Dominic_lyon

Merci beaucoup wawaseb, mon ordi marche à la perfection et le virus semble etre définitivement parti. C'est un très bon site et suis très content de l'éfficacité et de la rapidité du service. C'est un grand grand soulagement. Dominic

Merci beaucoup de prendre du temps pour m'aider c'est vraiment très gentil de votre part. Donc, j'ai fais ce que tu m'avais dit de faire et voici le rapport de AVG: (j'ai mis en gras ce qui me semble être le virus...) --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:22:50 04/11/2006 + Résultat de l'analyse: C:\Program Files\INSTAFINK -> Adware.404Search : Nettoyé. C:\System Volume Information\_restore{06C7358E-5A84-405E-A339-E6AC3E005FA8}\RP490\A0096717.exe -> Adware.404Search : Nettoyé. HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Nettoyé. HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Nettoyé. HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Nettoyé. HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Nettoyé. C:\System Volume Information\_restore{06C7358E-5A84-405E-A339-E6AC3E005FA8}\RP490\A0096718.exe -> Adware.BetterInternet : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\aurora -> Adware.BetterInternet : Nettoyé. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFINK -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38398 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38399 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38400 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38400\Objects -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38400\Objects\5 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38402 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38403 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38403\Objects -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38403\Objects\5 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38404 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38404\Objects -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38404\Objects\5 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38405 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38405\Objects -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38405\Objects\5 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38420 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38421 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38421\Objects -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38421\Objects\5 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Reports\38423 -> Adware.InstaFinder : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\INSTAFINK\Stat -> Adware.InstaFinder : Nettoyé. HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : Nettoyé. HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Nettoyé. HKU\S-1-5-21-446259544-279959230-934376219-1005\Software\Bolger -> Adware.VX2 : Nettoyé. [b][size=4]C:\Documents and Settings\Famille\Local Settings\Temporary Internet Files\Content.IE5\XGH9AKL4\POPUP[1].0TML -> Hijacker.Agent.a : Nettoyé.[/size][/b] :mozilla.38:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.39:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.40:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Famille\Cookies\famille@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.24:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.25:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.26:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Famille\Cookies\famille@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.31:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Famille\Cookies\famille@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.32:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Invité\Cookies\invité@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\LocalService\Cookies\system@need2find[1].txt -> TrackingCookie.Need2find : Nettoyé. :mozilla.27:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.29:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.30:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Famille\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Famille\Cookies\famille@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.6:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.7:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\rcj04mb5.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Famille\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Nettoyé. Fin du rapport Et ceci est le rapport de hijackthis (après avoir créé un dossier dominic_lyon et renomer hijackthis.exe en dominic_lyon.exe ... c'est bien ce que je devais faire non?) Logfile of HijackThis v1.99.1 Scan saved at 21:30:53, on 04/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Metacafe\MetacafeAgent.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\sony\giga pocket\ReserveModule.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Program Files\sony\giga pocket\shwserv.exe C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\sony\vaio media music server\SSSvr.exe C:\Program Files\sony\giga pocket\GPVSvr.exe C:\Program Files\sony\giga pocket\gps.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\sony\giga pocket\RM_SV.exe C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\dominic_lyon\dominic_lyon.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\logiciels\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = D:\Logiciels\Office\Office10\OSA.EXE O4 - Global Startup: Pilote Remocon.lnk = ? O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\sony\giga pocket\ReserveModule.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\LOGICI~1\Office\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dodzilla.spaces.msn.com//PhotoUpload/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe J'ai aussi supprimé la ligne O8 avec la toolbar need2find. Malheureusement il me semble que le virus est encore la... parceque mon antivirus securitoo me l'a deja supprimé 4 fois, mais il revient à chaque fois, et je ne sais pas si AVG a pu le supprimer correctement. Du reste il me semble qu'il a changé de nom parceque avant il s'appelait trojan-clicker.HTML.Agent.a et sur la rapport de AVG il s'appelle Hijacker.Agent.a J'espère vraiment que vous allez pouvoir m'aider avec ces deux rapports et j'insiste encore sur le fait que je trouve cela fantastique que vous aidiez les gens. Dominic

Bonjour, Mon ordinateur est infecté du virus Trojan-clicker.HTML.Agent.a Mon ordinateur est lent, et ca tombe vraiment le mauvais jour parceque j'en ai vraiment besoin ce weekend! J'ai suivi vos instuctions pour hijackthis et antivir. Si vous pouviez m'aider ca serait fantastique. Voici le rapport de hijackthis. Logfile of HijackThis v1.99.1 Scan saved at 16:36:10, on 04/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft IntelliPoint\point32.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe D:\logiciels\quicktime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Metacafe\MetacafeAgent.exe C:\Program Files\sony\usbsircs\usbsircs.exe C:\Program Files\sony\giga pocket\ReserveModule.exe C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Program Files\sony\giga pocket\shwserv.exe C:\Program Files\Securitoo\av_fw\backweb\1044199\Program\BackWeb-1044199.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\sony\vaio media music server\SSSvr.exe C:\Program Files\sony\giga pocket\GPVSvr.exe C:\Program Files\sony\giga pocket\gps.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\sony\giga pocket\RM_SV.exe C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe D:\Logiciels\winrar\WinRAR.exe C:\DOCUME~1\Famille\LOCALS~1\Temp\Rar$EX00.219\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\logiciels\quicktime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: MetaCafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe O4 - Global Startup: Microsoft Office.lnk = D:\Logiciels\Office\Office10\OSA.EXE O4 - Global Startup: Pilote Remocon.lnk = ? O4 - Global Startup: Timer Recording Manager.lnk = C:\Program Files\sony\giga pocket\ReserveModule.exe O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\LOGICI~1\Office\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O15 - Trusted Zone: *.sony-europe.com O15 - Trusted Zone: *.sonystyle-europe.com O15 - Trusted Zone: *.vaio-link.com O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://dodzilla.spaces.msn.com//PhotoUpload/MsnPUpld.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe O23 - Service: F-Secure Distributed Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\DFW\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: Giga Pocket Hardware Detector - Sony Corporation - C:\Program Files\sony\giga pocket\shwserv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\sony\giga pocket\halsv.exe O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\sony\giga pocket\RM_SV.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\Sptisrv.exe O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\sony\vaio media music server\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing) O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing) O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\sony\photo server\appsrv\PhotoAppSrv.exe O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing) O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\sony\giga pocket\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing) O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing) O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe Merci d'avance. Dominic