lauriara

Et voilà blacklight: 01/14/07 21:51:31 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 21:51:31 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 21:51:31 [Note]: 7019 4 01/14/07 21:51:31 [Note]: 7005 0 01/14/07 21:51:34 [Note]: 7006 0 01/14/07 21:51:34 [Note]: 7011 1284 01/14/07 21:51:34 [Note]: 7026 0 01/14/07 21:51:35 [Note]: 7026 0 01/14/07 21:51:44 [Note]: FSRAW library version 1.7.1021 01/14/07 21:58:12 [Note]: 7007 0 Bon,cinq minutes que je suis connectée sans une seule intrusion!!!quel plaisir!!! Ce fut un plaisir de passer la journée avec toi,Bruce Lee,merci beaucoup!

voilà killbox : ocket Killbox version 2.0.0.881 Running on Windows XP as user(Administrator) was started @ dimanche, janvier 14, 2007, 5:35 PM # 1 [Delete on Reboot] Path = C:\windows\system32\qatroyw.exe c:\WINDOWS\system32\qatroyw_nav.dat c:\WINDOWS\system32\qatroyw.dat c:\WINDOWS\system32\qatroyw_navps.dat PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:37:33 PM Killbox Closed(Exit) @ 5:38:08 PM Voilà hijackthisLogfile of HijackThis v1.99.1 Scan saved at 17:42:45, on 14/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1155303693\ee\AOLSoftware.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TrayMin315.exe.lnk = ? O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe et voilà AVG:--------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 17:33:04 14/01/2007 + Résultat de l'analyse: C:\WINDOWS\system32\prosvsys.exe -> Dialer.InstantAccess.ai : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\prodsrvs.exe -> Dialer.InstantAccess.ak : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\user\Cookies\user@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\user\Cookies\user@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\user\Cookies\user@aolfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\user\Cookies\user@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\user\Cookies\user@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\user\Cookies\user@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\user\Cookies\user@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\user\Cookies\user@adtech[3].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\user\Cookies\user@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\user\Cookies\user@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\user\Cookies\user@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\user\Cookies\user@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\user\Cookies\user@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\user\Cookies\user@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\user\Cookies\user@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyé. C:\Documents and Settings\user\Cookies\user@casinotropez[2].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\user\Cookies\user@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé. C:\Documents and Settings\user\Cookies\user@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\user\Cookies\user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\user\Cookies\user@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\user\Cookies\user@estat[2].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\user\Cookies\user@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\user\Cookies\user@fastclick[3].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\user\Cookies\user@banner.grandonline[2].txt -> TrackingCookie.Grandonline : Nettoyé. C:\Documents and Settings\user\Cookies\user@grandonline[2].txt -> TrackingCookie.Grandonline : Nettoyé. C:\Documents and Settings\user\Cookies\user@ehg-franceloisirs.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\user\Cookies\user@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\user\Cookies\user@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyé. C:\Documents and Settings\user\Cookies\user@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé. C:\Documents and Settings\user\Cookies\user@linksynergy[1].txt -> TrackingCookie.Linksynergy : Nettoyé. C:\Documents and Settings\user\Cookies\user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\user\Cookies\user@mediaplex[3].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\user\Cookies\user@overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\user\Cookies\user@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\user\Cookies\user@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyé. C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\user\Cookies\user@stats1.reliablestats[3].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\user\Cookies\user@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\user\Cookies\user@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\user\Cookies\user@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\user\Cookies\user@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\user\Cookies\user@spylog[2].txt -> TrackingCookie.Spylog : Nettoyé. C:\Documents and Settings\user\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé. C:\Documents and Settings\user\Cookies\user@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\user\Cookies\user@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\user\Cookies\user@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé. C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé. C:\Documents and Settings\user\Cookies\user@www.vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé. C:\Documents and Settings\user\Cookies\user@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\user\Cookies\user@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\user\Cookies\user@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\user\Cookies\user@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Voili,voilou...

hello bruce lee,voici le rapport blacklight: 01/14/07 15:37:44 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 15:37:44 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 15:37:44 [Note]: 7019 4 01/14/07 15:37:44 [Note]: 7005 0 01/14/07 15:38:04 [Note]: 7006 0 01/14/07 15:38:04 [Note]: 7011 1288 01/14/07 15:38:05 [Note]: 7026 0 01/14/07 15:38:05 [Note]: 7026 0 01/14/07 15:38:05 [Note]: 7024 3 01/14/07 15:38:05 [info]: Hidden process: C:\windows\system32\qatroyw.exe 01/14/07 15:38:13 [Note]: FSRAW library version 1.7.1021 01/14/07 15:42:49 [info]: Hidden file: c:\WINDOWS\system32\qatroyw.dat 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:49 [info]: Hidden file: C:\windows\system32\qatroyw.exe 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:49 [info]: Hidden file: c:\WINDOWS\system32\qatroyw_nav.dat 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:50 [info]: Hidden file: c:\WINDOWS\system32\qatroyw_navps.dat 01/14/07 15:42:50 [Note]: 10002 1 01/14/07 15:52:39 [Note]: 7007 0 et voilà hijack this Logfile of HijackThis v1.99.1 Scan saved at 16:00:49, on 14/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\AOL\1155303693\ee\AOLSoftware.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\AOL Compagnon\companion.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1155303693\ee\AOLSoftware.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TrayMin315.exe.lnk = ? O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab01/14/07 15:37:44 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 15:37:44 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 15:37:44 [Note]: 7019 4 01/14/07 15:37:44 [Note]: 7005 0 01/14/07 15:38:04 [Note]: 7006 0 01/14/07 15:38:04 [Note]: 7011 1288 01/14/07 15:38:05 [Note]: 7026 0 01/14/07 15:38:05 [Note]: 7026 0 01/14/07 15:38:05 [Note]: 7024 3 01/14/07 15:38:05 [info]: Hidden process: C:\windows\system32\qatroyw.exe 01/14/07 15:38:13 [Note]: FSRAW library version 1.7.1021 01/14/07 15:42:49 [info]: Hidden file: c:\WINDOWS\system32\qatroyw.dat 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:49 [info]: Hidden file: C:\windows\system32\qatroyw.exe 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:49 [info]: Hidden file: c:\WINDOWS\system32\qatroyw_nav.dat 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:50 [info]: Hidden file: c:\WINDOWS\system32\qatroyw_navps.dat 01/14/07 15:42:50 [Note]: 10002 1 01/14/07 15:52:39 [Note]: 7007 001/14/07 15:37:44 [info]: BlackLight Engine 1.0.55 initialized 01/14/07 15:37:44 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/14/07 15:37:44 [Note]: 7019 4 01/14/07 15:37:44 [Note]: 7005 0 01/14/07 15:38:04 [Note]: 7006 0 01/14/07 15:38:04 [Note]: 7011 1288 01/14/07 15:38:05 [Note]: 7026 0 01/14/07 15:38:05 [Note]: 7026 0 01/14/07 15:38:05 [Note]: 7024 3 01/14/07 15:38:05 [info]: Hidden process: C:\windows\system32\qatroyw.exe 01/14/07 15:38:13 [Note]: FSRAW library version 1.7.1021 01/14/07 15:42:49 [info]: Hidden file: c:\WINDOWS\system32\qatroyw.dat 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:49 [info]: Hidden file: C:\windows\system32\qatroyw.exe 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:49 [info]: Hidden file: c:\WINDOWS\system32\qatroyw_nav.dat 01/14/07 15:42:49 [Note]: 10002 1 01/14/07 15:42:50 [info]: Hidden file: c:\WINDOWS\system32\qatroyw_navps.dat 01/14/07 15:42:50 [Note]: 10002 1 01/14/07 15:52:39 [Note]: 7007 0 O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

bonjour,l'ordi est envahi par la pub de "drive cleaner "et "systemdoctor",j'ai scanné en mode sans echec avec antivir,mais ça continu,alors je poste mon rapport hijack,si quelqu'un peut m'aider...!Merci par avanceLogfile of HijackThis v1.99.1 Scan saved at 12:18:12, on 14/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\AOL\1155303693\ee\AOLSoftware.exe C:\WINDOWS\Mixer.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Philips\Philips SPC315NC Webcam\TrayMin315.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\AOL Compagnon\companion.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1155303693\ee\AOLSoftware.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [update] C:\Program Files\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [instant Access] C:\WINDOWS\system32\prodsrvs.exe /res O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: TrayMin315.exe.lnk = ? O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} - http://scripts.dlv4.com/binaries/egaccess4..._1069_em_XP.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} - http://scripts.dlv4.com/binaries/egaccess4..._1068_em_XP.cab O16 - DPF: {5FD9726A-4977-449D-8352-25FDD8A510B5} - http://scripts.dlv4.com/binaries/egaccess4..._1067_em_XP.cab O16 - DPF: {87DB35BC-9DB6-11D3-9356-00A0C9B760DB} (Rte Documat DataTable Control) - http://cabs.rte.fr/RteDataTableMFC.cab O16 - DPF: {981D847D-2C06-4FB7-A09C-4F0A48601B2C} (DiagSetup Class) - http://techcity.aol.fr/download/img/DiagSetup.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://scripts.dlv4.com/binaries/egaccess4..._1070_em_XP.cab O16 - DPF: {AD7A67A5-5461-4B6B-A9C5-09DD071527F5} (MCLPhoto_Upload.PhotoUpload) - http://auchan.fujifilmnet.com/MCLPhoto.CAB O16 - DPF: {D6ED542B-6339-11D2-91A8-00A0C9B760DB} (RteDocumatDoc Control) - http://cabs.rte.fr/RteAllCabsMFC.cab O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe