licke

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:57:11, on 30/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\program files\valve\steam\steam.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Documents and Settings\user\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo-pont-saint-mard.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Thunderbird] "f:\Mozilla Thunderbird\thunderbird.exe" O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [realteks] "C:\Documents and Settings\user\Application Data\Google\edpgz16420882.exe" 2 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9198 bytes Antivir est a jour (nouvelle version etc...) En tout cas, merci pur tout ce travail Tout a l'air d'aller apparemment

========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== C:\Documents and Settings\user\Application Data\Google\edpgz16420882.exe moved successfully. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\realteks deleted successfully. ========== COMMANDS ========== OTM by OldTimer - Version 3.0.0.5 log created on 07302009_183041

Re Fichier edpgz16420882.exe reçu le 2009.07.30 16:24:58 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.07.30 - AhnLab-V3 5.0.0.2 2009.07.30 - AntiVir 7.9.0.236 2009.07.30 TR/FakeIA.M Antiy-AVL 2.0.3.7 2009.07.30 - Authentium 5.1.2.4 2009.07.30 - Avast 4.8.1335.0 2009.07.29 - BitDefender 7.2 2009.07.30 - CAT-QuickHeal 10.00 2009.07.30 TrojanDownloader.FakeAlert.a ClamAV 0.94.1 2009.07.30 - Comodo 1813 2009.07.30 - DrWeb 5.0.0.12182 2009.07.30 - eSafe 7.0.17.0 2009.07.30 - eTrust-Vet 31.6.6647 2009.07.30 Win32/Banbot!generic F-Prot 4.4.4.56 2009.07.30 - F-Secure 8.0.14470.0 2009.07.30 - Fortinet 3.120.0.0 2009.07.30 - GData 19 2009.07.30 - Ikarus T3.1.1.64.0 2009.07.30 - Jiangmin 11.0.800 2009.07.30 - K7AntiVirus 7.10.806 2009.07.30 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.07.30 - McAfee 5692 2009.07.29 - McAfee+Artemis 5692 2009.07.29 Artemis!D5E85C4B04B3 McAfee-GW-Edition 6.8.5 2009.07.30 Heuristic.BehavesLike.Win32.Downloader.B Microsoft 1.4903 2009.07.30 Trojan:Win32/FakeIA.M NOD32 4291 2009.07.30 Win32/TrojanDownloader.FakeAlert.AFJ Norman 6.01.09 2009.07.30 W32/Obfuscated.R!genr nProtect 2009.1.8.0 2009.07.30 - Panda 10.0.0.14 2009.07.30 - PCTools 4.4.2.0 2009.07.29 - Prevx 3.0 2009.07.30 Medium Risk Malware Rising 21.40.34.00 2009.07.30 - Sophos 4.44.0 2009.07.30 - Sunbelt 3.2.1858.2 2009.07.30 - Symantec 1.4.4.12 2009.07.30 - TheHacker 6.3.4.3.378 2009.07.30 - TrendMicro 8.950.0.1094 2009.07.30 - VBA32 3.12.10.9 2009.07.30 - ViRobot 2009.7.30.1861 2009.07.30 - VirusBuster 4.6.5.0 2009.07.30 - Information additionnelle File size: 126976 bytes MD5...: d5e85c4b04b3343925be66154f4aaaf7 SHA1..: 1fa305739999fef52207c5851639b7c7d86b412b SHA256: a1483b0582e5fca4f1abeabffa5fea399751c73678834ab989ed98e2b32280b1 ssdeep: 3072:3YumU7dsAVwuiiodbyM/2yeQxtg3GEmN74T0I2cg1kR:3JmgdsAVwuxa9Lt<BR>gnI745<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.1%)<BR>Win16/32 Executable Delphi generic (9.3%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xd0ac<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0xde40 0xe000 7.02 e63218dd038e7ea2bf3c9a8c02e080d9<BR>DATA 0xf000 0x5d4 0x600 4.36 487c5b126af35b43207c5f3247904fc3<BR>BSS 0x10000 0x1c4d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x12000 0xa9a 0xc00 4.45 4b488d009fc5c47dc093bb5bfacdc12a<BR>.tls 0x13000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x14000 0x18 0x200 0.21 46b5446c9d254c04c525d4b500cee24a<BR>.reloc 0x15000 0xc74 0xe00 6.38 570715e261fc16d7f1c76162f1548299<BR>.rsrc 0x16000 0xea00 0xea00 7.71 bbde6357226b47bad9121f90375c5618<BR><BR>( 9 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA, CharNextA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SysFreeString<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey<BR>> kernel32.dll: lstrlenA, lstrcpyA, lstrcmpiA, lstrcatA, WriteFile, VirtualProtect, Sleep, SizeofResource, ReadFile, LockResource, LoadResource, LoadLibraryA, HeapReAlloc, HeapFree, HeapAlloc, GetVolumeInformationA, GetTickCount, GetProcessHeap, GetProcAddress, GetModuleHandleA, GetLocalTime, GetLastError, GetEnvironmentVariableA, GetComputerNameA, FreeResource, FreeLibrary, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, CreateFileA, CloseHandle<BR>> gdi32.dll: TextOutA, StretchBlt, SetTextColor, SetBkMode, SetBkColor, SelectObject, MoveToEx, LineTo, DeleteObject, DeleteDC, CreateSolidBrush, CreatePen, CreateFontIndirectA, CreateCompatibleDC, BitBlt<BR>> user32.dll: CreateWindowExA, UnregisterClassA, TranslateMessage, SystemParametersInfoA, ShowWindow, SetWindowPos, SetTimer, SetCursor, SendMessageA, ScreenToClient, RegisterClassA, PostQuitMessage, PeekMessageA, LoadImageA, LoadIconA, LoadCursorA, KillTimer, GetWindowLongA, GetSystemMetrics, GetSysColor, GetCursorPos, EndPaint, DrawIcon, DispatchMessageA, DestroyWindow, DefWindowProcA, BringWindowToTop, BeginPaint, CharLowerBuffA<BR><BR>( 0 exports ) <BR> PDFiD.: - RDS...: NSRL Reference Data Set<BR>- Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0306F627001E5BB2F04301114FFF0C00348E87EC''>http://info.prevx.com/aboutprogramtext.asp?PX5=0306F627001E5BB2F04301114FFF0C00348E87EC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0306F627001E5BB2F04301114FFF0C00348E87EC</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=0306F627001E5BB2F04301114FFF0C00348E87EC</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.07.30 - AhnLab-V3 5.0.0.2 2009.07.30 - AntiVir 7.9.0.236 2009.07.30 TR/FakeIA.M Antiy-AVL 2.0.3.7 2009.07.30 - Authentium 5.1.2.4 2009.07.30 - Avast 4.8.1335.0 2009.07.29 - BitDefender 7.2 2009.07.30 - CAT-QuickHeal 10.00 2009.07.30 TrojanDownloader.FakeAlert.a ClamAV 0.94.1 2009.07.30 - Comodo 1813 2009.07.30 - DrWeb 5.0.0.12182 2009.07.30 - eSafe 7.0.17.0 2009.07.30 - eTrust-Vet 31.6.6647 2009.07.30 Win32/Banbot!generic F-Prot 4.4.4.56 2009.07.30 - F-Secure 8.0.14470.0 2009.07.30 - Fortinet 3.120.0.0 2009.07.30 - GData 19 2009.07.30 - Ikarus T3.1.1.64.0 2009.07.30 - Jiangmin 11.0.800 2009.07.30 - K7AntiVirus 7.10.806 2009.07.30 Trojan.Win32.Malware.1 Kaspersky 7.0.0.125 2009.07.30 - McAfee 5692 2009.07.29 - McAfee+Artemis 5692 2009.07.29 Artemis!D5E85C4B04B3 McAfee-GW-Edition 6.8.5 2009.07.30 Heuristic.BehavesLike.Win32.Downloader.B Microsoft 1.4903 2009.07.30 Trojan:Win32/FakeIA.M NOD32 4291 2009.07.30 Win32/TrojanDownloader.FakeAlert.AFJ Norman 6.01.09 2009.07.30 W32/Obfuscated.R!genr nProtect 2009.1.8.0 2009.07.30 - Panda 10.0.0.14 2009.07.30 - PCTools 4.4.2.0 2009.07.29 - Prevx 3.0 2009.07.30 Medium Risk Malware Rising 21.40.34.00 2009.07.30 - Sophos 4.44.0 2009.07.30 - Sunbelt 3.2.1858.2 2009.07.30 - Symantec 1.4.4.12 2009.07.30 - TheHacker 6.3.4.3.378 2009.07.30 - TrendMicro 8.950.0.1094 2009.07.30 - VBA32 3.12.10.9 2009.07.30 - ViRobot 2009.7.30.1861 2009.07.30 - VirusBuster 4.6.5.0 2009.07.30 - Information additionnelle File size: 126976 bytes MD5...: d5e85c4b04b3343925be66154f4aaaf7 SHA1..: 1fa305739999fef52207c5851639b7c7d86b412b SHA256: a1483b0582e5fca4f1abeabffa5fea399751c73678834ab989ed98e2b32280b1 ssdeep: 3072:3YumU7dsAVwuiiodbyM/2yeQxtg3GEmN74T0I2cg1kR:3JmgdsAVwuxa9Lt<BR>gnI745<BR> PEiD..: - TrID..: File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.1%)<BR>Win16/32 Executable Delphi generic (9.3%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%) PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xd0ac<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0xde40 0xe000 7.02 e63218dd038e7ea2bf3c9a8c02e080d9<BR>DATA 0xf000 0x5d4 0x600 4.36 487c5b126af35b43207c5f3247904fc3<BR>BSS 0x10000 0x1c4d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x12000 0xa9a 0xc00 4.45 4b488d009fc5c47dc093bb5bfacdc12a<BR>.tls 0x13000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x14000 0x18 0x200 0.21 46b5446c9d254c04c525d4b500cee24a<BR>.reloc 0x15000 0xc74 0xe00 6.38 570715e261fc16d7f1c76162f1548299<BR>.rsrc 0x16000 0xea00 0xea00 7.71 bbde6357226b47bad9121f90375c5618<BR><BR>( 9 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<BR>> user32.dll: GetKeyboardType, MessageBoxA, CharNextA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: SysFreeString<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> advapi32.dll: RegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegDeleteValueA, RegCloseKey<BR>> kernel32.dll: lstrlenA, lstrcpyA, lstrcmpiA, lstrcatA, WriteFile, VirtualProtect, Sleep, SizeofResource, ReadFile, LockResource, LoadResource, LoadLibraryA, HeapReAlloc, HeapFree, HeapAlloc, GetVolumeInformationA, GetTickCount, GetProcessHeap, GetProcAddress, GetModuleHandleA, GetLocalTime, GetLastError, GetEnvironmentVariableA, GetComputerNameA, FreeResource, FreeLibrary, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, CreateFileA, CloseHandle<BR>> gdi32.dll: TextOutA, StretchBlt, SetTextColor, SetBkMode, SetBkColor, SelectObject, MoveToEx, LineTo, DeleteObject, DeleteDC, CreateSolidBrush, CreatePen, CreateFontIndirectA, CreateCompatibleDC, BitBlt<BR>> user32.dll: CreateWindowExA, UnregisterClassA, TranslateMessage, SystemParametersInfoA, ShowWindow, SetWindowPos, SetTimer, SetCursor, SendMessageA, ScreenToClient, RegisterClassA, PostQuitMessage, PeekMessageA, LoadImageA, LoadIconA, LoadCursorA, KillTimer, GetWindowLongA, GetSystemMetrics, GetSysColor, GetCursorPos, EndPaint, DrawIcon, DispatchMessageA, DestroyWindow, DefWindowProcA, BringWindowToTop, BeginPaint, CharLowerBuffA<BR><BR>( 0 exports ) <BR> PDFiD.: - RDS...: NSRL Reference Data Set<BR>- Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=0306F627001E5BB2F04301114FFF0C00348E87EC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=0306F627001E5BB2F04301114FFF0C00348E87EC</a>

Rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:59:52, on 30/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Documents and Settings\user\Application Data\Google\edpgz16420882.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\program files\valve\steam\steam.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo-pont-saint-mard.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - Default URLSearchHook is missing O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Thunderbird] "f:\Mozilla Thunderbird\thunderbird.exe" O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [realteks] "C:\Documents and Settings\user\Application Data\Google\edpgz16420882.exe" 2 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 9563 bytes

Re Voici les differents rapports -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4600+ ) BIOS : BIOS Date: 04/30/07 10:48:15 Ver: 08.00.12 USER : user ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:6 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:232 Go (Free:181 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 30/07/2009|16:11 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\Dealio\kb127 Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\kb127 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\Program Files\Dealio Supprime! - C:\DOCUME~1\user\APPLIC~1\Search Settings Supprime! - C:\Program Files\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (user) - {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} => forecastfox (user) - {22119944-ED35-4ab1-910B-E619EA06A115} => roboform (user) - {3502a070-ea2f-11dd-ba2f-0800200c9a66} => minimizetotray (user) - {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} => ipv6ident (user) - {4BBDD651-70CF-4821-84F8-2B918CF89CA3} => febe (user) - {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} => walnut (user) - {77e8295d-7048-8367-1c67-378537c06d74} => phplangeditor (user) - {89506680-e3f4-484c-a2c0-ed711d481eda} => showcase (user) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper (user) - {DA3A89AB-2DCA-4a29-8FEA-3C9E79BBF113} => pagerankstatus (user) - {dc572301-7619-498c-a57d-39143191b318} => tabmixplus (user) - {dd30bf68-268a-4815-ad48-8740b774c764} => redcats_green (user) - {EF522540-89F5-46b9-B6FE-1829E2B572C6} => googlepreview (user) - {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} => customizegoogle (user) - {0b62b504-857c-4f62-a336-2e8425bd5738} => quotecollapse (user) - {28BA62BF-022B-44a3-88BC-D2112DDB7D58} => atbcc_button (user) - {31513E58-F253-47ad-86DB-D5F21E905429} => minimizetotray (user) - {554c2c30-935c-11d9-9669-0800200c9a66} => mailtagger (user) - {78136133-1994-415a-8d30-69d505d924fc} => deletejunk (user) - {83d1f945-8280-11db-96a7-00e08161165f} => thunderbayes (user) - {90bcd2b0-08f1-4db8-a136-8263c3f89cc8} => worldweatherplus (user) - {90ceaf60-169c-40fb-b224-7204488f061d} => attbytes (user) - {9A537591-D2A6-4e53-8FE1-F76AB00D5597} => quickreply (user) - {aaf23341-212c-43c4-8824-e51cfe051345} => templateloader (user) - {b243fe83-b8a7-47de-855d-21d865243d5d} => folderpane (user) - {de1b245c-de57-11da-ba2d-0050c2490048} => minimize (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-mk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pa-IN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-tr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-mk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pa-IN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-tr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning (user) - {F3A60010-0E28-4503-B4AA-0E5F90275F77} => walnut_for_thunderbird_1.5_and_2.0-1.7.18-tb -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://meteo-pont-saint-mard.com/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" "Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" --------------------\\ Recherche d'autres infections C:\Program Files\InternetGameBox C:\Program Files\InternetGameBox\language C:\Program Files\InternetGameBox\ressources C:\Program Files\InternetGameBox\skins C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii.dat C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii.exe C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii_nav.dat C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii_navps.dat ==> EGDACCESS <== 1 - "C:\ToolBar SD\TB_1.txt" - 30/07/2009|15:40 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 30/07/2009|16:13 - Option : [2] -----------\\ Fin du rapport a 16:13:07,39 Fix Navipromo version 4.0.1 commencé le 30/07/2009 16:16:07,53 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4600+ ) BIOS : BIOS Date: 04/30/07 10:48:15 Ver: 08.00.12 USER : user ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:6 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:232 Go (Free:181 Go) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur C:\Program Files\InternetGamebox supprimé ! C:\Documents and Settings\All Users\menudm~1\progra~1\InternetGamebox supprimé ! C:\WINDOWS\prefetch\GAMEOVERLAYUI.EXE-39B8ED40.pf supprimé ! C:\WINDOWS\prefetch\qmaii*.pf supprimé ! C:\Documents and Settings\user\locals~1\applic~1\qmaii.exe supprimé ! C:\Documents and Settings\user\locals~1\applic~1\qmaii.dat supprimé ! C:\Documents and Settings\user\locals~1\applic~1\qmaii_nav.dat supprimé ! C:\Documents and Settings\user\locals~1\applic~1\qmaii_navps.dat supprimé ! Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\user\locals~1\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! *** Scan terminé 30/07/2009 16:34:54,78 *** --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4600+ ) BIOS : BIOS Date: 04/30/07 10:48:15 Ver: 08.00.12 USER : user ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:8 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:232 Go (Free:181 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 30/07/2009|16:38 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_42d2.tmp Supprime! - C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_72e6.tmp Supprime! - C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_a4ab.tmp Supprime! - C:\DOCUME~1\user\Cookies\user@advertstream[1].txt Supprime! - C:\DOCUME~1\user\Cookies\user@d2.advertserve[1].txt Supprime! - C:\DOCUME~1\user\Cookies\user@advertising[1].txt Supprime! - C:\DOCUME~1\user\Cookies\user@bigpoint[1].txt Supprime! - C:\DOCUME~1\user\Cookies\user@fr.deepolis.bigpoint[1].txt Supprime! - C:\DOCUME~1\user\Cookies\user@2xmoinscher[1].txt Supprime! - C:\DOCUME~1\user\Cookies\user@cc.2xmoinscher[2].txt \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [17/02/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [01/08/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [01/08/2007|18:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [08/04/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aspyr [24/12/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [13/01/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations [13/01/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix [13/01/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fellowes [16/05/2009|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/04/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations [13/01/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe [27/06/2007|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [08/03/2009|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [15/07/2009|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [27/06/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [21/04/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [18/07/2009|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm [16/11/2008|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [06/10/2007|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [24/12/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Video Converter Studio [11/01/2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [10/01/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/06/2007|16:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [06/01/2008|17:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [27/06/2007|16:20] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft [27/06/2007|16:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\Adobe [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\Ahead [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\Apple Computer [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\ArcSoft [08/05/2009|21:23] C:\DOCUME~1\user\APPLIC~1\DivX [27/02/2009|20:17] C:\DOCUME~1\user\APPLIC~1\dvdcss [28/10/2007|23:57] C:\DOCUME~1\user\APPLIC~1\FileZilla [08/01/2009|16:04] C:\DOCUME~1\user\APPLIC~1\Gearbox Software [30/07/2009|16:35] C:\DOCUME~1\user\APPLIC~1\Google [26/09/2007|09:17] C:\DOCUME~1\user\APPLIC~1\Help [27/06/2007|16:29] C:\DOCUME~1\user\APPLIC~1\Identities [08/07/2009|16:20] C:\DOCUME~1\user\APPLIC~1\InstallShield [13/01/2008|20:03] C:\DOCUME~1\user\APPLIC~1\InstallShield Installation Information [28/10/2007|16:22] C:\DOCUME~1\user\APPLIC~1\KompoZer [09/07/2009|14:31] C:\DOCUME~1\user\APPLIC~1\LG Electronics [30/01/2008|20:02] C:\DOCUME~1\user\APPLIC~1\Macromedia [18/07/2009|19:10] C:\DOCUME~1\user\APPLIC~1\Microsoft [10/01/2009|13:06] C:\DOCUME~1\user\APPLIC~1\Mozilla [01/12/2008|19:22] C:\DOCUME~1\user\APPLIC~1\Nero [22/04/2008|18:01] C:\DOCUME~1\user\APPLIC~1\Nokia [21/04/2008|19:05] C:\DOCUME~1\user\APPLIC~1\PC Suite [04/05/2008|16:27] C:\DOCUME~1\user\APPLIC~1\SecuROM [30/07/2009|16:37] C:\DOCUME~1\user\APPLIC~1\Skype [30/07/2009|10:07] C:\DOCUME~1\user\APPLIC~1\skypePM [18/11/2007|20:38] C:\DOCUME~1\user\APPLIC~1\Talkback [15/03/2008|19:36] C:\DOCUME~1\user\APPLIC~1\THQ [19/11/2007|16:01] C:\DOCUME~1\user\APPLIC~1\Thunderbird [18/01/2009|16:43] C:\DOCUME~1\user\APPLIC~1\ubi.com [27/06/2007|22:00] C:\DOCUME~1\user\APPLIC~1\vlc [28/06/2007|21:06] C:\DOCUME~1\user\APPLIC~1\WinRAR --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [18/07/2009 13:17][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [30/07/2009 16:33][--ah-----] C:\WINDOWS\tasks\SA.DAT [02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [27/06/2007|17:23] C:\Program Files\802.11 Wireless LAN [23/04/2008|09:12] C:\Program Files\Activision [17/02/2008|14:07] C:\Program Files\Adobe [27/06/2007|16:37] C:\Program Files\AMD [27/06/2007|16:36] C:\Program Files\Analog Devices [06/10/2007|22:05] C:\Program Files\AoA Audio Extractor [03/09/2008|19:01] C:\Program Files\Apple Software Update [20/09/2008|08:20] C:\Program Files\ArcSoft [08/04/2008|19:10] C:\Program Files\Aspyr [25/12/2008|00:19] C:\Program Files\AVIConverter [24/12/2008|12:09] C:\Program Files\Avira [18/07/2007|23:10] C:\Program Files\AviSynth 2.5 [18/11/2007|20:35] C:\Program Files\BackupFox [18/10/2008|22:47] C:\Program Files\Common Files [27/06/2007|16:17] C:\Program Files\ComPlus Applications [30/01/2008|12:21] C:\Program Files\Core Design [26/09/2007|08:29] C:\Program Files\Croteam [20/03/2009|21:38] C:\Program Files\Crypto [21/04/2008|19:04] C:\Program Files\DIFX [08/05/2009|21:20] C:\Program Files\DivX [06/10/2007|23:13] C:\Program Files\DVDVIDEOSOFT [29/10/2007|19:35] C:\Program Files\EA GAMES [14/07/2009|19:27] C:\Program Files\EA SPORTS [05/11/2008|16:52] C:\Program Files\Eidos [14/07/2009|19:27] C:\Program Files\Eidos Interactive [02/02/2008|11:45] C:\Program Files\Electronic Arts [16/12/2008|14:27] C:\Program Files\eMule [23/09/2007|11:00] C:\Program Files\EPSON [18/07/2007|23:10] C:\Program Files\eRightSoft [13/01/2008|20:02] C:\Program Files\Fellowes [08/05/2009|21:20] C:\Program Files\Fichiers communs [28/10/2007|15:56] C:\Program Files\FileZilla Client [24/10/2008|20:53] C:\Program Files\Free Audio Pack [13/07/2009|17:45] C:\Program Files\Free Video Converter [17/01/2009|18:14] C:\Program Files\GameSpy Arcade [16/05/2009|09:21] C:\Program Files\Google [08/05/2009|08:53] C:\Program Files\GT Interactive [08/07/2009|16:21] C:\Program Files\InstallShield Installation Information [30/07/2009|13:08] C:\Program Files\Internet Explorer [23/01/2008|19:53] C:\Program Files\iPod [23/01/2008|19:53] C:\Program Files\iTunes [20/09/2008|08:16] C:\Program Files\JL2005C [08/07/2009|16:21] C:\Program Files\LG Electronics [09/07/2009|14:32] C:\Program Files\LG PC Suite II [20/01/2008|21:16] C:\Program Files\LivePix 1.1 [23/07/2007|22:15] C:\Program Files\Logitech [17/09/2008|14:19] C:\Program Files\LogMeIn [13/01/2008|17:49] C:\Program Files\lphant [18/10/2008|23:04] C:\Program Files\Messenger [26/04/2009|20:04] C:\Program Files\Messenger Plus! Live [10/01/2009|12:47] C:\Program Files\Microsoft [27/06/2007|16:20] C:\Program Files\microsoft frontpage [19/07/2008|20:22] C:\Program Files\Microsoft Games [08/03/2009|12:58] C:\Program Files\Microsoft Money 2005 [26/09/2007|17:00] C:\Program Files\Microsoft Office [19/07/2007|12:57] C:\Program Files\Microsoft Visual Studio [05/10/2007|16:37] C:\Program Files\Microsoft Works [19/07/2007|12:53] C:\Program Files\Microsoft.NET [17/01/2009|17:22] C:\Program Files\Mindscape [08/05/2009|23:47] C:\Program Files\Movie Maker [30/07/2009|15:04] C:\Program Files\Mozilla Firefox [11/03/2009|18:38] C:\Program Files\MSBuild [27/06/2007|16:16] C:\Program Files\MSN [27/06/2007|16:17] C:\Program Files\MSN Gaming Zone [09/07/2009|18:00] C:\Program Files\MSXML 4.0 [30/07/2009|16:34] C:\Program Files\Navilog1 [27/06/2007|18:45] C:\Program Files\Nero [18/10/2008|22:56] C:\Program Files\NetMeeting [15/03/2008|13:54] C:\Program Files\NRJ [27/06/2007|16:17] C:\Program Files\Online Services [08/05/2009|23:47] C:\Program Files\Outlook Express [21/04/2008|19:04] C:\Program Files\PC Connectivity Solution [23/01/2008|19:52] C:\Program Files\QuickTime [08/07/2009|12:56] C:\Program Files\Red Storm Entertainment [11/03/2009|18:37] C:\Program Files\Reference Assemblies [27/06/2007|16:19] C:\Program Files\Services en ligne [18/07/2009|15:59] C:\Program Files\Siber Systems [18/07/2009|16:01] C:\Program Files\Sierra On-Line [16/11/2008|13:15] C:\Program Files\Skype [29/03/2008|19:28] C:\Program Files\THQ [18/01/2009|19:51] C:\Program Files\TrackMania Nations ESWC [18/07/2007|16:09] C:\Program Files\Ubi Soft [18/01/2009|16:44] C:\Program Files\ubi.com [08/01/2009|15:38] C:\Program Files\Ubisoft [27/06/2007|16:29] C:\Program Files\Uninstall Information [01/05/2009|19:09] C:\Program Files\Valve [27/06/2007|18:36] C:\Program Files\VideoLAN [16/12/2008|19:24] C:\Program Files\Windows Live [12/10/2008|10:27] C:\Program Files\Windows Live Safety Center [16/12/2008|18:48] C:\Program Files\Windows Live SkyDrive [15/03/2008|13:55] C:\Program Files\Windows Media Components [10/01/2008|18:49] C:\Program Files\Windows Media Connect 2 [08/05/2009|08:56] C:\Program Files\Windows Media Player [18/10/2008|22:56] C:\Program Files\Windows NT [27/06/2007|16:19] C:\Program Files\WindowsUpdate [28/06/2007|21:06] C:\Program Files\WinRAR [27/06/2007|18:33] C:\Program Files\WinZip [27/06/2007|16:20] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [17/02/2008|14:08] C:\Program Files\Fichiers communs\Adobe [27/06/2007|18:45] C:\Program Files\Fichiers communs\Ahead [01/08/2007|18:10] C:\Program Files\Fichiers communs\Apple [20/09/2008|08:20] C:\Program Files\Fichiers communs\ArcSoft [19/07/2007|12:54] C:\Program Files\Fichiers communs\DESIGNER [15/03/2008|19:36] C:\Program Files\Fichiers communs\DirectX [08/05/2009|21:20] C:\Program Files\Fichiers communs\DivX Shared [06/10/2007|23:13] C:\Program Files\Fichiers communs\DVDVIDEOSOFT [20/07/2007|23:21] C:\Program Files\Fichiers communs\InstallShield [20/07/2007|23:27] C:\Program Files\Fichiers communs\Logitech [08/03/2009|12:01] C:\Program Files\Fichiers communs\Microsoft Shared [18/10/2008|22:42] C:\Program Files\Fichiers communs\Motorola Shared [27/06/2007|16:18] C:\Program Files\Fichiers communs\MSSoap [27/06/2007|18:10] C:\Program Files\Fichiers communs\ODBC [18/01/2009|16:42] C:\Program Files\Fichiers communs\PocketSoft [27/06/2007|16:18] C:\Program Files\Fichiers communs\Services [16/11/2008|13:15] C:\Program Files\Fichiers communs\Skype [27/06/2007|18:10] C:\Program Files\Fichiers communs\SpeechEngines [18/10/2008|22:56] C:\Program Files\Fichiers communs\System [16/12/2008|18:40] C:\Program Files\Fichiers communs\Windows Live [10/01/2008|19:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller --------------------\\ Process ( 53 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-30 16:38:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 40 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:19][D:2]-> C:\DOCUME~1\user\LOCALS~1\Temp [F:208][D:0]-> C:\DOCUME~1\user\Cookies [F:2299][D:8]-> C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 30/07/2009|15:37 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 30/07/2009|16:40 - Option : [2] --------------------\\ Fin du rapport a 16:40:43 Et voilà

Re --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4600+ ) BIOS : BIOS Date: 04/30/07 10:48:15 Ver: 08.00.12 USER : user ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:6 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:232 Go (Free:181 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 30/07/2009|15:35 ) --------------------\\ Listing des dossiers dans APPLIC~1 [17/02/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [01/08/2007|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [01/08/2007|18:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [08/04/2008|19:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Aspyr [24/12/2008|12:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [13/01/2008|20:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations [13/01/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix [13/01/2008|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fellowes [16/05/2009|09:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/04/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations [13/01/2008|19:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe [27/06/2007|18:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [08/03/2009|12:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [15/07/2009|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [27/06/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero [21/04/2008|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite [18/07/2009|15:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm [16/11/2008|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [06/10/2007|22:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP [24/12/2008|17:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Video Converter Studio [11/01/2008|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [10/01/2008|18:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [27/06/2007|16:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [06/01/2008|17:21] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [27/06/2007|16:20] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft [27/06/2007|16:20] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\Adobe [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\Ahead [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\Apple Computer [20/07/2009|16:01] C:\DOCUME~1\user\APPLIC~1\ArcSoft [08/05/2009|21:23] C:\DOCUME~1\user\APPLIC~1\DivX [27/02/2009|20:17] C:\DOCUME~1\user\APPLIC~1\dvdcss [28/10/2007|23:57] C:\DOCUME~1\user\APPLIC~1\FileZilla [08/01/2009|16:04] C:\DOCUME~1\user\APPLIC~1\Gearbox Software [30/07/2009|15:08] C:\DOCUME~1\user\APPLIC~1\Google [26/09/2007|09:17] C:\DOCUME~1\user\APPLIC~1\Help [27/06/2007|16:29] C:\DOCUME~1\user\APPLIC~1\Identities [08/07/2009|16:20] C:\DOCUME~1\user\APPLIC~1\InstallShield [13/01/2008|20:03] C:\DOCUME~1\user\APPLIC~1\InstallShield Installation Information [28/10/2007|16:22] C:\DOCUME~1\user\APPLIC~1\KompoZer [09/07/2009|14:31] C:\DOCUME~1\user\APPLIC~1\LG Electronics [30/01/2008|20:02] C:\DOCUME~1\user\APPLIC~1\Macromedia [18/07/2009|19:10] C:\DOCUME~1\user\APPLIC~1\Microsoft [10/01/2009|13:06] C:\DOCUME~1\user\APPLIC~1\Mozilla [01/12/2008|19:22] C:\DOCUME~1\user\APPLIC~1\Nero [22/04/2008|18:01] C:\DOCUME~1\user\APPLIC~1\Nokia [21/04/2008|19:05] C:\DOCUME~1\user\APPLIC~1\PC Suite [24/12/2008|19:31] C:\DOCUME~1\user\APPLIC~1\Search Settings [04/05/2008|16:27] C:\DOCUME~1\user\APPLIC~1\SecuROM [30/07/2009|15:06] C:\DOCUME~1\user\APPLIC~1\Skype [30/07/2009|10:07] C:\DOCUME~1\user\APPLIC~1\skypePM [18/11/2007|20:38] C:\DOCUME~1\user\APPLIC~1\Talkback [15/03/2008|19:36] C:\DOCUME~1\user\APPLIC~1\THQ [19/11/2007|16:01] C:\DOCUME~1\user\APPLIC~1\Thunderbird [18/01/2009|16:43] C:\DOCUME~1\user\APPLIC~1\ubi.com [27/06/2007|22:00] C:\DOCUME~1\user\APPLIC~1\vlc [28/06/2007|21:06] C:\DOCUME~1\user\APPLIC~1\WinRAR --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [18/07/2009 13:17][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [30/07/2009 14:35][--ah-----] C:\WINDOWS\tasks\SA.DAT [02/03/2006 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [27/06/2007|17:23] C:\Program Files\802.11 Wireless LAN [23/04/2008|09:12] C:\Program Files\Activision [17/02/2008|14:07] C:\Program Files\Adobe [27/06/2007|16:37] C:\Program Files\AMD [27/06/2007|16:36] C:\Program Files\Analog Devices [06/10/2007|22:05] C:\Program Files\AoA Audio Extractor [03/09/2008|19:01] C:\Program Files\Apple Software Update [20/09/2008|08:20] C:\Program Files\ArcSoft [08/04/2008|19:10] C:\Program Files\Aspyr [25/12/2008|00:19] C:\Program Files\AVIConverter [24/12/2008|12:09] C:\Program Files\Avira [18/07/2007|23:10] C:\Program Files\AviSynth 2.5 [18/11/2007|20:35] C:\Program Files\BackupFox [18/10/2008|22:47] C:\Program Files\Common Files [27/06/2007|16:17] C:\Program Files\ComPlus Applications [30/01/2008|12:21] C:\Program Files\Core Design [26/09/2007|08:29] C:\Program Files\Croteam [20/03/2009|21:38] C:\Program Files\Crypto [24/12/2008|19:35] C:\Program Files\Dealio [21/04/2008|19:04] C:\Program Files\DIFX [08/05/2009|21:20] C:\Program Files\DivX [06/10/2007|23:13] C:\Program Files\DVDVIDEOSOFT [29/10/2007|19:35] C:\Program Files\EA GAMES [14/07/2009|19:27] C:\Program Files\EA SPORTS [05/11/2008|16:52] C:\Program Files\Eidos [14/07/2009|19:27] C:\Program Files\Eidos Interactive [02/02/2008|11:45] C:\Program Files\Electronic Arts [16/12/2008|14:27] C:\Program Files\eMule [23/09/2007|11:00] C:\Program Files\EPSON [18/07/2007|23:10] C:\Program Files\eRightSoft [13/01/2008|20:02] C:\Program Files\Fellowes [08/05/2009|21:20] C:\Program Files\Fichiers communs [28/10/2007|15:56] C:\Program Files\FileZilla Client [24/10/2008|20:53] C:\Program Files\Free Audio Pack [13/07/2009|17:45] C:\Program Files\Free Video Converter [17/01/2009|18:14] C:\Program Files\GameSpy Arcade [16/05/2009|09:21] C:\Program Files\Google [08/05/2009|08:53] C:\Program Files\GT Interactive [08/07/2009|16:21] C:\Program Files\InstallShield Installation Information [30/07/2009|13:08] C:\Program Files\Internet Explorer [17/07/2009|17:24] C:\Program Files\InternetGameBox [23/01/2008|19:53] C:\Program Files\iPod [23/01/2008|19:53] C:\Program Files\iTunes [20/09/2008|08:16] C:\Program Files\JL2005C [08/07/2009|16:21] C:\Program Files\LG Electronics [09/07/2009|14:32] C:\Program Files\LG PC Suite II [20/01/2008|21:16] C:\Program Files\LivePix 1.1 [23/07/2007|22:15] C:\Program Files\Logitech [17/09/2008|14:19] C:\Program Files\LogMeIn [13/01/2008|17:49] C:\Program Files\lphant [18/10/2008|23:04] C:\Program Files\Messenger [26/04/2009|20:04] C:\Program Files\Messenger Plus! Live [10/01/2009|12:47] C:\Program Files\Microsoft [27/06/2007|16:20] C:\Program Files\microsoft frontpage [19/07/2008|20:22] C:\Program Files\Microsoft Games [08/03/2009|12:58] C:\Program Files\Microsoft Money 2005 [26/09/2007|17:00] C:\Program Files\Microsoft Office [19/07/2007|12:57] C:\Program Files\Microsoft Visual Studio [05/10/2007|16:37] C:\Program Files\Microsoft Works [19/07/2007|12:53] C:\Program Files\Microsoft.NET [17/01/2009|17:22] C:\Program Files\Mindscape [08/05/2009|23:47] C:\Program Files\Movie Maker [30/07/2009|15:04] C:\Program Files\Mozilla Firefox [11/03/2009|18:38] C:\Program Files\MSBuild [27/06/2007|16:16] C:\Program Files\MSN [27/06/2007|16:17] C:\Program Files\MSN Gaming Zone [09/07/2009|18:00] C:\Program Files\MSXML 4.0 [27/06/2007|18:45] C:\Program Files\Nero [18/10/2008|22:56] C:\Program Files\NetMeeting [15/03/2008|13:54] C:\Program Files\NRJ [27/06/2007|16:17] C:\Program Files\Online Services [08/05/2009|23:47] C:\Program Files\Outlook Express [21/04/2008|19:04] C:\Program Files\PC Connectivity Solution [23/01/2008|19:52] C:\Program Files\QuickTime [08/07/2009|12:56] C:\Program Files\Red Storm Entertainment [11/03/2009|18:37] C:\Program Files\Reference Assemblies [24/12/2008|19:18] C:\Program Files\Search Settings [27/06/2007|16:19] C:\Program Files\Services en ligne [18/07/2009|15:59] C:\Program Files\Siber Systems [18/07/2009|16:01] C:\Program Files\Sierra On-Line [16/11/2008|13:15] C:\Program Files\Skype [29/03/2008|19:28] C:\Program Files\THQ [18/01/2009|19:51] C:\Program Files\TrackMania Nations ESWC [18/07/2007|16:09] C:\Program Files\Ubi Soft [18/01/2009|16:44] C:\Program Files\ubi.com [08/01/2009|15:38] C:\Program Files\Ubisoft [27/06/2007|16:29] C:\Program Files\Uninstall Information [01/05/2009|19:09] C:\Program Files\Valve [27/06/2007|18:36] C:\Program Files\VideoLAN [16/12/2008|19:24] C:\Program Files\Windows Live [12/10/2008|10:27] C:\Program Files\Windows Live Safety Center [16/12/2008|18:48] C:\Program Files\Windows Live SkyDrive [15/03/2008|13:55] C:\Program Files\Windows Media Components [10/01/2008|18:49] C:\Program Files\Windows Media Connect 2 [08/05/2009|08:56] C:\Program Files\Windows Media Player [18/10/2008|22:56] C:\Program Files\Windows NT [27/06/2007|16:19] C:\Program Files\WindowsUpdate [28/06/2007|21:06] C:\Program Files\WinRAR [27/06/2007|18:33] C:\Program Files\WinZip [27/06/2007|16:20] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [17/02/2008|14:08] C:\Program Files\Fichiers communs\Adobe [27/06/2007|18:45] C:\Program Files\Fichiers communs\Ahead [01/08/2007|18:10] C:\Program Files\Fichiers communs\Apple [20/09/2008|08:20] C:\Program Files\Fichiers communs\ArcSoft [19/07/2007|12:54] C:\Program Files\Fichiers communs\DESIGNER [15/03/2008|19:36] C:\Program Files\Fichiers communs\DirectX [08/05/2009|21:20] C:\Program Files\Fichiers communs\DivX Shared [06/10/2007|23:13] C:\Program Files\Fichiers communs\DVDVIDEOSOFT [20/07/2007|23:21] C:\Program Files\Fichiers communs\InstallShield [20/07/2007|23:27] C:\Program Files\Fichiers communs\Logitech [08/03/2009|12:01] C:\Program Files\Fichiers communs\Microsoft Shared [18/10/2008|22:42] C:\Program Files\Fichiers communs\Motorola Shared [27/06/2007|16:18] C:\Program Files\Fichiers communs\MSSoap [27/06/2007|18:10] C:\Program Files\Fichiers communs\ODBC [18/01/2009|16:42] C:\Program Files\Fichiers communs\PocketSoft [27/06/2007|16:18] C:\Program Files\Fichiers communs\Services [16/11/2008|13:15] C:\Program Files\Fichiers communs\Skype [27/06/2007|18:10] C:\Program Files\Fichiers communs\SpeechEngines [18/10/2008|22:56] C:\Program Files\Fichiers communs\System [16/12/2008|18:40] C:\Program Files\Fichiers communs\Windows Live [10/01/2008|19:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller --------------------\\ Process ( 52 Processes ) iexplore.exe ~ [PID:1496] iexplore.exe ~ [PID:724] iexplore.exe ~ [PID:2816] iexplore.exe ~ [PID:2912] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_42d2.tmp C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_6565.tmp C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_72e6.tmp C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_916c.tmp C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_a4ab.tmp C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_dff3.tmp C:\DOCUME~1\user\LOCALS~1\Temp\msgpl_f552.tmp C:\DOCUME~1\user\LOCALS~1\Temp\Start.exe C:\DOCUME~1\user\Cookies\user@advertstream[1].txt C:\DOCUME~1\user\Cookies\user@d2.advertserve[1].txt C:\DOCUME~1\user\Cookies\user@advertising[1].txt C:\DOCUME~1\user\Cookies\user@bigpoint[1].txt C:\DOCUME~1\user\Cookies\user@fr.deepolis.bigpoint[1].txt C:\DOCUME~1\user\Cookies\user@2xmoinscher[1].txt C:\DOCUME~1\user\Cookies\user@cc.2xmoinscher[2].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-30 15:35:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 40 --------------------\\ Recherche d'autres infections C:\Program Files\InternetGameBox C:\Program Files\InternetGameBox\language C:\Program Files\InternetGameBox\ressources C:\Program Files\InternetGameBox\skins C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii.dat C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii.exe C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii_nav.dat C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii_navps.dat ==> EGDACCESS <== [F:3865][D:206]-> C:\DOCUME~1\user\LOCALS~1\Temp [F:215][D:0]-> C:\DOCUME~1\user\Cookies [F:2127][D:8]-> C:\DOCUME~1\user\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 30/07/2009|15:37 - Option : [1] --------------------\\ Fin du rapport a 15:37:19 -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon 64 X2 Dual Core Processor 4600+ ) BIOS : BIOS Date: 04/30/07 10:48:15 Ver: 08.00.12 USER : user ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:74 Go (Free:6 Go) D:\ (CD or DVD) E:\ (Local Disk) - NTFS - Total:232 Go (Free:181 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [1] ( 30/07/2009|15:40 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\Program Files\Dealio C:\Program Files\Dealio\kb127 C:\DOCUME~1\user\APPLIC~1\Search Settings C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127 C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\res C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp C:\DOCUME~1\user\APPLIC~1\Search Settings\kb127\temp\ws-14455.log C:\Program Files\Search Settings C:\Program Files\Search Settings\kb127 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Search Settings\kb127\res C:\Program Files\Search Settings\kb127\SearchSettings.dll C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll C:\Program Files\Search Settings\kb127\temp -----------\\ Extensions (user) - {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} => forecastfox (user) - {22119944-ED35-4ab1-910B-E619EA06A115} => roboform (user) - {3502a070-ea2f-11dd-ba2f-0800200c9a66} => minimizetotray (user) - {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} => ipv6ident (user) - {4BBDD651-70CF-4821-84F8-2B918CF89CA3} => febe (user) - {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF} => walnut (user) - {77e8295d-7048-8367-1c67-378537c06d74} => phplangeditor (user) - {89506680-e3f4-484c-a2c0-ed711d481eda} => showcase (user) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper (user) - {DA3A89AB-2DCA-4a29-8FEA-3C9E79BBF113} => pagerankstatus (user) - {dc572301-7619-498c-a57d-39143191b318} => tabmixplus (user) - {dd30bf68-268a-4815-ad48-8740b774c764} => redcats_green (user) - {EF522540-89F5-46b9-B6FE-1829E2B572C6} => googlepreview (user) - {fce36c1e-58d8-498a-b2a5-66ad1cedebbb} => customizegoogle (user) - {0b62b504-857c-4f62-a336-2e8425bd5738} => quotecollapse (user) - {28BA62BF-022B-44a3-88BC-D2112DDB7D58} => atbcc_button (user) - {31513E58-F253-47ad-86DB-D5F21E905429} => minimizetotray (user) - {554c2c30-935c-11d9-9669-0800200c9a66} => mailtagger (user) - {78136133-1994-415a-8d30-69d505d924fc} => deletejunk (user) - {83d1f945-8280-11db-96a7-00e08161165f} => thunderbayes (user) - {90bcd2b0-08f1-4db8-a136-8263c3f89cc8} => worldweatherplus (user) - {90ceaf60-169c-40fb-b224-7204488f061d} => attbytes (user) - {9A537591-D2A6-4e53-8FE1-F76AB00D5597} => quickreply (user) - {aaf23341-212c-43c4-8824-e51cfe051345} => templateloader (user) - {b243fe83-b8a7-47de-855d-21d865243d5d} => folderpane (user) - {de1b245c-de57-11da-ba2d-0050c2490048} => minimize (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ca (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-cs (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-da (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-de (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-en-US (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-AR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-es-ES (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-eu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-fr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ga-IE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-hu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-it (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ka (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-lt (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-mk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nb-NO (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-nl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pa-IN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-BR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-pt-PT (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-ru (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-sv-SE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-tr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar-zh-CN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => calendar (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ca (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-cs (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-da (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-de (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-en-US (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-AR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-es-ES (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-eu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-fr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ga-IE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-hu (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-it (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ka (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-lt (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-mk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nb-NO (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-nl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pa-IN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-BR (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-pt-PT (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-ru (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sk (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sl (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-sv-SE (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-tr (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning-zh-CN (user) - {e2fda1a4-762b-4020-b5ad-a41df1933103} => lightning (user) - {F3A60010-0E28-4503-B4AA-0E5F90275F77} => walnut_for_thunderbird_1.5_and_2.0-1.7.18-tb -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://meteo-pont-saint-mard.com/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page Redirect Cache"="http://fr.msn.com/?ocid=iehp" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" --------------------\\ Recherche d'autres infections C:\Program Files\InternetGameBox C:\Program Files\InternetGameBox\language C:\Program Files\InternetGameBox\ressources C:\Program Files\InternetGameBox\skins C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Conditions g‚n‚rales.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Confidentialit‚.url C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\D‚sinstaller.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\InternetGameBox.lnk C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\InternetGameBox\Website.url C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii.dat C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii.exe C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii_nav.dat C:\DOCUME~1\user\LOCALS~1\APPLIC~1\qmaii_navps.dat ==> EGDACCESS <== 1 - "C:\ToolBar SD\TB_1.txt" - 30/07/2009|15:40 - Option : [1] -----------\\ Fin du rapport a 15:40:38,09 Voila les 2 rapports Merci de cette rapidité Licke

Bonjour Un probleme avec TR/Fakealert.aft Si vous pouviez me donner un petit coup de main Ci-joint rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:18:43, on 30/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Documents and Settings\user\Application Data\Google\edpgz16420882.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\program files\valve\steam\steam.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\LZ73580N\HiJackThis[1].exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://meteo-pont-saint-mard.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Thunderbird] "f:\Mozilla Thunderbird\thunderbird.exe" O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 5.0\SetHook.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [realteks] "C:\Documents and Settings\user\Application Data\Google\edpgz16420882.exe" 2 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [qmaii] "c:\documents and settings\user\local settings\application data\qmaii.exe" qmaii O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 10226 bytes En vous remerciant par avance Licke

Re Merci de m'avoir aider si gentillement et si vite. Je vais suivre tes conseils bien que j'en appliquais dejà la plupart. Les bons conseils sont toujours bons à prendre. Je dis toujours que l'on apprend tous les jours mais là, j'ai vraiment appris des choses interressantes sans blabla, avec modestie & gentillesse. En tout cas bonne continuation et longue vie à ce site. Merci encore

Re Aucun virus ou autre logiciel malveillant n'a été détecté ! Merci de tout ce bon travail

Re Rapport Spy Sweeper: 10:26: Removal process completed. Elapsed time 00:00:02 10:26: Warning: Virus infected file h:\util_17\adaware\lovepromover\lopremover.exe not cleaned. 10:26: Quarantining All Traces: Troj/Swizz-Fam 10:26: Quarantining All Traces: download plugin 10:26: Removal process initiated 10:26: Traces Found: 2 10:26: Custom Sweep has completed. Elapsed time 00:40:44 10:26: File Sweep Complete, Elapsed Time: 00:39:30 10:26: Warning: Failed to access drive I: 10:12: lopremover.exe (ID = 0) 10:12: Found Troj/Swizz-Fam: Troj/Swizz-Fam 10:08: Warning: Failed to access drive G: 10:08: Warning: Failed to access drive F: 10:05: Warning: AntiVirus engine returned [File Corrupted] on [d:\msdownld.tmp] 10:05: Warning: AntiVirus engine returned [File Corrupted] on [d:\recycler\s-1-5-21-776561741-117609710-682003330-1003] 10:05: Warning: AntiVirus engine returned [File Corrupted] on [d:\recycler] 10:05: Warning: AntiVirus engine returned [File Corrupted] on [d:\system volume information] 10:05: Warning: Failed to open file "d:\msdownld.tmp". Opération réussie 10:05: Warning: Failed to open file "d:\recycler\s-1-5-21-776561741-117609710-682003330-1003". Opération réussie 10:05: Warning: Failed to open file "d:\recycler". Opération réussie 10:05: Warning: Failed to open file "d:\system volume information". Opération réussie 09:59: Warning: AntiVirus engine returned [Access Denied] on [c:\pagefile.sys] 09:47: Starting File Sweep 09:47: Warning: Failed to access drive A: 09:47: Cookie Sweep Complete, Elapsed Time: 00:00:00 09:47: Starting Cookie Sweep 09:46: Registry Sweep Complete, Elapsed Time:00:00:07 09:46: HKU\S-1-5-21-1220945662-507921405-839522115-1003\software\download plugin\ (ID = 1569536) 09:46: Found Adware: download plugin 09:46: Starting Registry Sweep 09:46: Memory Sweep Complete, Elapsed Time: 00:00:57 09:45: Starting Memory Sweep 09:45: Sweep initiated using definitions version 837 09:45: Spy Sweeper 5.2.3.2138 started 09:45: | Start of Session, samedi 13 janvier 2007 | ******** 09:45: | End of Session, samedi 13 janvier 2007 | 09:45: Program Version 5.2.3.2138 Using Spyware Definitions 837 09:45: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 12/01/2007 20:58:00 (GMT) 09:41: Your virus definitions have been updated. 09:41: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 12/01/2007 20:58:00 (GMT) 09:41: Your spyware definitions have been updated. 09:40: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 09:34: Shield States 09:34: Spyware Definitions: 816 09:34: Warning: Virus definitions files are invalid, please update your virus definitions. 220 09:34: Spy Sweeper 5.2.3.2138 started 09:23: | End of Session, samedi 13 janvier 2007 | Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 09:21: Shield States 09:21: Warning: Virus definitions files are invalid, please update your virus definitions. 220 09:21: Spyware Definitions: 837 09:20: Spy Sweeper 5.2.3.2138 started 08:42: | End of Session, samedi 13 janvier 2007 | 08:42: Program Version 5.2.3.2138 Using Spyware Definitions 837 08:42: Warning: Virus definitions files are invalid, please update your virus definitions. 220 07:46: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 07:41: Shield States 07:40: Spyware Definitions: 816 07:40: Warning: Virus definitions files are invalid, please update your virus definitions. 220 07:39: Spy Sweeper 5.2.3.2138 started 07:39: Spy Sweeper 5.2.3.2138 started 07:39: | Start of Session, samedi 13 janvier 2007 | ******** 09:06: Traces Found: 1 09:06: Custom Sweep has completed. Elapsed time 00:23:31 09:06: File Sweep Complete, Elapsed Time: 00:22:24 09:06: Warning: Failed to access drive I: 08:54: Warning: Failed to access drive G: 08:54: Warning: Failed to access drive F: 08:52: Warning: Failed to open file "d:\msdownld.tmp". Opération réussie 08:52: Warning: Failed to open file "d:\recycler\s-1-5-21-776561741-117609710-682003330-1003". Opération réussie 08:52: Warning: Failed to open file "d:\recycler". Opération réussie 08:52: Warning: Failed to open file "d:\system volume information". Opération réussie 08:43: Starting File Sweep 08:43: Warning: Failed to access drive A: 08:43: Cookie Sweep Complete, Elapsed Time: 00:00:00 08:43: Starting Cookie Sweep 08:43: Registry Sweep Complete, Elapsed Time:00:00:07 08:43: HKU\S-1-5-21-1220945662-507921405-839522115-1003\software\download plugin\ (ID = 1569536) 08:43: Found Adware: download plugin 08:43: Starting Registry Sweep 08:43: Memory Sweep Complete, Elapsed Time: 00:00:51 08:42: Starting Memory Sweep 08:42: Warning: Files are not scanned for viruses because AV engine failed to load. 08:42: Sweep initiated using definitions version 837 08:42: Spy Sweeper 5.2.3.2138 started 08:42: | Start of Session, samedi 13 janvier 2007 | ******** 09:27: | End of Session, samedi 13 janvier 2007 | 09:26: Access to Hosts file allowed for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE 09:25: Your definitions are up to date. 09:23: None 09:23: Traces Found: 0 09:23: Memory Sweep Complete, Elapsed Time: 00:00:05 09:23: Sweep Canceled 09:23: Starting Memory Sweep 09:23: Start Full Sweep 09:23: Sweep initiated using definitions version 837 09:23: Spy Sweeper 5.2.3.2138 started 09:23: | Start of Session, samedi 13 janvier 2007 | ******** 09:27: None 09:27: Traces Found: 0 09:27: Memory Sweep Complete, Elapsed Time: 00:00:05 09:27: Sweep Canceled 09:27: Starting Memory Sweep 09:27: Start Full Sweep 09:27: Sweep initiated using definitions version 837 09:27: Spy Sweeper 5.2.3.2138 started 09:27: | Start of Session, samedi 13 janvier 2007 | ******** Rapport HiJack : Logfile of HijackThis v1.99.1 Scan saved at 10:32:54, on 13/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe D:\Foxmail\Foxmail.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe" O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Foxmail] "D:\Foxmail\Foxmail.exe" -min O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Je peux enlever ts les logiciels installés ? AVG Spy etc...

Rapport Panda Incident Statut Analyse Adware:adware/savenow No Désinfecté Registre Windows Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.xiti.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.weborama.fr/] Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.advertising.com/] Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.fastclick.net/] Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[media.fastclick.net/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/adultfriendfinder No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.adultfriendfinder.com/] Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.adtech.de/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Tribalfusion No Désinfecté C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt[.tribalfusion.com/] Adware:Adware/Lop No Désinfecté C:\Documents and Settings\winxp\Local Settings\Temp\bis7F.exe Adware:Adware/Lop No Désinfecté C:\Documents and Settings\winxp\Local Settings\Temp\bis81.exe Adware:Adware/Lop No Désinfecté H:\UTIL_17\Adaware\Lovepromover\lopremover.zip[lopremover.exe] Adware:Adware/Lop No Désinfecté H:\UTIL_17\Adaware\Lovepromover\lopremover.exe Virus:Trj/Downloader.LYT No Désinfecté H:\1\npdlplug-1.5.0.1-0147-setup.exe[DlPlugin-Moz\buddy.exe] Adware:Adware/DLPlugin No Désinfecté H:\1\npdlplug-1.5.0.1-0147-setup.exe[DlPlugin-Moz\npdlplug.dll] Adware:Adware/DLPlugin No Désinfecté H:\1\npdlplug-1.5.0.1-0147-setup.exe[DlPlugin-Moz\setup2.exe] Virus:Trj/Spyforms.H Désinfecté H:\_SITE_LUC\_Sauvegarde bases\Royal Annuaire\backup-Nov-24-2006-1.tar.gz[H:\_SITE_LUC\_Sauvegarde bases\Royal Annuaire\backup-Nov-24-2006-1.tar][backup/royal-annuaire.com/email/data/pop/admin][37679041.pdf.zip][37679041.pdf.exe]

Re Rapport HiJack Logfile of HijackThis v1.99.1 Scan saved at 21:33:50, on 12/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe D:\Foxmail\Foxmail.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Foxmail] D:\Foxmail\Foxmail.exe -min O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Le rapport Panda est en route.Je l'envoie après. En tout cas, pour l'instant, tout a l'air de bien aller. IL n'y a plus de fenetres qui s'ouvrent. Merci beaucoup pour ce service.

Re Rapport Findlop : [TRACE] Enumerating jobs and queues [TRACE] Activating job 'A3F5952291BE127E.job' [TRACE] Printing all job properties ApplicationName: 'c:\docume~1\winxp\applic~1\global~1\NEW THIRD TIME.exe' Parameters: '' WorkingDirectory: '' Comment: '' Creator: 'winxp' Priority: NORMAL MaxRunTime: 259200000 (3d 0:00:00) IdleWait: 10 IdleDeadline: 60 MostRecentRun: 01/12/2007 20:00:00 NextRun: 01/12/2007 21:00:00 StartError: S_OK ExitCode: 0 Status: SCHED_S_TASK_READY ScheduledWorkItem Flags: DeleteWhenDone = 0 Suspend = 0 StartOnlyIfIdle = 0 KillOnIdleEnd = 0 RestartOnIdleResume = 0 DontStartIfOnBatteries = 0 KillIfGoingOnBatteries = 0 RunOnlyIfLoggedOn = 1 SystemRequired = 0 Hidden = 1 TaskFlags: 0 1 Trigger Trigger 0: Type: Daily DaysInterval: 1 StartDate: 06/13/1999 EndDate: 00/00/0000 StartTime: 00:00 MinutesDuration: 1440 MinutesInterval: 60 Flags: HasEndDate = 0 KillAtDuration = 0 Disabled = 0

Re Rapport Lfiles C:\Documents and Settings\winxp\applic~1\Global Delete Ping\1D485204 -->11/01/2007 22:05:03 C:\Documents and Settings\winxp\applic~1\Global Delete Ping\NEW THIRD TIME.exe -->11/01/2007 22:05:02 C:\Documents and Settings\winxp\applic~1\Global Delete Ping\ipzmjpbk.exe -->11/01/2007 22:04:59 C:\Documents and Settings\winxp\applic~1\Global Delete Ping\IntraDead.exe -->11/01/2007 22:04:41 C:\Documents and Settings\winxp\applic~1\Global Delete Ping\xcpgafjm.exe -->11/01/2007 22:00:49 C:\Documents and Settings\winxp\applic~1\desktop.ini -->11/01/2007 20:30:52 Licke

Ca y est. Tout est fait. Rapport AVG Anti-Spyware : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 18:44:05 12/01/2007 + Résultat de l'analyse: C:\System Volume Information\_restore{CA8BFD89-09C8-464A-8174-55D1D988B6F2}\RP15\A0000884.dll -> Adware.PluginDL : Ignoré. C:\System Volume Information\_restore{CA8BFD89-09C8-464A-8174-55D1D988B6F2}\RP15\A0000892.exe -> Adware.PluginDL : Ignoré. C:\System Volume Information\_restore{CA8BFD89-09C8-464A-8174-55D1D988B6F2}\RP15\A0000893.dll -> Adware.PluginDL : Ignoré. E:\_Sites luc\Royale-safeliste\template\faq.php -> Backdoor.Rst.h : Nettoyé et sauvegardé (mise en quarantaine). D:\System Volume Information\_restore{D9366446-EE0B-497C-9DBC-69CDAEE84D37}\RP177\A0020670.exe -> Downloader.Small.bws : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.205:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.206:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.328:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\winxp\Cookies\winxp@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.322:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.352:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.219:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.220:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\winxp\Cookies\winxp@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.56:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.57:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.58:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.59:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.55:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.54:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.40:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.187:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Casinoking : Nettoyé. :mozilla.188:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Casinoking : Nettoyé. :mozilla.365:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.262:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.263:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.264:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\winxp\Cookies\winxp@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.133:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.130:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.46:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.36:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.37:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.38:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.39:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.138:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé. :mozilla.139:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Goclick : Nettoyé. :mozilla.49:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.226:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.227:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.42:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.43:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.44:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\winxp\Cookies\winxp@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.53:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.323:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Targetnet : Nettoyé. :mozilla.324:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Targetnet : Nettoyé. :mozilla.325:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Targetnet : Nettoyé. :mozilla.51:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.52:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.198:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.29:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.30:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.31:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.33:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.34:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\winxp\Cookies\winxp@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.321:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\winxp\Cookies\winxp@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.265:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.266:C:\Documents and Settings\winxp\Application Data\Mozilla\Firefox\Profiles\qdg1kawy.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Rapport Blacklight: 01/12/07 18:49:36 [info]: BlackLight Engine 1.0.55 initialized 01/12/07 18:49:36 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/12/07 18:49:36 [Note]: 7019 4 01/12/07 18:49:36 [Note]: 7005 0 01/12/07 18:49:37 [Note]: 7006 0 01/12/07 18:49:37 [Note]: 7011 1512 01/12/07 18:49:37 [Note]: 7026 0 01/12/07 18:49:37 [Note]: 7026 0 01/12/07 18:49:40 [Note]: FSRAW library version 1.7.1021 01/12/07 18:50:05 [Note]: 7007 0 Rapport HiJack : Logfile of HijackThis v1.99.1 Scan saved at 18:59:07, on 12/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe D:\Foxmail\Foxmail.exe C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Logitech\Video\FxSvr2.exe c:\progra~1\intern~1\iexplore.exe C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [bat face meow owns] C:\Documents and Settings\All Users\Application Data\DVD SIZE BAT FACE\trans global.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [Foxmail] D:\Foxmail\Foxmail.exe -min O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [PlatformBold] C:\DOCUME~1\winxp\APPLIC~1\GLOBAL~1\IntraDead.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Merci Licke