gydhja
-
Compteur de contenus
27 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par gydhja
-
Fenetres intempestives - mon rapport Hijackthis
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
en effet il y a du mieux et je vous en remercie ^^ ça m'ennui de désinstaller avast vu que j'ai payé pour y etre est il possible d'ajouter antivir sans désinstaller avast? merci -
Fenetres intempestives - mon rapport Hijackthis
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Le rapport MBAM : Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2979 Windows 6.0.6002 Service Pack 2 18/10/2009 17:44:56 mbam-log-2009-10-18 (17-44-56).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 273236 Temps écoulé: 1 hour(s), 9 minute(s), 15 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Le nouveau Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:49:56, on 18/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Users\sebastien\AppData\Roaming\Maxthon2\Maxthon.exe C:\Users\sebastien\AppData\Roaming\Maxthon2\Maxthon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [saiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [DirectFlirt] C:\Program Files\DirectFlirt\DirectFlirt.exe -s O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255185254459 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1255863185365 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1ca30128bacb19b) (gupdate1ca30128bacb19b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 14656 bytes -
Fenetres intempestives - mon rapport Hijackthis
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Voici le rapport genere All processes killed ========== PROCESSES ========== Process explorer.exe killed successfully! ========== FILES ========== c:\program files\sgpsa\BHO.dll unregistered successfully. c:\program files\sgpsa\BHO.dll moved successfully. c:\program files\fast browser search\ie\FBStoolbar.dll unregistered successfully. c:\program files\fast browser search\ie\FBStoolbar.dll moved successfully. C:\Program Files\SGPSA moved successfully. C:\Program Files\Fast Browser Search\IE moved successfully. C:\Program Files\Fast Browser Search moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\ not found. Registry key HKEY_CLASSES_ROOT\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{1BB22D38-A411-4B13-A746-C2A4F4EC7344} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: sebastien ->Temp folder emptied: 31832 bytes ->Temporary Internet Files folder emptied: 330343103 bytes ->Java cache emptied: 14040658 bytes ->Google Chrome cache emptied: 8034937 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 28928 bytes File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. Windows Temp folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 336,18 mb OTM by OldTimer - Version 3.0.0.6 log created on 10182009_154743 Files moved on Reboot... File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. Registry entries deleted on Reboot... -
Fenetres intempestives - mon rapport Hijackthis
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
oups désolée lol voici : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:19:06, on 18/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Windows\system32\wbem\unsecapp.exe C:\Users\sebastien\AppData\Roaming\Maxthon2\Maxthon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [saiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [DirectFlirt] C:\Program Files\DirectFlirt\DirectFlirt.exe -s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255185254459 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1255863185365 O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1ca30128bacb19b) (gupdate1ca30128bacb19b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 14945 bytes -
Fenetres intempestives - mon rapport Hijackthis
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Merci des conseils et du lien voivi le nouveau rapport hijack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:20:20, on 18/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Users\sebastien\AppData\Local\cpfta.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [saiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [DirectFlirt] C:\Program Files\DirectFlirt\DirectFlirt.exe -s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [cpfta] "c:\users\sebastien\appdata\local\cpfta.exe" cpfta O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255185254459 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1ca30128bacb19b) (gupdate1ca30128bacb19b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 14730 bytes -
Fenetres intempestives - mon rapport Hijackthis
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Merci pour votre réponse rapide le rapport navilog : Fix Navipromo version 4.0.3 commencé le 18/10/2009 14:14:46,96 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 18.10.2009 à 10h00 par IL-MAFIOSO Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2140 @ 1.60GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : sebastien ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090321-0] 4.8.1335 (Activated) C:\ (Local Disk) - NTFS - Total:327 Go (Free:142 Go) D:\ (CD or DVD) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur C:\Program Files\Games-Attack supprimé ! c:\progra~2\micros~1\windows\startm~1\programs\Games-Attack supprimé ! C:\ProgramData\Games-Attack supprimé ! C:\Users\sebastien\AppData\Roaming\Games-Attack supprimé ! C:\Users\sebastien\AppData\Roaming\Live-Player supprimé ! C:\Users\sebastien\AppData\Local\cocqc.dat supprimé ! C:\Users\sebastien\AppData\Local\cocqc_nav.dat supprimé ! C:\Users\sebastien\AppData\Local\cocqc_navps.dat supprimé ! C:\Users\sebastien\AppData\Local\cpfta.exe supprimé ! C:\Users\sebastien\AppData\Local\cpfta.dat supprimé ! C:\Users\sebastien\AppData\Local\cpfta_nav.dat supprimé ! C:\Users\sebastien\AppData\Local\cpfta_navps.dat supprimé ! C:\Users\sebastien\AppData\Local\vhhphiq.bat supprimé ! Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\SEBAST~1\AppData\Local\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Scan terminé 18/10/2009 14:21:39,24 *** Le rapport toolbar : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6002 ) Service Pack 2 X86-based PC ( Multiprocessor Free : Intel® Pentium® Dual CPU E2140 @ 1.60GHz ) BIOS : Phoenix - AwardBIOS v6.00PG USER : sebastien ( Administrator ) BOOT : Normal boot Antivirus : avast! antivirus 4.8.1335 [VPS 090321-0] 4.8.1335 (Activated) C:\ (Local Disk) - NTFS - Total:327 Go (Free:145 Go) D:\ (CD or DVD) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 18/10/2009|14:27 ) [ UAC => 1 ] -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com"'>http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com" "Start Page"="http://www.duxet.com/"'>http://www.duxet.com/" "Search Bar"="http://g.msn.fr/0SEFRFR/SAOS02" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.duxet.com/" "Default_Page_URL"="http://fr.yahoo.com" "Default_Search_URL"="http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://fr.search.yahoo.com" "Search Page"="http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://fr.search.yahoo.com" "Local Page"="C:\\Windows\\System32\\blank.htm" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\SEBAST~1\AppData\Roaming\Azureus\torrents\AVS-Video-Converter-6.2.3.314.-Crack[1].torrent C:\Users\SEBAST~1\AppData\Roaming\Azureus\torrents\AVS.video.converter.6-2-3-314.Incl.Keygen[1].torrent C:\Users\SEBAST~1\AppData\Roaming\Azureus\torrents\AVS.video.converter.6-2-3-314.incl.working.keygen[1].torrent C:\Users\SEBAST~1\AppData\Roaming\Microsoft\Windows\Recent\Adobe Photoshop CS3 Extended v10.0 FR {trial + crack - Windows 2000, XP & Vista}.rar.lnk C:\Users\SEBAST~1\AppData\Roaming\Microsoft\Windows\Recent\Crack FR {Photoshop CS3 Extended}.rar.lnk C:\Users\SEBAST~1\Desktop\crack C:\Users\SEBAST~1\Desktop\crack\DxOOpticsPro5.exe C:\Users\SEBAST~1\Documents\Adobe Photoshop CS3 Extended v10.0 FR {trial + crack - Windows 2000, XP & Vista}.rar C:\Users\SEBAST~1\Documents\Xilisoft Corporation\Video Converter Ultimate\crack.js [ UAC => 1 ] 1 - "C:\ToolBar SD\TB_1.txt" - 18/10/2009|14:28 - Option : [1] -----------\\ Fin du rapport a 14:28:12,98 Merci -
Fenetres intempestives - mon rapport Hijackthis
gydhja a posté un sujet dans Analyses et éradication malwares
Bonjour à tous, Impossible de naviguer sur internet sans l'ouverture de fenetres intempestives ayant toutes la memes sources visiblement mais n'y connaissant pas grand chose.. j'ai fait un scan ad aware, rien à signaler.. voici le rapport Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:20:20, on 18/10/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\SFR\Media Center\MediaCenter.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe C:\Users\sebastien\AppData\Local\cpfta.exe C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\SFR\Media Center\httpd\httpd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.duxet.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file) O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [saiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe O4 - HKLM\..\Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [mumservice] C:\Program Files\Motorola\Software Update\mumservice.exe O4 - HKLM\..\Run: [DirectFlirt] C:\Program Files\DirectFlirt\DirectFlirt.exe -s O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [smpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKCU\..\Run: [cpfta] "c:\users\sebastien\appdata\local\cpfta.exe" cpfta O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: StupAssist.lnk = C:\Program Files\Common Files\Nikon\Utilities\StupAssist.exe O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255185254459 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfi...fig_3_5_1_0.cab O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1ca30128bacb19b) (gupdate1ca30128bacb19b) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- End of file - 14730 bytes Merci d'avance gydhja -
Le fichier est introuvable, cela veut il dire qu'il a été supprimé?
-
En effet le scan fut tres long lol, voici le rapport Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2953 Windows 5.1.2600 Service Pack 2 13/10/2009 17:10:18 mbam-log-2009-10-13 (17-10-18).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 160140 Temps écoulé: 1 hour(s), 52 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Visiblement oui je n'ai plus ce problème de fenetres intempestives je suis ravie ^^
-
voici les 3 rapports rapport lop S&D : --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.60GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : gydhja ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:27 Go (Free:4 Go) D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 13/10/2009|13:46 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4 Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\each bash.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\EACHBA~1.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Wipe Find.dat Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Wipe Find.exe Supprime! - C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\BiasTool.exe Supprime! - C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\dbdtpvdf.exe Supprime! - C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\fldmnacj.exe Supprime! - C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\Stupid Dale Ace.exe Supprime! - C:\Program Files\TorrentSpeeder\config Supprime! - C:\Program Files\TorrentSpeeder\data Supprime! - C:\Program Files\TorrentSpeeder\torrentspeeder.exe Supprime! - C:\Program Files\TorrentSpeeder\TorrentSpeeder.url Supprime! - C:\DOCUME~1\gydhja\Cookies\gydhja@partypoker[2].txt Supprime! - C:\WINDOWS\Tasks\AD2605BC914184DC.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf Supprime! - C:\DOCUME~1\gydhja\APPLIC~1\copyis~1 Supprime! - C:\Program Files\copyis~1 Supprime! - C:\Program Files\TorrentSpeeder - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [30/09/2009|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/09/2008|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [27/01/2009|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [02/02/2009|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [09/04/2009|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverCure [10/04/2009|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM [10/04/2009|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail [03/01/2009|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [02/10/2009|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LGMOBILEAX [12/09/2008|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [13/09/2008|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS [13/09/2008|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming [17/05/2009|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [27/01/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [09/04/2009|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic [04/01/2009|02:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [17/08/2007|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [29/10/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller [14/09/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [14/12/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser [23/08/2005|23:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [30/09/2009|22:21] C:\DOCUME~1\gydhja\APPLIC~1\Adobe [16/06/2009|07:45] C:\DOCUME~1\gydhja\APPLIC~1\AdSigner [01/10/2008|22:17] C:\DOCUME~1\gydhja\APPLIC~1\Apple Computer [04/06/2009|23:03] C:\DOCUME~1\gydhja\APPLIC~1\CameraWindowDC [17/12/2008|13:05] C:\DOCUME~1\gydhja\APPLIC~1\CANON INC [09/04/2009|08:47] C:\DOCUME~1\gydhja\APPLIC~1\DriverCure [26/03/2009|10:16] C:\DOCUME~1\gydhja\APPLIC~1\dvdcss [28/09/2009|18:42] C:\DOCUME~1\gydhja\APPLIC~1\Fortune Lounge Personal Messenger [12/09/2008|00:28] C:\DOCUME~1\gydhja\APPLIC~1\Identities [02/10/2009|22:45] C:\DOCUME~1\gydhja\APPLIC~1\LG Electronics [12/09/2008|00:42] C:\DOCUME~1\gydhja\APPLIC~1\Macromedia [14/05/2009|22:51] C:\DOCUME~1\gydhja\APPLIC~1\Microsoft [12/09/2008|00:46] C:\DOCUME~1\gydhja\APPLIC~1\Mozilla [28/09/2009|16:45] C:\DOCUME~1\gydhja\APPLIC~1\NeatImage SL [12/09/2008|00:29] C:\DOCUME~1\gydhja\APPLIC~1\Styler [04/03/2009|01:31] C:\DOCUME~1\gydhja\APPLIC~1\Sun [19/10/2008|18:59] C:\DOCUME~1\gydhja\APPLIC~1\System [10/04/2009|09:46] C:\DOCUME~1\gydhja\APPLIC~1\Talkback [02/09/2009|15:20] C:\DOCUME~1\gydhja\APPLIC~1\TeraCopy [10/04/2009|09:45] C:\DOCUME~1\gydhja\APPLIC~1\Thunderbird [03/05/2009|14:38] C:\DOCUME~1\gydhja\APPLIC~1\UnH Solutions [27/01/2009|14:52] C:\DOCUME~1\gydhja\APPLIC~1\vlc [16/09/2008|19:35] C:\DOCUME~1\gydhja\APPLIC~1\WinRAR [13/09/2008|11:01] C:\DOCUME~1\gydhja\APPLIC~1\Xentient [04/06/2009|23:03] C:\DOCUME~1\gydhja\APPLIC~1\ZoomBrowser EX [12/09/2008|00:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [12/09/2008|00:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [13/10/2009 09:14][--ah-----] C:\WINDOWS\tasks\SA.DAT [25/03/2009 08:14][-rah-c---] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [14/08/2007|02:33] C:\Program Files\Ad-Aware [30/09/2009|21:17] C:\Program Files\Adobe [03/05/2007|23:38] C:\Program Files\AusLogics Disk Defrag [12/09/2008|00:53] C:\Program Files\AVG [29/09/2008|16:54] C:\Program Files\Bonjour [10/04/2009|09:54] C:\Program Files\Canon [03/01/2009|00:25] C:\Program Files\CCleaner [12/09/2008|00:21] C:\Program Files\Cener Development [14/06/2006|18:46] C:\Program Files\Compare It! [11/09/2008|23:37] C:\Program Files\ComPlus Applications [27/09/2009|21:34] C:\Program Files\Conduit [25/05/2009|01:21] C:\Program Files\Emoticons-plus.com [26/03/2009|09:37] C:\Program Files\eMule [16/07/2007|01:24] C:\Program Files\Everest [05/08/2009|20:33] C:\Program Files\Fichiers communs [28/09/2009|18:42] C:\Program Files\Fortune Lounge Personal Messenger [01/02/2009|23:52] C:\Program Files\FoxitReader [16/04/2009|13:00] C:\Program Files\Hercules [03/09/2009|16:18] C:\Program Files\HP [14/06/2006|18:46] C:\Program Files\IE Privacy Keeper [09/10/2009|15:32] C:\Program Files\InstallShield Installation Information [10/12/2008|12:44] C:\Program Files\Internet Explorer [28/03/2009|09:13] C:\Program Files\Java [03/01/2009|00:21] C:\Program Files\Lavasoft [02/10/2009|22:44] C:\Program Files\LG Electronics [02/10/2009|23:00] C:\Program Files\LG PC Suite II [12/09/2008|01:01] C:\Program Files\ma-config.com [09/01/2009|18:13] C:\Program Files\Microsoft [21/09/2008|23:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [12/09/2008|00:06] C:\Program Files\microsoft frontpage [27/01/2009|13:00] C:\Program Files\Microsoft Office [29/10/2008|00:52] C:\Program Files\Microsoft SQL Server Compact Edition [27/01/2009|12:59] C:\Program Files\Microsoft Visual Studio [27/01/2009|12:51] C:\Program Files\Microsoft Visual Studio 8 [27/01/2009|12:57] C:\Program Files\Microsoft.NET [12/09/2008|00:06] C:\Program Files\movie maker [13/10/2009|09:30] C:\Program Files\Mozilla Firefox [27/01/2009|13:01] C:\Program Files\MSBuild [12/09/2008|00:06] C:\Program Files\msn gaming zone [12/09/2008|00:01] C:\Program Files\MSXML 4.0 [12/09/2008|00:27] C:\Program Files\MSXML 6.0 [24/09/2009|18:49] C:\Program Files\MySurvey Messenger [28/09/2009|16:45] C:\Program Files\Neat Image [12/09/2008|00:06] C:\Program Files\netmeeting [03/03/2009|16:16] C:\Program Files\Neuf [18/03/2007|22:42] C:\Program Files\Occtpt [11/09/2008|23:39] C:\Program Files\Outlook Express [16/06/2007|22:48] C:\Program Files\Paint.NET [09/10/2008|17:15] C:\Program Files\PhotoFiltre Studio [13/09/2008|10:36] C:\Program Files\Realtek AC97 [24/10/2008|11:02] C:\Program Files\RozetUtil [25/07/2007|02:40] C:\Program Files\Spybot [12/09/2008|00:29] C:\Program Files\Styler [03/09/2009|16:13] C:\Program Files\TeraCopy [29/09/2008|21:57] C:\Program Files\TRELLIAN [05/07/2006|03:20] C:\Program Files\TweakRAM [13/07/2007|23:36] C:\Program Files\UberIcon [09/10/2008|16:45] C:\Program Files\Ulead Particle.Plugin [25/01/2009|12:51] C:\Program Files\UltraVNC [11/09/2008|23:37] C:\Program Files\Uninstall Information [25/01/2009|04:06] C:\Program Files\VideoLAN [06/04/2009|08:28] C:\Program Files\Wanadoo [04/04/2009|21:15] C:\Program Files\Wanadoo Messager [21/02/2009|10:45] C:\Program Files\Windows Live [09/01/2009|18:13] C:\Program Files\Windows Live SkyDrive [11/09/2008|23:36] C:\Program Files\Windows Media Connect 2 [11/09/2008|23:44] C:\Program Files\Windows Media Player [12/09/2008|00:06] C:\Program Files\windows nt [12/09/2008|00:03] C:\Program Files\Windows Sidebar [11/09/2008|23:41] C:\Program Files\WindowsUpdate [20/07/2007|21:16] C:\Program Files\WinRAR [25/09/2008|15:10] C:\Program Files\WordBiz [12/09/2008|00:06] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [30/09/2009|21:19] C:\Program Files\Fichiers communs\Adobe [24/10/2008|11:03] C:\Program Files\Fichiers communs\Borland Shared [14/12/2008|12:17] C:\Program Files\Fichiers communs\Canon [27/01/2009|12:59] C:\Program Files\Fichiers communs\DESIGNER [19/09/2008|23:41] C:\Program Files\Fichiers communs\Hewlett-Packard [20/09/2008|01:06] C:\Program Files\Fichiers communs\HP [05/08/2009|20:27] C:\Program Files\Fichiers communs\InstallShield [21/02/2009|10:41] C:\Program Files\Fichiers communs\Microsoft Shared [06/11/2008|17:15] C:\Program Files\Fichiers communs\Motorola Shared [11/09/2008|23:39] C:\Program Files\Fichiers communs\MSSoap [12/09/2008|01:29] C:\Program Files\Fichiers communs\ODBC [11/09/2008|23:40] C:\Program Files\Fichiers communs\Services [12/09/2008|01:29] C:\Program Files\Fichiers communs\SpeechEngines [27/01/2009|12:49] C:\Program Files\Fichiers communs\System [29/10/2008|17:09] C:\Program Files\Fichiers communs\Vbox [29/10/2008|00:08] C:\Program Files\Fichiers communs\Windows Live [14/09/2008|19:24] C:\Program Files\Fichiers communs\WindowsLiveInstaller [03/01/2009|00:19] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 35 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\gydhja\Mes documents\Photo Filtre Studio 9.1.0 Fr+Keygen FFF C:\DOCUME~1\gydhja\Mes documents\Photo Filtre Studio 9.1.0 Fr+Keygen FFF\Keygen.exe C:\DOCUME~1\gydhja\Mes documents\Photo Filtre Studio 9.1.0 Fr+Keygen FFF\pfs-setup.exe [F:56][D:7]-> C:\DOCUME~1\gydhja\LOCALS~1\Temp [F:26][D:0]-> C:\DOCUME~1\gydhja\Cookies [F:23][D:4]-> C:\DOCUME~1\gydhja\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 13/10/2009|12:46 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 13/10/2009|14:08 - Option : [2] --------------------\\ Fin du rapport a 14:08:38 2ème rapport : Logfile of random's system information tool 1.06 (written by random/random) Run by gydhja at 2009-10-13 14:15:23 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 4 GB (15%) free of 29 GB Total RAM: 1215 MB (35% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:15:46, on 13/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\gydhja\Bureau\RSIT.exe C:\Documents and Settings\gydhja\Bureau\gydhja.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2385388 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: MyKai Toolbar - {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - C:\Program Files\MyKai\tbMyKa.dll (file missing) O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MyKai Toolbar - {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - C:\Program Files\MyKai\tbMyKa.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O3 - Toolbar: MyKai Toolbar - {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - C:\Program Files\MyKai\tbMyKa.dll (file missing) O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: MySurvey Messenger.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: repeater_service - Unknown owner - C:\Program Files\ultra\repeater.exe (file missing) -- End of file - 8292 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{abba5619-7774-4cbc-b0bd-bbb69708dd9c}] MyKai Toolbar - C:\Program Files\MyKai\tbMyKa.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] SaveLinksOrder Locked {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - StylerToolBar - C:\Program Files\styler\TB\StylerTB.dll [2006-05-02 102400] {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - MyKai Toolbar - C:\Program Files\MyKai\tbMyKa.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe [2006-07-30 121089] "TransBar"=C:\WINDOWS\system32\transbar.exe [2004-08-28 139264] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-03 2023704] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888] "CamserviceDP"=C:\Program Files\Hercules\DualPix Exchange\Camservice.exe [2007-08-10 81920] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe [2005-09-09 57344] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2004-08-28 678912] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088] "WOOKIT"=C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2004-08-28 25088] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2004-02-12 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Look 'n' Stop] C:\Program Files\Soft4Ever\looknstop\looknstop.exe -auto [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe -atboottime [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe [2007-01-10 1235456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Styler] C:\Program Files\styler\Styler.exe [2006-05-03 307200] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon] C:\Program Files\UberIcon\UberIcon Manager.exe [2006-07-17 122880] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe [2004-08-28 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-09-09 110592] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2004-05-28 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2004-05-28 241664] C:\Documents and Settings\gydhja\Menu Démarrer\Programmes\Démarrage MySurvey Messenger.lnk - C:\Documents and Settings\gydhja\Application Data\Microsoft\Installer\{3CFCDC11-4584-464B-9194-594D6E1CB246}\Icon3CFCDC113.ico [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter] C:\WINDOWS\system32\avgrsstx.dll [2009-08-17 11952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 183808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2004-08-28 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=95000000 "NoUserNameInStartMenu"=1 "NoSMHelp"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Documents and Settings\gydhja\Local Settings\Temp\ImInstaller\HiYo_Installer.exe"="C:\Documents and Settings\gydhja\Local Settings\Temp\ImInstaller\HiYo_Installer.exe:*:Enabled:IncrediMail Installer" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail" "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\Hercules\DualPix Exchange\Station2.exe"="C:\Program Files\Hercules\DualPix Exchange\Station2.exe:*:Enabled:Hercules Webcam Station Evolution SE" "C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe"="C:\WINDOWS\system32\[Emoticons-plus.com] Winkaa 2.0.exe:*:Enabled:[Emoticons-plus.com] Winkaa 2.0" "C:\WINDOWS\system32\mcoinstall.exe"="C:\WINDOWS\system32\mcoinstall.exe:*:Enabled:mcoinstall" "C:\Documents and Settings\gydhja\Bureau\mcoviewer.exe"="C:\Documents and Settings\gydhja\Bureau\mcoviewer.exe:*:Enabled:mcoviewer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======List of files/folders created in the last 1 months====== 2009-10-13 14:15:23 ----D---- C:\rsit 2009-10-13 12:32:28 ----A---- C:\lopR.txt 2009-10-13 12:31:52 ----D---- C:\Lop SD 2009-10-02 23:00:34 ----D---- C:\Sounds 2009-10-02 22:45:56 ----A---- C:\WINDOWS\system32\NMSDVDXU.dll 2009-10-02 22:45:45 ----D---- C:\Program Files\LG PC Suite II 2009-10-02 22:45:45 ----D---- C:\Documents and Settings\gydhja\Application Data\LG Electronics 2009-10-02 22:22:23 ----D---- C:\Program Files\LG Electronics 2009-10-02 22:20:53 ----D---- C:\KU990i 2009-10-02 22:19:22 ----A---- C:\WINDOWS\system32\lgAxconfig.ini 2009-10-02 22:19:22 ----A---- C:\WINDOWS\system32\CommonDL.dll 2009-10-02 22:19:18 ----D---- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX 2009-09-30 22:21:54 ----A---- C:\AdobeDebug.txt 2009-09-30 20:46:42 ----D---- C:\Program Files\Adobe 2009-09-30 20:46:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-09-30 20:46:31 ----N---- C:\WINDOWS\system32\pxcpyi64.exe 2009-09-30 20:46:30 ----N---- C:\WINDOWS\system32\pxinsi64.exe 2009-09-30 20:46:30 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-09-30 20:46:30 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-09-30 20:46:29 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-09-30 20:46:28 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-09-30 20:46:26 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-09-30 20:46:26 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-09-30 20:46:25 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-09-30 20:46:24 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-09-30 20:46:24 ----N---- C:\WINDOWS\system32\px.dll 2009-09-28 16:45:58 ----D---- C:\Documents and Settings\gydhja\Application Data\NeatImage SL 2009-09-28 16:45:41 ----D---- C:\Program Files\Neat Image 2009-09-27 21:34:54 ----D---- C:\Program Files\Conduit 2009-09-24 18:49:37 ----D---- C:\Program Files\MySurvey Messenger ======List of files/folders modified in the last 1 months====== 2009-10-13 13:47:03 ----D---- C:\Program Files 2009-10-13 13:47:02 ----SD---- C:\WINDOWS\Tasks 2009-10-13 09:30:02 ----D---- C:\Program Files\Mozilla Firefox 2009-10-13 09:15:22 ----D---- C:\WINDOWS\Temp 2009-10-11 19:58:02 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-10 10:26:01 ----D---- C:\WINDOWS 2009-10-09 15:32:16 ----HD---- C:\WINDOWS\inf 2009-10-09 15:32:16 ----HD---- C:\Program Files\InstallShield Installation Information 2009-10-09 15:32:16 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-09 15:32:13 ----D---- C:\WINDOWS\system32\drivers 2009-10-09 15:31:50 ----SHD---- C:\WINDOWS\Installer 2009-10-09 15:26:48 ----HD---- C:\Config.Msi 2009-10-08 00:41:12 ----D---- C:\WINDOWS\system32 2009-10-07 13:11:02 ----HD---- C:\$AVG8.VAULT$ 2009-10-02 22:42:21 ----D---- C:\WINDOWS\system32\CatRoot 2009-10-02 17:46:37 ----D---- C:\WINDOWS\system32\FxsTmp 2009-10-02 17:01:50 ----A---- C:\WINDOWS\win.ini 2009-09-30 22:21:30 ----D---- C:\Documents and Settings\gydhja\Application Data\Adobe 2009-09-30 21:19:15 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-09-30 20:48:52 ----RSD---- C:\WINDOWS\Fonts 2009-09-30 20:42:09 ----AC---- C:\WINDOWS\ODBCINST.INI 2009-09-29 04:46:03 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-09-28 18:42:22 ----D---- C:\Program Files\Fortune Lounge Personal Messenger 2009-09-28 18:42:22 ----D---- C:\Documents and Settings\gydhja\Application Data\Fortune Lounge Personal Messenger ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-17 335240] R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-17 27784] R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-05-06 108552] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-09-12 21035] R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424] R2 rspndr;Répondeur de découverte de topologie de la couche de liaison; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336] R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-08-06 4122112] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 NSCIRDA;Pilote de périphérique infrarouge NSC; C:\WINDOWS\system32\DRIVERS\nscirda.sys [2004-08-04 28672] R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-10-23 17152] R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736] S3 camfilt2;camfilt2; C:\WINDOWS\System32\Drivers\camfilt2.sys [2007-05-29 94208] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM); C:\WINDOWS\system32\DRIVERS\webc3vid.sys [2000-09-14 159867] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744] S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 RT2500USB;Hercules Wireless USB Dongle Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [] S3 RTLWUSB;802.11g USB2.0 WLAN Dongle; C:\WINDOWS\system32\DRIVERS\RTL8187.sys [] S3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Drivers\SjyPkt.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-05-16 9602944] S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2006-06-23 59392] S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2009-08-21 13056] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-17 31744] S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2009-08-21 20864] S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2009-08-21 24960] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 usbser;Motorola A1000 USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2004-08-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2004-08-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2009-01-03 611664] R2 AdobeActiveFileMonitor4.0;Adobe Active File Monitor V4; C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [2005-09-09 102400] R2 avg8emc;AVG8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-17 908056] R2 avg8wd;AVG8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370] R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-28 270848] S2 repeater_service;repeater_service; C:\Program Files\ultra\repeater.exe -service [] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-03-18 65536] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-28 14336] -----------------EOF----------------- 3è : info.txt logfile of random's system information tool 1.06 2009-10-13 14:16:00 ======Uninstall list====== -->MsiExec.exe /I{C98E5F1B-5C2B-4FD1-BDF9-F3779DCAAA16} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903} Adobe Photoshop Elements 4.0-->msiexec /I {EBB7C1C1-D439-4D9B-9FDC-954C10F266B0} Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Canon Camera Access Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon Camera Support Core Library-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini" Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini" Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Utilities CameraWindow DC-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC\Uninst.ini" Canon Utilities CameraWindow-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini" Canon Utilities EOS Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities MyCamera DC-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCameraDC\Uninst.ini" Canon Utilities MyCamera-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini" Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Fichiers communs\Canon\UIW\1.4.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Creative Video Blaster WebCam 3 USB/WebCam Plus Driver-->C:\WINDOWS\ctdrvins.exe -uninstall usb\vid_05a9&pid_a511 -plugin webc3pin.dll -pluginres webc3pin.dll eMule-->"C:\Program Files\eMule\Uninstall.exe" Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} Hercules DualPix Exchange Webcam-->C:\Program Files\InstallShield Installation Information\{04BEFF7A-DF5D-4E49-AB46-BA3D3BE49FCB}\setup.exe -runfromtemp -l0x040c -removeonly HijackThis 2.0.2-->"C:\Documents and Settings\gydhja\Bureau\HijackThis.exe" /uninstall HP Image Zone 4.2-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} king.com (remove only)-->"C:\WINDOWS\king-uninstall.exe" LG PC Suite II-->C:\Program Files\InstallShield Installation Information\{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}\setup.exe -runfromtemp -l0x040c -removeonly LG SP USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2AE8456-CCFE-46C0-8629-71CC507660FC}\setup.exe" -l0x40c -removeonly LG USB Modem Driver-->"C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -runfromtemp -l0x040cLG -removeonly Ma-Config.com-->MsiExec.exe /X{1C02A760-1682-49AE-BB54-FA7D63BD3504} Messenger Live Connector-->MsiExec.exe /I{0D959BD2-2BA9-418B-963B-7B4D1297C512} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{97AA1F3C-DD64-4AA6-AEC5-F8F9F4CC21C5} MySurvey Messenger International-->MsiExec.exe /X{3CFCDC11-4584-464B-9194-594D6E1CB246} Neat Image v6 Demo (with plug-in)-->"C:\Program Files\Neat Image\unins000.exe" Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe" Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly Royal Vegas Online Casino-->C:\MicroGaming\Casino\RoyalVegas\install.exe -uninstall Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update pour Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} TamTam Casino-->"C:\Casino\TamTam Casino\_SetupCasino_6cdc.exe" /uninstall Ulead Particle.Plugin 1.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Ulead Particle.Plugin\Pp10f.isu" VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe Wanadoo Messager-->C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} WordBiz version 1.8-->"C:\Program Files\WordBiz\unins000.exe" Securitycenter WMI appears to be broken ======System event log====== Computer Name: B8A4E19189A14DF Event Code: 7035 Message: Un contrôle Arrêter a correctement été envoyé au service Fax. Record Number: 649 Source Name: Service Control Manager Time Written: 20091006095524.000000+120 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: B8A4E19189A14DF Event Code: 7000 Message: Le service repeater_service n'a pas pu démarrer en raison de l'erreur : Le chemin d'accès spécifié est introuvable. Record Number: 648 Source Name: Service Control Manager Time Written: 20091006095524.000000+120 Event Type: erreur User: Computer Name: B8A4E19189A14DF Event Code: 35 Message: Le service de temps synchronise maintenant l'heure système avec la source de temps time.windows.com (ntp.m|0x1|192.168.1.20:123->207.46.197.32:123). Record Number: 647 Source Name: W32Time Time Written: 20091006095504.000000+120 Event Type: Informations User: Computer Name: B8A4E19189A14DF Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 646 Source Name: EventLog Time Written: 20091006095353.000000+120 Event Type: Informations User: Computer Name: B8A4E19189A14DF Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 645 Source Name: EventLog Time Written: 20091006095353.000000+120 Event Type: Informations User: =====Application event log===== Computer Name: B8A4E19189A14DF Event Code: 1 Message: Record Number: 2962 Source Name: avg8emc Time Written: 20090113174843.000000+060 Event Type: Informations User: Computer Name: B8A4E19189A14DF Event Code: 32068 Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement. Code de pays/région : '*' Indicatif régional : '*' Record Number: 2961 Source Name: Microsoft Fax Time Written: 20090113174657.000000+060 Event Type: Avertissement User: Computer Name: B8A4E19189A14DF Event Code: 32026 Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI). Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé. Record Number: 2960 Source Name: Microsoft Fax Time Written: 20090113174657.000000+060 Event Type: Avertissement User: Computer Name: B8A4E19189A14DF Event Code: 1 Message: Record Number: 2959 Source Name: Bonjour Service Time Written: 20090113174534.000000+060 Event Type: Informations User: Computer Name: B8A4E19189A14DF Event Code: 1517 Message: Windows a sauvegardé le Registre utilisateur B8A4E19189A14DF\gydhja alors qu'une application ou un service utilisait toujours le Registre pendant la fermeture de la session. La mémoire utilisée par le Registre de l'utilisateur n'a pas été libérée. le Registre sera déchargé lorsqu'il ne sera plus utilisé. Cela est souvent causé par des services s'exécutant en tant que compte d'utilisateur, essayez de configurer les services pour s'exécuter dans le compte service réseau ou service local. Record Number: 2958 Source Name: Userenv Time Written: 20090113074240.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel "PROCESSOR_REVISION"=0209 "NUMBER_OF_PROCESSORS"=1 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH -----------------EOF----------------- Merci
-
Merci Thanos, Voici le rapport généré : --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : Intel® Celeron® CPU 2.60GHz ) BIOS : PhoenixBIOS 4.0 Release 6.0 USER : gydhja ( Administrator ) BOOT : Normal boot C:\ (Local Disk) - NTFS - Total:27 Go (Free:4 Go) D:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 13/10/2009|12:32 ) --------------------\\ Listing des dossiers dans APPLIC~1 [30/09/2009|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/09/2008|16:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [27/01/2009|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [02/02/2009|07:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 [09/04/2009|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DriverCure [30/09/2009|22:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData [27/09/2009|21:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\file joy proc deaf [10/04/2009|10:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IM [10/04/2009|10:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\IncrediMail [03/01/2009|00:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [02/10/2009|22:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LGMOBILEAX [12/09/2008|01:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com [13/09/2008|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MGS [13/09/2008|21:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microgaming [17/05/2009|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [27/01/2009|13:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [09/04/2009|08:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ParetoLogic [04/01/2009|02:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [17/08/2007|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [29/10/2008|00:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller [14/09/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [14/12/2008|12:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser [23/08/2005|23:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [30/09/2009|22:21] C:\DOCUME~1\gydhja\APPLIC~1\Adobe [16/06/2009|07:45] C:\DOCUME~1\gydhja\APPLIC~1\AdSigner [01/10/2008|22:17] C:\DOCUME~1\gydhja\APPLIC~1\Apple Computer [04/06/2009|23:03] C:\DOCUME~1\gydhja\APPLIC~1\CameraWindowDC [17/12/2008|13:05] C:\DOCUME~1\gydhja\APPLIC~1\CANON INC [27/09/2009|21:32] C:\DOCUME~1\gydhja\APPLIC~1\copy iso road [09/04/2009|08:47] C:\DOCUME~1\gydhja\APPLIC~1\DriverCure [26/03/2009|10:16] C:\DOCUME~1\gydhja\APPLIC~1\dvdcss [28/09/2009|18:42] C:\DOCUME~1\gydhja\APPLIC~1\Fortune Lounge Personal Messenger [12/09/2008|00:28] C:\DOCUME~1\gydhja\APPLIC~1\Identities [02/10/2009|22:45] C:\DOCUME~1\gydhja\APPLIC~1\LG Electronics [12/09/2008|00:42] C:\DOCUME~1\gydhja\APPLIC~1\Macromedia [14/05/2009|22:51] C:\DOCUME~1\gydhja\APPLIC~1\Microsoft [12/09/2008|00:46] C:\DOCUME~1\gydhja\APPLIC~1\Mozilla [28/09/2009|16:45] C:\DOCUME~1\gydhja\APPLIC~1\NeatImage SL [12/09/2008|00:29] C:\DOCUME~1\gydhja\APPLIC~1\Styler [04/03/2009|01:31] C:\DOCUME~1\gydhja\APPLIC~1\Sun [19/10/2008|18:59] C:\DOCUME~1\gydhja\APPLIC~1\System [10/04/2009|09:46] C:\DOCUME~1\gydhja\APPLIC~1\Talkback [02/09/2009|15:20] C:\DOCUME~1\gydhja\APPLIC~1\TeraCopy [10/04/2009|09:45] C:\DOCUME~1\gydhja\APPLIC~1\Thunderbird [03/05/2009|14:38] C:\DOCUME~1\gydhja\APPLIC~1\UnH Solutions [27/01/2009|14:52] C:\DOCUME~1\gydhja\APPLIC~1\vlc [16/09/2008|19:35] C:\DOCUME~1\gydhja\APPLIC~1\WinRAR [13/09/2008|11:01] C:\DOCUME~1\gydhja\APPLIC~1\Xentient [04/06/2009|23:03] C:\DOCUME~1\gydhja\APPLIC~1\ZoomBrowser EX [12/09/2008|00:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [12/09/2008|00:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [13/10/2009 12:00][--ah-----] C:\WINDOWS\tasks\AD2605BC914184DC.job [13/10/2009 09:14][--ah-----] C:\WINDOWS\tasks\SA.DAT [25/03/2009 08:14][-rah-c---] C:\WINDOWS\tasks\desktop.ini ( AD2605BC914184DC.job )=( c:\docume~1\gydhja\applic~1\copyis~1\StupidDaleAce.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [14/08/2007|02:33] C:\Program Files\Ad-Aware [30/09/2009|21:17] C:\Program Files\Adobe [03/05/2007|23:38] C:\Program Files\AusLogics Disk Defrag [12/09/2008|00:53] C:\Program Files\AVG [29/09/2008|16:54] C:\Program Files\Bonjour [10/04/2009|09:54] C:\Program Files\Canon [03/01/2009|00:25] C:\Program Files\CCleaner [12/09/2008|00:21] C:\Program Files\Cener Development [14/06/2006|18:46] C:\Program Files\Compare It! [11/09/2008|23:37] C:\Program Files\ComPlus Applications [27/09/2009|21:34] C:\Program Files\Conduit [27/09/2009|21:30] C:\Program Files\copy iso road [25/05/2009|01:21] C:\Program Files\Emoticons-plus.com [26/03/2009|09:37] C:\Program Files\eMule [16/07/2007|01:24] C:\Program Files\Everest [05/08/2009|20:33] C:\Program Files\Fichiers communs [28/09/2009|18:42] C:\Program Files\Fortune Lounge Personal Messenger [01/02/2009|23:52] C:\Program Files\FoxitReader [16/04/2009|13:00] C:\Program Files\Hercules [03/09/2009|16:18] C:\Program Files\HP [14/06/2006|18:46] C:\Program Files\IE Privacy Keeper [09/10/2009|15:32] C:\Program Files\InstallShield Installation Information [10/12/2008|12:44] C:\Program Files\Internet Explorer [28/03/2009|09:13] C:\Program Files\Java [03/01/2009|00:21] C:\Program Files\Lavasoft [02/10/2009|22:44] C:\Program Files\LG Electronics [02/10/2009|23:00] C:\Program Files\LG PC Suite II [12/09/2008|01:01] C:\Program Files\ma-config.com [09/01/2009|18:13] C:\Program Files\Microsoft [21/09/2008|23:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [12/09/2008|00:06] C:\Program Files\microsoft frontpage [27/01/2009|13:00] C:\Program Files\Microsoft Office [29/10/2008|00:52] C:\Program Files\Microsoft SQL Server Compact Edition [27/01/2009|12:59] C:\Program Files\Microsoft Visual Studio [27/01/2009|12:51] C:\Program Files\Microsoft Visual Studio 8 [27/01/2009|12:57] C:\Program Files\Microsoft.NET [12/09/2008|00:06] C:\Program Files\movie maker [13/10/2009|09:30] C:\Program Files\Mozilla Firefox [27/01/2009|13:01] C:\Program Files\MSBuild [12/09/2008|00:06] C:\Program Files\msn gaming zone [12/09/2008|00:01] C:\Program Files\MSXML 4.0 [12/09/2008|00:27] C:\Program Files\MSXML 6.0 [24/09/2009|18:49] C:\Program Files\MySurvey Messenger [28/09/2009|16:45] C:\Program Files\Neat Image [12/09/2008|00:06] C:\Program Files\netmeeting [03/03/2009|16:16] C:\Program Files\Neuf [18/03/2007|22:42] C:\Program Files\Occtpt [11/09/2008|23:39] C:\Program Files\Outlook Express [16/06/2007|22:48] C:\Program Files\Paint.NET [09/10/2008|17:15] C:\Program Files\PhotoFiltre Studio [13/09/2008|10:36] C:\Program Files\Realtek AC97 [24/10/2008|11:02] C:\Program Files\RozetUtil [25/07/2007|02:40] C:\Program Files\Spybot [12/09/2008|00:29] C:\Program Files\Styler [03/09/2009|16:13] C:\Program Files\TeraCopy [27/09/2009|21:30] C:\Program Files\TorrentSpeeder [29/09/2008|21:57] C:\Program Files\TRELLIAN [05/07/2006|03:20] C:\Program Files\TweakRAM [13/07/2007|23:36] C:\Program Files\UberIcon [09/10/2008|16:45] C:\Program Files\Ulead Particle.Plugin [25/01/2009|12:51] C:\Program Files\UltraVNC [11/09/2008|23:37] C:\Program Files\Uninstall Information [25/01/2009|04:06] C:\Program Files\VideoLAN [06/04/2009|08:28] C:\Program Files\Wanadoo [04/04/2009|21:15] C:\Program Files\Wanadoo Messager [21/02/2009|10:45] C:\Program Files\Windows Live [09/01/2009|18:13] C:\Program Files\Windows Live SkyDrive [11/09/2008|23:36] C:\Program Files\Windows Media Connect 2 [11/09/2008|23:44] C:\Program Files\Windows Media Player [12/09/2008|00:06] C:\Program Files\windows nt [12/09/2008|00:03] C:\Program Files\Windows Sidebar [11/09/2008|23:41] C:\Program Files\WindowsUpdate [20/07/2007|21:16] C:\Program Files\WinRAR [25/09/2008|15:10] C:\Program Files\WordBiz [12/09/2008|00:06] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [30/09/2009|21:19] C:\Program Files\Fichiers communs\Adobe [24/10/2008|11:03] C:\Program Files\Fichiers communs\Borland Shared [14/12/2008|12:17] C:\Program Files\Fichiers communs\Canon [27/01/2009|12:59] C:\Program Files\Fichiers communs\DESIGNER [19/09/2008|23:41] C:\Program Files\Fichiers communs\Hewlett-Packard [20/09/2008|01:06] C:\Program Files\Fichiers communs\HP [05/08/2009|20:27] C:\Program Files\Fichiers communs\InstallShield [21/02/2009|10:41] C:\Program Files\Fichiers communs\Microsoft Shared [06/11/2008|17:15] C:\Program Files\Fichiers communs\Motorola Shared [11/09/2008|23:39] C:\Program Files\Fichiers communs\MSSoap [12/09/2008|01:29] C:\Program Files\Fichiers communs\ODBC [11/09/2008|23:40] C:\Program Files\Fichiers communs\Services [12/09/2008|01:29] C:\Program Files\Fichiers communs\SpeechEngines [27/01/2009|12:49] C:\Program Files\Fichiers communs\System [29/10/2008|17:09] C:\Program Files\Fichiers communs\Vbox [29/10/2008|00:08] C:\Program Files\Fichiers communs\Windows Live [14/09/2008|19:24] C:\Program Files\Fichiers communs\WindowsLiveInstaller [03/01/2009|00:19] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 38 Processes ) iexplore.exe ~ [PID:1336] iexplore.exe ~ [PID:1412] --------------------\\ Recherche avec S_Lop C:\DOCUME~1\gydhja\APPLIC~1\COPYIS~1 C:\DOCUME~1\gydhja\APPLIC~1\COPYIS~1\BiasTool.exe C:\DOCUME~1\gydhja\APPLIC~1\COPYIS~1\dbdtpvdf.exe C:\DOCUME~1\gydhja\APPLIC~1\COPYIS~1\fldmnacj.exe C:\DOCUME~1\gydhja\APPLIC~1\COPYIS~1\Stupid Dale Ace.exe --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData C:\DOCUME~1\ALLUSE~1\APPLIC~1\espionServerData\globData.mk4 C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\each bash.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\EACHBA~1.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Wipe Find.dat C:\DOCUME~1\ALLUSE~1\APPLIC~1\File Joy Proc Deaf\Wipe Find.exe C:\DOCUME~1\gydhja\APPLIC~1\copyis~1 C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\BiasTool.exe C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\dbdtpvdf.exe C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\fldmnacj.exe C:\DOCUME~1\gydhja\APPLIC~1\copyis~1\Stupid Dale Ace.exe C:\Program Files\copyis~1 C:\Program Files\TorrentSpeeder C:\Program Files\TorrentSpeeder\config C:\Program Files\TorrentSpeeder\data C:\Program Files\TorrentSpeeder\torrentspeeder.exe C:\Program Files\TorrentSpeeder\TorrentSpeeder.url C:\DOCUME~1\gydhja\Cookies\gydhja@partypoker[2].txt C:\WINDOWS\Tasks\AD2605BC914184DC.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mfcd plus hide] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\gydhja\\APPLIC~1\\COPYIS~1\\BiasTool.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Roam Rdr"="C:\\DOCUME~1\\gydhja\\APPLIC~1\\COPYIS~1\\BiasTool.exe" "Roam Rdr"="C:\\DOCUME~1\\gydhja\\APPLIC~1\\COPYIS~1\\BiasTool.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Proc Deaf Delete Peak"="C:\\Documents and Settings\\All Users\\Application Data\\file joy proc deaf\\Wipe Find.exe" --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\gydhja\Mes documents\Photo Filtre Studio 9.1.0 Fr+Keygen FFF C:\DOCUME~1\gydhja\Mes documents\Photo Filtre Studio 9.1.0 Fr+Keygen FFF\Keygen.exe C:\DOCUME~1\gydhja\Mes documents\Photo Filtre Studio 9.1.0 Fr+Keygen FFF\pfs-setup.exe [F:56][D:7]-> C:\DOCUME~1\gydhja\LOCALS~1\Temp [F:27][D:0]-> C:\DOCUME~1\gydhja\Cookies [F:23][D:4]-> C:\DOCUME~1\gydhja\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 13/10/2009|12:46 - Option : [1] --------------------\\ Fin du rapport a 12:46:44
-
Bonjour, depuis plus d'une semaine mon pc rame enormement, apres diverses analyses spybot, avg, ad aware et autres.. aucun virus ni trojan n'a été détecté, pourtant des fenetres intempestives s'ouvrent régulièrement et mon pc est d'une lenteur incroyable... voici le rapport hijackthis, si vous pouviez m'apporter vos lumières merci d'avance!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:09:08, on 13/10/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MySurvey Messenger\MySurveyMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Documents and Settings\gydhja\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2385388 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: MyKai Toolbar - {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - C:\Program Files\MyKai\tbMyKa.dll (file missing) O1 - Hosts: ::1 localhost O1 - Hosts: 66.249.93.99 www.google.fr O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MyKai Toolbar - {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - C:\Program Files\MyKai\tbMyKa.dll (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O3 - Toolbar: MyKai Toolbar - {abba5619-7774-4cbc-b0bd-bbb69708dd9c} - C:\Program Files\MyKai\tbMyKa.dll (file missing) O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [TransBar] C:\WINDOWS\system32\transbar.exe /s O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [CamserviceDP] C:\Program Files\Hercules\DualPix Exchange\Camservice.exe /startup O4 - HKLM\..\Run: [Proc Deaf Delete Peak] C:\Documents and Settings\All Users\Application Data\file joy proc deaf\Wipe Find.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe" O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [Roam Rdr] C:\DOCUME~1\gydhja\APPLIC~1\COPYIS~1\BiasTool.exe O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user') O4 - Startup: MySurvey Messenger.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Br...018/flashax.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: repeater_service - Unknown owner - C:\Program Files\ultra\repeater.exe (file missing) -- End of file - 8525 bytes
-
Rapport Hijackthis de retour!
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Merci c'est très gentil, comme il s'agit du pc de ma soeur, je ne suis pas toujours là bas c pour ça que mes réponses sont parfois longues à venir, mais si on pouvait continuer la procédure ça serait sympa... Bises à tous!!!! gydhja -
Rapport Hijackthis de retour!
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Bonsoir, désolée je n'ai pas pu accéder au pc avant... J'ai fais la démarche demandée, seulement pas moyen de faire un scan avec Panda en ligne... donc je ne poste que le rapport clean en mode sans échec et le nouveau rapport hijackthis, est-il possible d'utiliser un autre scan en ligne ? rapport clean : Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Script execute en mode sans echec 21/08/2007 a 19:39:54,01 Microsoft Windows XP [version 5.1.2600] *** Suppression des fichiers dans C: *** Suppression des fichiers dans C:\WINDOWS\ *** Suppression des fichiers dans C:\WINDOWS\system32 *** Suppression des fichiers dans C:\Program Files tentative de suppression de "C:\Program Files\BitDownload" tentative de suppression de "C:\Program Files\Viewpoint\" *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! Rapport hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:34:08, on 21/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...c=1036&id=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [dupesoap] D:\DOCUME~1\MORIVA~1\APPLIC~1\SHIMLI~1\ONLINE PROGRAM BALM.exe O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station pour Livebox.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/casin...ic/FlashAX2.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Modaservice - Unknown owner - C:\PROGRA~1\LECTRA~1\MODASE~1.1\modaserv.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9282 bytes Merci à vous, gydhja -
Rapport Hijackthis de retour!
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Je n'ai pas trouvé les fichiers en gras malheureusement... Voici le rapport cleanavi : Clean Navipromo version 2.0.8 commencé le 19/08/2007 à 20:35:51,14 Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 15.08.2007 a 15h00 by IL-MAFIOSO Mode suppression automatique avec prise en charge résultats Blacklight *** Creation backups fichiers trouvés par Blacklight *** Copie vers "C:\Program Files\navilog1\Backupnavi" *** Suppression des fichiers trouvés avec Blacklight *** c:\WINDOWS\system32\xkwyeweaa.dat supprimé ! C:\windows\system32\xkwyeweaa.exe supprimé ! c:\WINDOWS\system32\xkwyeweaa_nav.dat supprimé ! c:\WINDOWS\system32\xkwyeweaa_navps.dat supprimé ! ** 2ème passage ** C:\WINDOWS\system32\xkwyeweaa.exe absent ! C:\WINDOWS\system32\xkwyeweaa.dat absent ! C:\WINDOWS\system32\xkwyeweaa_nav.dat absent ! C:\WINDOWS\system32\xkwyeweaa_navps.dat absent ! C:\WINDOWS\system32\xkwyeweaa_navup.dat absent ! C:\WINDOWS\system32\xkwyeweaa_navtmp.dat absent ! C:\WINDOWS\system32\xkwyeweaa_m2s.xml absent ! C:\WINDOWS\prefetch\xkwyeweaa*.pf trouvé ! Copie C:\WINDOWS\prefetch\xkwyeweaa*.pf réalise avec succes ! C:\WINDOWS\prefetch\xkwyeweaa*.pf supprimé ! *** Suppression dossiers dans C:\WINDOWS *** C:\WINDOWS\msskinner ...suppression... C:\WINDOWS\msskinner supprimé ! *** Suppression dossiers dans C:\Program Files *** *** Suppression dossiers dans D:\Documents and Settings\All Users\Application Data *** *** Suppression dossiers dans D:\Documents and Settings\morival cathy\Application Data *** ...\Application Data\MessengerSkinner ...suppression... ...\Application Data\MessengerSkinner supprimé ! *** Suppression fichiers *** C:\WINDOWS\pack.epk supprimé ! C:\WINDOWS\system32\nvs2.inf supprimé ! C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0870AF5E.pf supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu D:\Documents and Settings\morival cathy\Local Settings\Temp effectué ! *** Sauvegarde du registre vers dossier Backupnavi *** sauvegarde du registre réalise avec succes ! *** Nettoyage registre *** Nettoyage registre Ok *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche et Suppression Heuristique : * C:\WINDOWS\System32\qlgbefdwru.dat trouvé ! Copie C:\WINDOWS\system32\qlgbefdwru.dat réalise avec succes ! C:\WINDOWS\system32\qlgbefdwru.dat supprimé ! ** *** C:\WINDOWS\System32\qlgbefdwru_navup.dat trouvé ! Copie C:\WINDOWS\system32\qlgbefdwru_navup.dat réalise avec succes ! C:\WINDOWS\system32\qlgbefdwru_navup.dat supprimé ! **** C:\WINDOWS\System32\qlgbefdwru_navps.dat trouvé ! Copie C:\WINDOWS\system32\qlgbefdwru_navps.dat réalise avec succes ! C:\WINDOWS\system32\qlgbefdwru_navps.dat supprimé ! ***** C:\WINDOWS\System32\qlgbefdwru_nav.dat trouvé ! Copie C:\WINDOWS\system32\qlgbefdwru_nav.dat réalise avec succes ! C:\WINDOWS\system32\qlgbefdwru_nav.dat supprimé ! ****** ******* C:\WINDOWS\System32\ekprlgvvj.exe trouvé ! Copie C:\WINDOWS\system32\ekprlgvvj.exe réalise avec succes ! C:\WINDOWS\system32\ekprlgvvj.exe supprimé ! ******** C:\WINDOWS\system32\juozhar.exe trouvé ! Copie C:\WINDOWS\system32\juozhar.exe réalise avec succes ! C:\WINDOWS\system32\juozhar.exe supprimé ! C:\WINDOWS\system32\msuehauii.exe trouvé ! Copie C:\WINDOWS\system32\msuehauii.exe réalise avec succes ! C:\WINDOWS\system32\msuehauii.exe supprimé ! C:\WINDOWS\system32\vxiwojkw.exe trouvé ! Copie C:\WINDOWS\system32\vxiwojkw.exe réalise avec succes ! C:\WINDOWS\system32\vxiwojkw.exe supprimé ! 3)Contrôle présence clés Rootkit dans le registre : Aucune autre clés présente dans le registre ! 4)Certificats : Certificat Egroup supprimé ! *** Recherche avec GenericNaviSearch Beta *** !!! Ces résultats peuvent révéler des fichiers légitimes !!! !!! A verifier impérativement avant toute suppression manuelle !!! Fichiers trouvés supprimés avec backups : C:\WINDOWS\System32\asuuoa.exe trouvé ! Copie C:\WINDOWS\system32\asuuoa.exe réalise avec succes ! C:\WINDOWS\system32\asuuoa.exe supprimé ! C:\WINDOWS\System32\gwapapa.exe trouvé ! Copie C:\WINDOWS\system32\gwapapa.exe réalise avec succes ! C:\WINDOWS\system32\gwapapa.exe supprimé ! Fichiers suspects non supprimés : Aucun Fichier suspect trouvé ! *** Nettoyage termine le 19/08/2007 à 20:44:56,86 *** -
Rapport Hijackthis de retour!
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Voici les 2 rapports demandés : 19/08/2007 a 19:55:20,65 *** Recherche des fichiers dans C: *** Recherche des fichiers dans C:\WINDOWS\ *** Recherche des fichiers dans C:\WINDOWS\system32 "D:\Documents and Settings\morival cathy\Application Data\MessengerSkinner\" FOUND *** Recherche des fichiers dans C:\Program Files "C:\Program Files\BitDownload" FOUND "C:\Program Files\Viewpoint\" FOUND *** Fin du rapport ! Navilog : Search Navipromo version 2.0.8 commencé le 19/08/2007 à 19:58:57,32 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 15.08.2007 a 15h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** MessengerSkinner *** Recherche dossiers dans C:\WINDOWS *** C:\WINDOWS\msskinner trouvé ! *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans D:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans D:\Documents and Settings\morival cathy\Application Data *** ...\Application Data\MessengerSkinner trouvé ! *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html Fichier(s) caché(s) dans C:\WINDOWS\system32 : c:\WINDOWS\system32\xkwyeweaa.dat C:\windows\system32\xkwyeweaa.exe c:\WINDOWS\system32\xkwyeweaa_nav.dat c:\WINDOWS\system32\xkwyeweaa_navps.dat Processus caché(s) dans C:\WINDOWS\system32 : C:\windows\system32\xkwyeweaa.exe *** Recherche fichiers *** C:\WINDOWS\pack.epk trouvé ! C:\WINDOWS\system32\nvs2.inf trouvé ! C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0870AF5E.pf trouvé ! *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control HKEY_CURRENT_USER\Software\Lanconfig trouvé ! HKEY_USERS\S-1-5-21-3645094501-2486864048-2391907729-1006\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * C:\WINDOWS\system32\qlgbefdwru.dat trouvé ! C:\WINDOWS\system32\xkwyeweaa.dat trouvé ! ** C:\WINDOWS\system32\qlgbefdwru.dat trouvé ! C:\WINDOWS\system32\xkwyeweaa.dat trouvé ! *** C:\WINDOWS\system32\qlgbefdwru_navup.dat trouvé ! **** C:\WINDOWS\system32\qlgbefdwru_navps.dat trouvé ! ***** C:\WINDOWS\system32\qlgbefdwru_nav.dat trouvé ! C:\WINDOWS\system32\xkwyeweaa_nav.dat trouvé ! C:\WINDOWS\system32\qlgbefdwru_navup.dat trouvé ! ****** ******* C:\WINDOWS\system32\ekprlgvvj.exe trouvé ! ******** C:\WINDOWS\system32\ekprlgvvj.exe trouvé ! C:\WINDOWS\system32\juozhar.exe trouvé ! C:\WINDOWS\system32\msuehauii.exe trouvé ! C:\WINDOWS\system32\vxiwojkw.exe trouvé ! 3)Recherche Certificats : Certificat Egroup trouvé ! *** Recherche avec GenericNaviSearch Beta *** !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!! !!! A verifier impérativement avant toute suppression manuelle !!! Fichiers trouvés : C:\WINDOWS\system32\asuuoa.exe trouvé ! C:\WINDOWS\system32\gwapapa.exe trouvé ! C:\WINDOWS\system32\xkwyeweaa.exe trouvé ! Fichiers suspects : Aucun Fichier suspect trouvé ! *** Analyse Terminé le 19/08/2007 à 20:07:59,53 *** -
Rapport Hijackthis de retour!
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
rebonjour, J'ai fais un Ccleaner maintenant je suppose que j'ai surement des choses à faire par rapport à mon rapport hijackthis, merci de votre aide... Gydhja -
Bonjour, Après le succès de la désinfection de mon pc je voulais encore une fois vous remercier!!! et sans vouloir abuser, serait il possible d'examiner le rapport Hijackthis du pc de ma soeur que voici!! Il rame énormément et sur le sien aussi des fenêtres intempestives de spyware secure et aux s'ouvrent!! Merci par avance!!! Gydhja Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:01:44, on 19/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MessengerSkinner\MessengerSkinner.exe C:\WINDOWS\system32\lxcycoms.exe C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe C:\Program Files\eMule\emule.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\Program Files\Grisoft\AVG7\avgcc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\morival cathy\Bureau\HJTInstall.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...c=1036&id=2 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MSN Messenger\MessengerSkinner\MessengerSkinner.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [dupesoap] D:\DOCUME~1\MORIVA~1\APPLIC~1\SHIMLI~1\ONLINE PROGRAM BALM.exe O4 - HKCU\..\Run: [srvreg] C:\WINDOWS\system32\srvreg.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station pour Livebox.lnk = ? O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra 'Tools' menuitem: Baraka Casino Online - {5FC8323C-261D-47c1-83E4-4E91F9AF2B54} - C:\Casino\Baraka Casino Online\casino.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (Download Helper Class) - http://activex.microgaming.com/DLHelper/ve...n7/DLHelper.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://fortunelounge.microgaming.com/generic/FlashAX.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Object) - https://casinoclassic.microgaming.com/casin...ic/FlashAX2.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe O23 - Service: Modaservice - Unknown owner - C:\PROGRA~1\LECTRA~1\MODASE~1.1\modaserv.exe (file missing) O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9320 bytes
-
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Ok c'est parce qu'il est encore un peu long c pour ça que je disais que je ne savais pas! Une chose est sûre il tourne mieux et adieux fenetres intempestives!! Merci de m'avoir aider dans la procédure à tenir!!! C'est vraiment très très gentil!!! Bises, gydhja -
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Bonjour, en fait je ne sais pas vraiment, dois je refaire un scan avec hijackthis ou autres? Depuis que je finis tout la procèdure décrite n'ai plus de fenêtres intempestives de spyware secure etc... enfin pour le moment est une coincidence ou est il vraiment eradiqué?? je ne sais pas comment faire pour savoir... Merci beaucoup -
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
voici le rapport Tcleaner : ********ToolsCleaner! (A.Rothstein) V2.0******** Nettoyage commence le 16/08/2007 a 22:05:46,12 *************************************** -Hijackthis = Trouve! -Hijackthis = Suppression effectuee! -Navilog = Trouve! -Navilog = Suppression effectuee! -GenProc = Trouve! - (B) Genproc = Suppression effectuee! -Navipromo.bat = Trouve! - (B) Navipromo.bat = Suppression effectuee! -Bfu = Trouve! -Bfu = Suppression effectuee! Programme(s) supprime(s) avec succes! *************************************** Fin le 16/08/2007 a 22:05:52,54 Merci d'avoir utilise ToolsCleaner! J'ai également fait le scan Bitdefender qui fut très long lol Maintenant je ne sais pas exactement où en sont les problèmes...? Gydhja -
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Bonsoir!! Voici les rapports demandés! Hijack : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:40:18, on 16/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winlsd.org/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [LSD_III] %systemroot%\LSD\end.cmd (User 'Default user') O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = G:\Logiciels\VolumeWatcher\SPUVolumeWatcher.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CS1\Services\Tcpip\..\{FA8ECA4C-0E08-4D51-8FCC-3C090F2D331A}: NameServer = 212.27.32.176,212.27.32.177 O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 6154 bytes Navipromo : Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 17:47:56,87 C:\Documents and Settings\lucie\Bureau L'opération se déroule en mode sans échec sous le compte "lucie" ** Recherche... 1/ tihohh trouvé, recherche de tihohh* C:\WINDOWS\system32\tihohh.dat C:\WINDOWS\system32\tihohh.exe C:\WINDOWS\system32\tihohh_nav.dat C:\WINDOWS\system32\tihohh_navps.dat [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] tihohh REG_SZ c:\windows\system32\tihohh.exe tihohh ------------------ Fin du rapport de recherche Adware Navipromo trouvé 1 fois avec cette méthode ################################################ ** Nettoyage... 1/ Déplacement de tihohh* vers C:\Navipromo\Backups... C:\WINDOWS\System32\tihohh* déplacé avec succès ! ------------------ * Suppression clés et valeurs de registre 1 entrées de registre netttoyées * Backups : C:\Navipromo\Backups\ARPCache.reg C:\Navipromo\Backups\HKCURun.reg C:\Navipromo\Backups\HKLMRun.reg C:\Navipromo\Backups\MessengerSkinner C:\Navipromo\Backups\pack.epk C:\Navipromo\Backups\tihohh.dat C:\Navipromo\Backups\tihohh.exe C:\Navipromo\Backups\tihohh_nav.dat C:\Navipromo\Backups\tihohh_navps.dat C:\Navipromo\Backups\Uninstall.reg C:\Navipromo\Backups\MessengerSkinner\Userdata C:\Navipromo\Backups\MessengerSkinner\Userdata\defaultPack.cab C:\Navipromo\Backups\MessengerSkinner\Userdata\languages.xml Ajout d'extension .off aux backups ## Fin du rapport de Suppression ------------- Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 17:48:47,87 L'opération se déroule en mode sans échec sous le compte "lucie" ## Suppression Heuristique * Backups : C:\Navipromo\Backups\Heuristic\kijboap.exe Ajout d'extension .off aux backups Backups exe renommés avec succès ## Fin du rapport Heuristique ------------- Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 18:21:41,87 C:\Documents and Settings\lucie\Bureau L'opération se déroule en mode sans échec sous le compte "lucie" ** Recherche... Fin du rapport de recherche Adware Navipromo non trouvé avec cette méthode Engagement de la méthode Heuristique Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 18:21:42,89 L'opération se déroule en mode sans échec sous le compte "lucie" ## Suppression Heuristique * Backups : C:\Navipromo\Backups\Heuristic\kijboap.exe.off Aucun résultat par la recherche heuristique ## Fin du rapport Heuristique ------------- Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 18:23:43,37 L'opération se déroule en mode sans échec sous le compte "lucie" ## Suppression Heuristique * Backups : C:\Navipromo\Backups\Heuristic\kijboap.exe.off Aucun résultat par la recherche heuristique ## Fin du rapport Heuristique ------------- Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 18:24:02,21 C:\Documents and Settings\lucie\Bureau L'opération se déroule en mode sans échec sous le compte "lucie" ** Recherche... Fin du rapport de recherche Adware Navipromo non trouvé avec cette méthode Engagement de la méthode Heuristique Rapport Navipromo.bat 0.73 effectué le 16/08/2007 à 18:24:02,35 L'opération se déroule en mode sans échec sous le compte "lucie" ## Suppression Heuristique * Backups : C:\Navipromo\Backups\Heuristic\kijboap.exe.off Aucun résultat par la recherche heuristique ## Fin du rapport Heuristique La procédure s'est déroulée sans soucis majeurs... Merci encore de l'aide, j'attend la suite des choses à faire, merci à tous! Gydhja -
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Bonjour, je n'ai pas trouvé le fichier en gras encore une fois... Zut alors..; voici le rapport GenProc : Rapport GenProc 0.68 [1] effectué le 15/08/2007 à 10:36:24,35 - SystemRoot = C:\WINDOWS Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout. # Etape 1/ Télécharge : - Navipromo.zip http://www.alt-shift-return.org/Info/Fichi...avipromo073.zip et décompresse-le sur ton bureau - Brute Force Uninstaller http://www.merijn.org/files/bfu.zip et décompresse-le dans un dossier propre à lui (C:\BFU) * Fais un clic droit de souris sur ce lien : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer sous" (dans IE c'est "Enregistrer le lien sous..") afin de télécharger EGDACCESS.bfu, Type "Tous les fichiers". Sauvegarde dans le dossier créé (C:\BFU). ***** Copie ce qui suit dans un fichier texte et redémarre en mode sans échec comme indiqué ici https://www.microsoft.com/technet/prodtechn...c.mspx?mfr=true (choisis ta session courante "lucie") ***** # Etape 2/ * lance le fichier Navipromo.bat qui se trouve dans le dossier Navipromo, sur ton bureau. * Sélectionne l'option "Recherche et suppression automatique" en appuyant sur la touche R et en validant par entrée. Patiente. S'il trouve l'adware Navipromo, tu verras défiler des lignes dans la fenêtre de commande et au bout de quelques instants, il faudra que tu appuies sur une touche pour que le nettoyage soit lancé. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert * Relance l'outil, Sélectionne l'option "Suppression Heuristique" en appuyant sur la touche H et en validant par entrée ; patiente quelques minutes. Lorsqu'il a terminé, ferme le rapport qui s'est ouvert * Démarre le "Brute Force Uninstaller" en double-cliquant sur BFU.exe. Clique sur le petit dossier jaune, à la droite de la boîte "Scriptline to execute", et double-clique sur : EGDACCESS.bfu - Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU\EGDACCESS.bfu Clique sur "Execute" et laisse-le faire son travail. Attendre que "Complete script execution" apparaîsse et clique sur OK. Clique exit pour fermer le programme BFU. Recommence encore une fois. * Démarrer -> panneau de configuration -> options internet Clique sur l'onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés" : electronic-group - egroup - Montorgueil - VIP - "Sunny Day Design Ltd" => Supprime-les tous # Etape 3/ Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout. # Etape 4/ Redémarre normalement et poste : - Un nouveau rapport HijackThis, toutes fenêtres et applications fermées http://www.trendsecure.com/portal/en-US/th.../HiJackThis.exe ; - Le contenu du fichier Navipromo.txt qui se trouve dans Poste de travail C:\ ; Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation. -
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Bonsoir, après bien des soucis (plantage de pc) j'ai réussi à faire le scan AVG, par contre je n'ai pas trouver le fichier en gras Voici le rapport AVG : AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 17:23:04 14/08/2007 + Résultat de l'analyse: C:\Program Files\Trend Micro\HijackThis\backups\backup-20070814-130710-948.dll -> Adware.Stud : Ignoré. C:\System Volume Information\_restore{82816F2D-EE75-4F95-9B2B-48318B3781D6}\RP219\A0175407.dll -> Adware.Stud : Ignoré. C:\Documents and Settings\lucie\Application Data\winantiviruspro2006freeinstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignoré. :mozilla.223:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.224:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.227:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.228:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.288:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.289:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.290:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.291:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.292:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.293:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.294:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.339:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.386:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.471:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.489:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.525:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.535:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.691:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.705:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.730:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.134:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Adition : Nettoyé. :mozilla.135:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Adition : Nettoyé. :mozilla.299:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.300:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.206:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.207:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.208:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.480:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.371:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.66:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.636:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.637:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.635:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.522:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Com : Nettoyé. :mozilla.496:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.497:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.498:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.278:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Dealtime : Nettoyé. :mozilla.68:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.295:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Esomniture : Nettoyé. :mozilla.25:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.296:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.297:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.139:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.140:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.141:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.142:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.143:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.629:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.630:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.222:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.303:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.317:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.320:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.343:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.430:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.70:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.481:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.484:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.487:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.562:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.552:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.553:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.101:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.102:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.122:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Onestat : Nettoyé. :mozilla.124:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Onestat : Nettoyé. :mozilla.27:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.28:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.492:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Paypal : Nettoyé. :mozilla.607:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.608:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.665:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Real : Nettoyé. :mozilla.666:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Real : Nettoyé. :mozilla.361:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.362:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.188:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.189:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.190:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.191:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.192:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.644:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.645:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.646:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.647:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Sexcounter : Nettoyé. :mozilla.613:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.614:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.78:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.79:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.80:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.81:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.132:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.29:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.30:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.31:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.32:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.634:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.237:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Valueclick : Nettoyé. :mozilla.238:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Valueclick : Nettoyé. :mozilla.194:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.195:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.196:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.524:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.136:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Xhit : Nettoyé. :mozilla.137:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Xhit : Nettoyé. :mozilla.239:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.240:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.662:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.663:C:\Documents and Settings\lucie\Application Data\Mozilla\Firefox\Profiles\k89x8ngh.default\cookies-1.txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport -
Je pense que mon PC est infecté
gydhja a répondu à un(e) sujet de gydhja dans Analyses et éradication malwares
Merci je fais ça dans la matinée!!! J'espère y arriver lol gydhja