yamsos
-
Compteur de contenus
16 -
Inscription
-
Dernière visite
yamsos's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
RE Merci je n ai plus de pub Rapport ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT 2007-06-21 20:58 Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 21/06/2007 Enregistrements dans la base antivirus Kaspersky : 329038 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: C:\ D:\ E:\ Statistiques de l'analyse: Total d'objets analysés: 52359 Nombre de virus trouvés: 1 Nombre d'objets infectés: 4 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 01:18:06 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Media Ce.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{A9D5DAA6-62E7-469B-A8E7-482F28A3E4ED}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{3285F874-45A4-485D-BCD3-4A6721991883}.crmlog L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_768.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_b18.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temp\Perflib_Perfdata_424.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temp\~DF9526.tmp L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temp\Perflib_Perfdata_6b0.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temp\Perflib_Perfdata_14ec.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temp\Perflib_Perfdata_14dc.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Application Data\ApplicationHistory\ePower_DMC.exe.3ca0acde.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Application Data\ApplicationHistory\Acer.Empowering.Framework.Launcher.exe.7c55249b.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\chaabi\Application Data\Sun\Java\Deployment\cache\6.0\23\1d19b497-408e04dd/BaaaaBaa.class Infecté : Trojan.Java.ClassLoader.ao ignoré C:\Documents and Settings\chaabi\Application Data\Sun\Java\Deployment\cache\6.0\23\1d19b497-408e04dd/VaaaaaaaBaa.class Infecté : Trojan.Java.ClassLoader.ao ignoré C:\Documents and Settings\chaabi\Application Data\Sun\Java\Deployment\cache\6.0\23\1d19b497-408e04dd/Baaaaa.class Infecté : Trojan.Java.ClassLoader.ao ignoré C:\Documents and Settings\chaabi\Application Data\Sun\Java\Deployment\cache\6.0\23\1d19b497-408e04dd ZIP: infecté - 3 ignoré C:\Documents and Settings\chaabi\ntuser.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\inuse.txt L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\main.log L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\storydb.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chn.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_die.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_die.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_dnd.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_ext.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_ext.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_rcv.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\cache.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\fsbwupst.log L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\storydb.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chn.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_dnd.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs_rcv.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\prs.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\L0000003.FCS L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chandir.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\chandir.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\backweb\361343\Users\Default\Data\D0000000.FCS L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\Common\admin.pub L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\Common\policy.ipf L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\Common\policy.bpf L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\Anti-Virus\perf.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe.Qrt.log L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\Anti-Virus\dbupdate.log L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\csdk\Stlst\StatListDb.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\csdk\Stlst\StatListDb.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\domainNames.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\domainNames.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\urlCacheDb.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\csdk\urlcache\urlCacheDb.idx L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\logs\fspcwli.dat L'objet est verrouillé ignoré C:\Program Files\Pack Sécurité\FSPC\logs\fspcwld.dat L'objet est verrouillé ignoré C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP4\A0018279.exe L'objet est verrouillé ignoré C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP4\change.log L'objet est verrouillé ignoré Analyse terminée.
-
Bonjour bruce, --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 23:16 2007-06-20 + Résultat de l'analyse: C:\Downloads\SuperPower2-dm[1].exe -> Adware.Trymedia : Nettoyé et sauvegardé (mise en quarantaine). C:\FOUND.005\FILE0318.CHK -> Not-A-Virus.Downloader.Win32.WinFixer.m : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\kdorr.exe -> Trojan.DNSChanger.bf : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport ComboFix 07-06-13.7 - C:\Documents and Settings\chaabi\Bureau\ComboFix.exe "chaabi" - 2007-06-21 18:54:26 - Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-05-21 to 2007-06-21 ))))))))))))))))))))))))))))))) 2007-06-20 23:20 <REP> d--hs---- C:\FOUND.026 2007-06-20 21:20 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-06-20 14:32 <REP> d--hs---- C:\FOUND.025 2007-06-19 22:26 <REP> d--hs---- C:\FOUND.024 2007-06-19 18:48 7,461 --a------ C:\dnsbak.reg 2007-06-19 14:11 <REP> d--hs---- C:\FOUND.023 2007-06-18 21:29 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 09:02 <REP> d--hs---- C:\FOUND.022 2007-06-17 20:06 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-07 11:02 <REP> d--hs---- C:\FOUND.021 2007-06-03 21:26 <REP> d--hs---- C:\FOUND.020 2007-05-29 19:01 <REP> d-------- C:\Program Files\PacificPoker 2007-05-23 18:49 <REP> d-------- C:\Program Files\CCleaner 2007-05-21 19:25 <REP> d-------- C:\Program Files\Shareaza 2007-05-21 19:25 <REP> d-------- C:\DOCUME~1\chaabi\APPLIC~1\Shareaza (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-20 13:54:18 -------- d-----w C:\Program Files\Navilog1 2007-05-17 13:16:14 -------- d-----w C:\DOCUME~1\chaabi\APPLIC~1\F-Secure 2007-05-17 12:46:00 118,842 ------r C:\WINDOWS\bwUnin-6.3.2.123-361343L.exe 2007-05-17 12:45:58 -------- d-----w C:\Program Files\Pack Sécurité 2007-05-12 19:12:48 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 C:\WINDOWS\RTHDCPL.exe] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59] "LaunchApp"="" [] "F-Secure TNB"="C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" [] "F-Secure Startup Wizard"="C:\Program Files\Pack Sécurité\FSGUI\FSSW.exe" [] "F-Secure Manager"="C:\Program Files\Pack Sécurité\Common\FSM32.exe" [] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35] "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 14:29] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbbiqhika] c:\windows\system32\pbbiqhika.exe pbbiqhika [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=2 (0x2) "SPBBCSvc"=2 (0x2) "SNDSrvc"=2 (0x2) "SAVScan"=3 (0x3) "NSCService"=3 (0x3) "NPFMntor"=2 (0x2) "navapsvc"=2 (0x2) "LiveUpdate"=3 (0x3) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) Contents of the 'Scheduled Tasks' folder 2007-06-21 05:59:06 C:\WINDOWS\tasks\Scheduled scanning task.job
-
Bonjou Bruce, Fixwareout Last edited 5/15/2007 Post this report in the forums please ... »»»»»Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdorr.exe" »»»»» »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... »»»»» Misc files. .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. FINDSTRÿ: Impossible d'ouvrir C:\WINDOWS\System32\kdorr.exe Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ePower_DMC"="C:\\Acer\\Empowering Technology\\ePower\\ePower_DMC.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "SkyTel"="SkyTel.EXE" "RTHDCPL"="RTHDCPL.EXE" "ntiMUI"="C:\\Program Files\\NewTech Infosystems\\NTI CD & DVD-Maker 7\\ntiMUI.exe" "LManager"="C:\\PROGRA~1\\LAUNCH~1\\LManager.exe" "LaunchApp"="" "F-Secure TNB"="\"C:\\Program Files\\Pack Sécurité\\FSGUI\\TNBUtil.exe\" /CHECKALL /WAITFORSW" "F-Secure Startup Wizard"="\"C:\\Program Files\\Pack Sécurité\\FSGUI\\FSSW.EXE\" /reboot" "F-Secure Manager"="\"C:\\Program Files\\Pack Sécurité\\Common\\FSM32.EXE\" /splash" "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\eRAgent.exe" "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\"" "Boot"="C:\\Acer\\Empowering Technology\\ePower\\Boot.exe" "AzMixerSel"="C:\\Program Files\\Realtek\\InstallShield\\AzMixerSel.exe" "Autoconfigurateur WiFi Neuf"="\"C:\\Program Files\\Neuf\\Kit\\WiFi\\9wifi.exe\"" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\"" "Acer ePresentation HPD"="C:\\Acer\\Empowering Technology\\ePresentation\\ePresentation.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_9" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»»
-
RAPORT COMBOFIX ComboFix 07-06-13.7 - C:\Documents and Settings\chaabi\Bureau\ComboFix.exe "chaabi" - 2007-06-18 21:55:24 - Service Pack 2 ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) 2007-06-18 21:29 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-06-18 09:02 <REP> d--hs---- C:\FOUND.022 2007-06-17 20:06 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-06-07 11:02 <REP> d--hs---- C:\FOUND.021 2007-06-03 21:26 <REP> d--hs---- C:\FOUND.020 2007-05-29 19:01 <REP> d-------- C:\Program Files\PacificPoker 2007-05-23 18:49 <REP> d-------- C:\Program Files\CCleaner 2007-05-21 19:25 <REP> d-------- C:\Program Files\Shareaza 2007-05-21 19:25 <REP> d-------- C:\DOCUME~1\chaabi\APPLIC~1\Shareaza 2007-05-20 15:54 <REP> d-------- C:\Program Files\Navilog1 (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-17 13:16:14 -------- d-----w C:\DOCUME~1\chaabi\APPLIC~1\F-Secure 2007-05-17 12:46:00 118,842 ------r C:\WINDOWS\bwUnin-6.3.2.123-361343L.exe 2007-05-17 12:45:58 -------- d-----w C:\Program Files\Pack Sécurité 2007-05-12 19:12:48 -------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2 ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 C:\WINDOWS\RTHDCPL.exe] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59] "LaunchApp"="" [] "F-Secure TNB"="C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" [] "F-Secure Startup Wizard"="C:\Program Files\Pack Sécurité\FSGUI\FSSW.exe" [] "F-Secure Manager"="C:\Program Files\Pack Sécurité\Common\FSM32.exe" [] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40] "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35] "Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-02-14 13:06] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "System"="kdorr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbbiqhika] c:\windows\system32\pbbiqhika.exe pbbiqhika [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Symantec Core LC"=2 (0x2) "SPBBCSvc"=2 (0x2) "SNDSrvc"=2 (0x2) "SAVScan"=3 (0x3) "NSCService"=3 (0x3) "NPFMntor"=2 (0x2) "navapsvc"=2 (0x2) "LiveUpdate"=3 (0x3) "ccSetMgr"=2 (0x2) "ccEvtMgr"=2 (0x2) *Newly Created Service* - UBHELPER Contents of the 'Scheduled Tasks' folder 2007-06-18 07:04:32 C:\WINDOWS\tasks\Scheduled scanning task.job ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 ))))))))))))))))))))))))))))))) ((((((((((((((((((((((((( Files Created from 2007-05-18 to 2007-06-18 )))))))))))))))))))))))))))))))
-
rapport vudo VundoFix V6.3.21 Checking Java version... Java version is 1.5.0.10 Scan started at 14:15:07 13/05/2007 Listing files found while scanning.... VundoFix V6.5.1 Checking Java version... Java version is 1.5.0.10 Scan started at 19:31:42 18/06/2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.5.1 Checking Java version... Java version is 1.5.0.10 Scan started at 19:37:36 18/06/2007 Listing files found while scanning.... No infected files were found. Beginning removal... rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 19:47:39, on 18/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Pack Sécurité\Common\FSM32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Pack Sécurité\Common\FSMA32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Pack Sécurité\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Pack Sécurité\Common\FCH32.EXE C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe C:\Program Files\Pack Sécurité\FSPC\fspc.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe C:\Program Files\Pack Sécurité\Anti-Spyware\fsaw.exe C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\chaabi\LOCALS~1\Temp\Répertoire temporaire 5 pour yamsos.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Pack Sécurité.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Pack Sécurité\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178978765593 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-
salut nouveau raport hijack Logfile of HijackThis v1.99.1 Scan saved at 18:55:16, on 18/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Pack Sécurité\Common\FSM32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Pack Sécurité\Common\FSMA32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Pack Sécurité\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Pack Sécurité\Common\FCH32.EXE C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe C:\Program Files\Pack Sécurité\FSPC\fspc.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe C:\Program Files\Pack Sécurité\Anti-Spyware\fsaw.exe C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\chaabi\LOCALS~1\Temp\Répertoire temporaire 3 pour yamsos.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Pack Sécurité.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Pack Sécurité\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178978765593 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-
C FAIT FAUT IL UN NOUVEAU RAPORT HIJACK
-
NOUVEAU RAPPORT HIJACK Logfile of HijackThis v1.99.1 Scan saved at 23:08:25, on 17/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Pack Sécurité\Common\FSM32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE C:\Program Files\Pack Sécurité\Common\FSMA32.EXE C:\Program Files\Pack Sécurité\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Pack Sécurité\Common\FCH32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe C:\Program Files\Pack Sécurité\FSPC\fspc.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe C:\Program Files\Pack Sécurité\Anti-Spyware\fsaw.exe C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\chaabi\LOCALS~1\Temp\Répertoire temporaire 2 pour yamsos.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Pack Sécurité.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Pack Sécurité\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178978765593 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
-
qu est ce qu il faut renomer yamsos deplace ou hijack ? (lorsque je double click sur deplace, une fenetre aparait mais elle ne se fixe pas)
-
nouveau rapport hijack Logfile of HijackThis v1.99.1 Scan saved at 21:45:46, on 17/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Pack Sécurité\Common\FSM32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE C:\Program Files\Pack Sécurité\Common\FSMA32.EXE C:\Program Files\Pack Sécurité\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Pack Sécurité\Common\FCH32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe C:\Program Files\Pack Sécurité\FSPC\fspc.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe C:\Program Files\Pack Sécurité\Anti-Spyware\fsaw.exe C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\chaabi\LOCALS~1\Temp\Répertoire temporaire 1 pour yamsos.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Pack Sécurité.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Pack Sécurité\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178978765593 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe merci
-
RAPORT HIJACK Logfile of HijackThis v1.99.1 Scan saved at 20:02:33, on 17/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Pack Sécurité\Common\FSM32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE C:\Program Files\Pack Sécurité\Common\FSMA32.EXE C:\Program Files\Pack Sécurité\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Pack Sécurité\Common\FCH32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe C:\Program Files\Pack Sécurité\FSPC\fspc.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe C:\Program Files\Pack Sécurité\Anti-Spyware\fsaw.exe C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\chaabi\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Pack Sécurité.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Pack Sécurité\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178978765593 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe RAPORT FIXNAVI Search Navipromo version 2.0.3 commencé le 17/06/2007 à 20:07:46,87 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\chaabi\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : Processus caché(s) dans C:\WINDOWS\system32 : *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** *** Analyse Terminé le 17/06/2007 à 20:10:12,71 *** Merci
-
Bonjour,* Probleme ouveture de fenetre winantivirus 2006 et maxiles, Quelqu un pour m aider a ressoudre ces problemes ? Merci
-
SPYWARE SECURE ET PUBS INTEMPESTIVES
yamsos a répondu à un(e) sujet de yamsos dans Analyses et éradication malwares
MERCI POUR TON AIDE BIBI26 -
SPYWARE SECURE ET PUBS INTEMPESTIVES
yamsos a répondu à un(e) sujet de yamsos dans Analyses et éradication malwares
désolé raport navilog Search Navipromo version 2.0.2 commencé le 03/06/2007 à 16:47:04,76 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\chaabi\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\jqjqarb.exe Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\jqjqarb.exe *** Recherche fichiers *** C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\jqjqarb.dat trouvé ! ** C:\WINDOWS\system32\jqjqarb.dat trouvé ! *** **** C:\WINDOWS\system32\jqjqarb_navps.dat trouvé ! ***** ****** ******* C:\WINDOWS\system32\jqjqarb.exe trouvé ! ******** C:\WINDOWS\system32\jqjqarb.exe trouvé ! *** Analyse Terminé le 03/06/2007 à 16:49:17,67 *** -
SPYWARE SECURE ET PUBS INTEMPESTIVES
yamsos a répondu à un(e) sujet de yamsos dans Analyses et éradication malwares
Merci pour ta réponse rapport navilog Logfile of HijackThis v1.99.1 Scan saved at 16:10:57, on 03/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Pack Sécurité\Common\FSM32.EXE C:\Acer\Empowering Technology\eRecovery\eRAgent.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\BUtilityBar\BisonBar.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Neuf\Kit\WiFi\9wifi.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Pack Sécurité\backweb\361343\Program\fspex.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe C:\Program Files\Pack Sécurité\Anti-Virus\FSGK32.EXE C:\Program Files\Pack Sécurité\Common\FSMA32.EXE C:\Program Files\Pack Sécurité\Common\FSMB32.EXE C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Pack Sécurité\Common\FCH32.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pack Sécurité\Common\FAMEH32.EXE C:\Program Files\Pack Sécurité\Anti-Virus\fsqh.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Pack Sécurité\FSPC\fspc.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsrw.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Pack Sécurité\Anti-Virus\fssm32.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Pack Sécurité\Anti-Virus\fsav32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Pack Sécurité\Anti-Spyware\fsaw.exe C:\Program Files\Pack Sécurité\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\DOCUME~1\chaabi\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Sécurité\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Pack Sécurité\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Sécurité\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [bisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Pack Sécurité.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre pub. - C:\Program Files\Pack Sécurité\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Sécurité\FSPC\fspcmsie.dll O9 - Extra button: Protection IE - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection IE... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Sécurité\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O10 - Unknown file in Winsock LSP: c:\program files\pack sécurité\fsps\program\fslsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178978765593 O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Pack Sécurité (BackWeb Plug-in - 361343) - Pack Securite - C:\PROGRA~1\PACKSÉ~1\backweb\361343\Program\SERVIC~1.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Pack Sécurité\backweb\361343\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Sécurité\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Sécurité\Common\FSMA32.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe