso\meb\marketing\nespresso\documents\NESPRESSO.exe c:\Documents and Settings\Nico\Bureau\perso\travail\InstallSketchUp-4.0.170.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\data\feelinks.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz 3D - Koshini & Millennium Girls - Storytime Collection - Victorian Doll - Ps Tx555B.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - Ps Ac724B - Leavandra Hair.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - Ps Mo151B - Figurine.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - Ps Mr101B - Grrrl.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - Ps Tx748B - Girl Skinz.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - Ps Tx758B - Lollipop Flavors.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - The Girl Clothing - Ps Ac885B.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D - The Girl Starter Kit - Ps Ac897.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D Ps Ac884B Girl Catsuit.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D -Ps Ac899B Lollipop Purdee.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D Ps Bn030 Girlmorphs.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D Ps Bn030 Girlposes.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Daz3D Ps Bn030 Girltextures.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Poser - Aiko (Anime Manga Character).exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Poser - Daz3D - Victoria 3.0 - Anna-Marie Goddard Digital Clone.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Poser Daz3D - Angel For Stephanie 3.0 Petite Victoria 3 - Ps Ch084B Exe.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Ps Ac886B Girlsummert.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Ps Mr084B Etherealshadow.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Ps Pe048 Thegirl.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\divers\girl\Ps Tx751B Trixiet.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\souldesign\download\fichier\cutkiller.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\souldesign\download\fichier\renmultifiles.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\souldesign\download\fichier\zplay290.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\souldesign2\download\fichier\cutkiller.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\souldesign2\download\fichier\renmultifiles.exe c:\Documents and Settings\Nico\Bureau\perso\travaux\souldesign2\download\fichier\zplay290.exe c:\Documents and Settings\Nico\Local Settings\Temp\guninst.exe c:\Documents and Settings\Nico\Local Settings\Temporary Internet Files\Content.IE5\C5U3GDK7\SystemDoctor2006FreeInstall_fr[1].exe c:\Documents and Settings\Nico\Mes documents\mes prog\P2P\eMule0.47a-Installer.exe Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler
  9. KS_Croc
    _______________________________________________________________________ !!!!!!!!!!!!!!!!!! RESOLU !!!!!!!!!!!!!!!!!!!!!!!!!!!!! _______________________________________________________________________ Hello! J'ai un problème d'ouverture de pop-ups intempestives lorsque que j'utilise IE... J'ai nettoyé mon cache, passé AntiVir, Ad-aware, Spybot et cwshredder, rien n'est détecté... La navigation est réellement perturbée par des apparitions de pop-ups et de publicités sur les pages visitées. Donc je me tourne vers vous car je n'ai pas la compétence pour analyser le log Hijack This... Merci pour vos réponses, vous êtes mon dernier recours... [sinon, je n'ai plus qu'à jeter mon PC par la fenêtre] >.< Merci d'avance! Logfile of HijackThis v1.99.1 Scan saved at 23:45:42, on 08/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Dit.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\DitExp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe D:\Tools\Nikon\PictureProject\NkbMonitor.exe D:\Tools\Aide mémoire\TrayIcon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Nico\Bureau\cwshredder.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Nico\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Tools\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - D:\Tools\FreshDownload\fdcatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Tools\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Tools\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Tools\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [WinampAgent] D:\Tools\Winamp\winampa.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iTunesHelper] "D:\tools\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\tools\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Aide mémoire.lnk = ? O4 - Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NaturalColorLoad.lnk = ? O4 - Global Startup: NkbMonitor.exe.lnk = D:\Tools\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
×
×
  • Créer...