Aller au contenu

microgolgi

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    31

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par microgolgi

  1. microgolgi
    bonjour, desolé de répondre seulement maintenant. j'ai eu quelques contre tps qui m'ont tenu éloigné de l'ordi. Je vais transmettre ce message à mes parents pour qu'ils suivent toutes ces etapes.
  2. microgolgi
    Bonjour, voilà mon problème: IE s'ouvre tout seul avec des pub (lampe torche ou assurances...) ou des nouveaux onglets s'ouvrent. Je vous remercie de m'aider. Jeremy Voila le rapport Hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:38:21, on 01/05/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Orange\Systray\SystrayApp.exe C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe C:\Program Files\PCTuto\pctuto.exe C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Documents and Settings\Utilisateur\Bureau\OTL.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Recherche Web, moteur de recherche: Recherche Web , recherche Images , recherche Video R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Recherche Web, moteur de recherche: Recherche Web , recherche Images , recherche Video R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PCTBHO - {293A63F7-C3B6-423a-9845-901AC0A7EE6E} - C:\Program Files\PCTuto\pctutoBHO.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing) O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe" O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [WinsysMon] G:\tel\Adobe Photoshop CS4 Extended (PROPER FIXED)[Latest]\Adobe Photoshop CS4 Extended\Adobe Photoshop CS4 Extended\Adobe CS4\googledownload.exe O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [PCTuto] "C:\Program Files\PCTuto\pctuto.exe" O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [cspep.exe] C:\Program Files\cspep\cspep.exe O4 - HKLM\..\Run: [eorezo] "C:\Program Files\EoRezo\eorezo.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [EPSON SX110 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE /FU "C:\WINDOWS\TEMP\E_SB6.tmp" /EF "HKCU" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Recherche avec cherche.us - C:\Documents and Settings\Utilisateur\scriptjava.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: *.chat-land.org O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162547061296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234021948453 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\Windows\system32\ati2sgag.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 13727 bytes Rapport OTL : Extra OTL
  3. microgolgi
    Merci pour ta réponse et desolé pour le retard de la mienne. J'ai commandé le dell et je devrais pas tarder a le recevoir.
  4. microgolgi
    Bonjour, je suis ne train de regarder pour changer la tour de mon pc et j'ai vu ces deux config Une chez dell : XPS 240 Viiv intel Processor Q6600 Quad core 2.40GHz, 1066 Mhz FSB 8mb cache Vista Familliale prenium Memoire : 4096 Mo de memoire bicanale sdram ddr2 667mhz DD : double dd 640 Go Raid 0 stripe (2X320Go 7200tr) Carte graphique n vidia ge force 8600 gts 256Mo GraV DVD +/-rw 16x Clavier et souris dell carte son audio dolby digital 7.1 hda integre lecteur carte 19 en 1 office famille et etudiant Pour 1589 CHF (environ1000€) et l'autre Boitier : Chieftec/asus/inwin/lianli/matrix alim : thermaltake toughpower 600W carte mere Asus p5k e wifi fsb1333 Proc : Core duo E6750 2.333Ghz Refroidisseur . cooleur silencieux artic cooling Mem vive . ddr2 kingston 2048 pc 6400 (2X1Go) dd : 2X320 go raid sata 7200 ready boost : skandisk 2 go ready boost usb 2.0 Disquette 3 1/2 et lecteur carte DVD 16/48X plus graveur dvd+/-R20X Dual layer (le sdeux en samsung) Carte graph . Asus nvidia 8500gt silent 512Mo carte son integre surround 7.1 carte reseau gigabit lan +wireless lan B/G clavier et souris logitech cordless 1500 laser haut parleur logitech s 220 2.1 stereo Pour 1599CHF (environ 1000€ comme l'autre) En sachant que j'ai deja un pack logiteck clavier souris laser et une chiane hifi qui me sert d'haut parleur donc pour la deuxieme config je les virerai. Par contre je ne connais pas le syst d'exploitation pour le deuxieme ni s'il y a office famille. Je n'ai pas mentionné d'ecran car j'en ai deja un. Qu'en p0ensez vous?? Pour une utilisation bureautique mais en plus visionnage film, jeux, download. Je pense que ces deux config ne seront pas dépassées trop rapidement?? Merrci d'avance
  5. microgolgi
    Eh bien merci bcp pour ton aide. Jv faire plus attention et me protéger plus dorénavent. J'utilise déja firefox comme navigateur principal, j'utilise juste ie pour voir mes mail depuis msn et pour radioblown(mais jv eviter maintenant) merci encore pour ton aides et pr ces infos!
  6. microgolgi
    non pas de soucis (enfin j'en ai pas l'impression)
  7. microgolgi
    re, Alors voila le rapport de kapersky : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Saturday, September 01, 2007 1:18:39 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 1/09/2007 Enregistrements dans la base antivirus Kaspersky : 377267 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 43066 Nombre de virus trouvés: 2 Nombre d'objets infectés: 2 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 01:01:51 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\jeremy\.housecall6.6\Quarantine\75.111.220[1].htm.bac_a02296 Infecté : Trojan-Downloader.JS.Agent.kd ignoré C:\Documents and Settings\jeremy\.housecall6.6\Quarantine\lkjh[1].bac_a02296 Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\allpeers\log\allpeers-00000905.log L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\allpeers\resources.db L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Historique\History.IE5\MSHist012007083020070831\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Historique\History.IE5\MSHist012007083120070901\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Historique\History.IE5\MSHist012007090120070902\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\BWDocMap.pht L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\BWInfopakMap.pht L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chandir.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chandir.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chn.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chn.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\D0000000.FCS L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\inuse.txt L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\L0000007.FCS L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\main.log L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_die.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_die.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_dnd.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_dnd.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_ext.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_ext.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_rcv.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_rcv.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\storydb.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\storydb.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP159\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_520.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré Analyse terminée.
  8. microgolgi
    Re, Voila le rapport: 8fichiers infectés. Je n'ai pas fermé la page de Kapersky. Que dois je faire maintenant pour supprimer ces fichiers? ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Friday, August 31, 2007 9:22:39 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 31/08/2007 Enregistrements dans la base antivirus Kaspersky : 376946 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 56365 Nombre de virus trouvés: 3 Nombre d'objets infectés: 8 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 01:15:33 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\.housecall6.6\Quarantine\75.111.220[1].htm.bac_a02296 Infecté : Trojan-Downloader.JS.Agent.kd ignoré C:\Documents and Settings\jeremy\.housecall6.6\Quarantine\lkjh[1].bac_a02296 Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\Documents and Settings\jeremy\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\Content.IE5\SD2RGTIV\lkjh[1] Infecté : Trojan-Downloader.Win32.Tiny.id ignoré C:\Documents and Settings\jeremy\Local Settings\Temporary Internet Files\Content.IE5\ZCSWFJH6\valera[1] Infecté : Trojan.Win32.Agent.bck ignoré C:\Documents and Settings\jeremy\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\jeremy\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\BWDocMap.pht L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\BWInfopakMap.pht L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chandir.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chandir.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chn.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\chn.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\D0000000.FCS L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\inuse.txt L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\L0000007.FCS L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\main.log L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_die.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_die.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_dnd.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_dnd.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_ext.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_ext.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_rcv.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\prs_rcv.idx L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\storydb.dat L'objet est verrouillé ignoré C:\Program Files\Logitech\Desktop Messenger\8876480\Users\jeremy\Data\storydb.idx L'objet est verrouillé ignoré C:\Program Files\Navilog1\Backupnavi\atsuailb.exe Infecté : Trojan.Win32.Agent.bck ignoré C:\Program Files\Navilog1\Backupnavi\uyuojtii.exe Infecté : Trojan.Win32.Agent.bck ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP150\A0045721.exe Infecté : Trojan.Win32.Agent.bck ignoré C:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP150\A0045722.exe Infecté : Trojan.Win32.Agent.bck ignoré C:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP157\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_508.dat L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré F:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP157\change.log L'objet est verrouillé ignoré Analyse terminée.
  9. microgolgi
    Re, Logfile of HijackThis v1.99.1 Scan saved at 19:06:35, on 31/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\microgolgi\microgolgi.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yeyustni.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
  10. microgolgi
    Re, Logfile of HijackThis v1.99.1 Scan saved at 16:21:27, on 31/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\System32\alg.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\Program Files\microgolgi\microgolgi.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A} - C:\WINDOWS\system32\vtutu.dll (file missing) O2 - BHO: (no name) - {38916424-DD75-4DDB-8335-79DF03A5E9C3} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: (no name) - {4E8849C1-F7A9-4E3E-A522-178A659939A9} - C:\WINDOWS\system32\gebca.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yeyustni.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe Si la désinfection est réussi, quel logiciel je dois utiliser pour me protéger plus efficacement? a quelle fréquence utiliser par exemple AVG AS, Spybot ou autres? Encore merci de ton aide.
  11. microgolgi
    Hein mais comment c'est possible? j'ai rien télécharger!! cette saloperie! enfin voila la rapport vundo : Scan started at 14:38:29 31/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\acbeg.bak1 C:\WINDOWS\system32\acbeg.bak2 C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\gebca.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\acbeg.bak1 C:\WINDOWS\system32\acbeg.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\acbeg.bak2 C:\WINDOWS\system32\acbeg.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\acbeg.ini C:\WINDOWS\system32\acbeg.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\gebca.dll C:\WINDOWS\system32\gebca.dll Has been deleted! Performing Repairs to the registry. Done! Merci encore une fois de ton aide.
  12. microgolgi
    Re, Analyse faite hors ligne, ttes fenetres fermées. Par contre dès que je lance l'ordi ou que je lance firefox, g des alerte intrusion de code par SPF. Logfile of HijackThis v1.99.1 Scan saved at 14:21:41, on 31/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\microgolgi\microgolgi.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A} - C:\WINDOWS\system32\vtutu.dll (file missing) O2 - BHO: (no name) - {38916424-DD75-4DDB-8335-79DF03A5E9C3} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: (no name) - {4E8849C1-F7A9-4E3E-A522-178A659939A9} - C:\WINDOWS\system32\gebca.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\yeyustni.exe (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
  13. microgolgi
    Re, voila VundoFix V6.5.7 Checking Java version... Scan started at 10:30:37 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\awvtt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:23:02 26/08/2007 Listing files found while scanning.... C:\windows\system32\ftinspxg.exe C:\windows\system32\maxjdmjb.dll C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\pmnlm.dll Beginning removal... Attempting to delete C:\windows\system32\ftinspxg.exe C:\windows\system32\ftinspxg.exe Has been deleted! Attempting to delete C:\windows\system32\maxjdmjb.dll C:\windows\system32\maxjdmjb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\mlnmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\pmnlm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 17:37:16 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\cfhkj.bak1 C:\WINDOWS\system32\cfhkj.ini C:\WINDOWS\system32\jkhfc.dll C:\windows\system32\mgcenlry.exe C:\windows\system32\ustvytly.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cfhkj.bak1 C:\WINDOWS\system32\cfhkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cfhkj.ini C:\WINDOWS\system32\cfhkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfc.dll Could not be deleted. Attempting to delete C:\windows\system32\mgcenlry.exe C:\windows\system32\mgcenlry.exe Has been deleted! Attempting to delete C:\windows\system32\ustvytly.dll C:\windows\system32\ustvytly.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfc.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 18:51:55 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\mlljk.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\kjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mlljk.dll C:\WINDOWS\system32\mlljk.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:32:44 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\llkkj.bak1 C:\WINDOWS\system32\llkkj.bak2 C:\WINDOWS\system32\llkkj.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\jkkll.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.bak1 C:\WINDOWS\system32\llkkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.bak2 C:\WINDOWS\system32\llkkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.ini C:\WINDOWS\system32\llkkj.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:43:12 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\rrutv.bak1 C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\vturr.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\rrutv.bak1 C:\WINDOWS\system32\rrutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\rrutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vturr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vturr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:50:50 30/08/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.7 Checking Java version... Scan started at 14:58:44 30/08/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.7 Checking Java version... Scan started at 18:54:42 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\vturp.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\prutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturp.dll C:\WINDOWS\system32\vturp.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 20:14:37 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\ututv.bak1 C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\vtutu.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ututv.bak1 C:\WINDOWS\system32\ututv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\ututv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtutu.dll C:\WINDOWS\system32\vtutu.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\nnnkhfe.dll C:\WINDOWS\system32\nnnkhfe.dll Has been deleted! Performing Repairs to the registry. Done!
  14. microgolgi
    re. oui c'est bien ce que j'ai fais.
  15. microgolgi
    apres avoir cliqué sur le feu vert, je clique sur ok et j'ai ce message : the procedure * could not be located in the DLL urlmon.dll et le programme se ferme.
  16. microgolgi
    REGEDIT4 ; Registry Search by Bobbi Flekman © 2005 ; Version: 1.0.2.4 ; Results at 30/08/2007 20:27:37 for strings: ; 'nnnkhfe.dll' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60D13203-2DC3-4E31-8909-E70BEC38D9F8}\InprocServer32] @="C:\\WINDOWS\\system32\\nnnkhfe.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkhfe] "DllName"="nnnkhfe.dll" ; End Of The Log... et voila, la suite? Au fait quand tu dis de fermer ttes les applications, tu parles aussi par exemple d'avast, supercopier, logitech et compagnie enfin les logiciels qui apparaissent à coté de l'horloge.
  17. microgolgi
    "Silent Runners.vbs", revision 52, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ["Logitech"] "SuperCopier2.exe" = "C:\Program Files\SuperCopier2\SuperCopier2.exe" ["SFX TEAM"] "WOOKIT" = "C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx" [empty string] "Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"] "Picasa Media Detector" = "C:\Program Files\Picasa2\PicasaMediaDetector.exe" ["Google Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" ["ALWIL Software"] "!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["GRISOFT s.r.o."] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\vtutu.dll" [file not found] {38916424-DD75-4DDB-8335-79DF03A5E9C3}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\vturp.dll" [file not found] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" ["Safer Networking Limited"] {60D13203-2DC3-4E31-8909-E70BEC38D9F8}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkhfe.dll" [null data] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] {AE7CD045-E861-484f-8273-0445EE161910}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEToolbarHelper Class" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" = "Adobe.Acrobat.ContextMenu" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll" [MS] "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler" -> {HKLM...CLSID} = "Outlook File Icon Extension" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL" [MS] "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler" -> {HKLM...CLSID} = "Microsoft Office Outlook" \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL" [MS] "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler" -> {HKLM...CLSID} = "Microsoft Office Metadata Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler" -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler" \InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\msoshext.dll" [MS] "{B9B9F083-2B04-452A-8691-83694AC1037B}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "LogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\mcplext.dll" ["Logitech Inc."] "{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C}" = "Logitech Setpoint Extension" -> {HKLM...CLSID} = "KbLogiExt Class" \InProcServer32\(Default) = "C:\Program Files\Logitech\SetPoint\kbcplext.dll" ["Logitech Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" = "Context Menu Shell Extension" -> {HKLM...CLSID} = "Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS] "{23F0DC38-DC86-49D6-81EC-40C54A204212}" = "Zen Nano Plus Media Explorer" -> {HKLM...CLSID} = "Zen Nano Plus Media Explorer" \InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Nano Plus\CTMvns.dll" ["Creative Technology Ltd"] "{472083B0-C522-11CF-8763-00608CC02F24}" = "avast" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."] <<!>> "{60D13203-2DC3-4E31-8909-E70BEC38D9F8}" = "°c" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nnnkhfe.dll" [null data] HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> nnnkhfe\DLLName = "nnnkhfe.dll" [null data] HKLM\Software\Classes\PROTOCOLS\Filter\ <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}" -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter" \InProcServer32\(Default) = "C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS] HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ Adobe.Acrobat.ContextMenu\(Default) = "{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}" -> {HKLM...CLSID} = "Acrobat Elements Context Menu" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll" ["Adobe Systems Inc."] avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" -> {HKLM...CLSID} = "Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}" -> {HKLM...CLSID} = "avast" \InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"] TagRename_ContextMenu\(Default) = "{7C5E74A0-D5E0-11D0-A9BF-E886A83B9BE5}" -> {HKLM...CLSID} = "Context Menu Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TAGREN~1\TRshell.dll" ["Softpointer Inc"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Group Policies {policy setting}: -------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "DisableRegistryTools" = (REG_DWORD) hex:0x00000000 {Prevent access to registry editing tools} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\jeremy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp" Startup items in "jeremy" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "Acrobat Assistant" -> shortcut to: "C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe" ["Adobe Systems Inc."] "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"] "Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\SetPoint.exe" ["Logitech Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Toolbars HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Microsoft\Internet Explorer\Toolbar\ "{47833539-D0C5-4125-9FA8-0819E2EAAC93}" = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] Explorer Bars HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\ {182EC0BE-5110-49C8-A062-BEB1D02A220B}\(Default) = (no title provided) -> {HKLM...CLSID} = "Adobe PDF" \InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll" [null data] HKLM\Software\Classes\CLSID\{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}\(Default) = "ToolBand Class" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string] HKLM\Software\Classes\CLSID\{5BF498C0-931E-4A4F-B33F-456D07137EAA}\(Default) = "Volet Wanadoo" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\audience\audience.dll" [empty string] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\ <<H>> "{08C06D61-F1F3-4799-86F8-BE1A89362C85}" = (no title provided) -> {HKLM...CLSID} = "Search Class" \InProcServer32\(Default) = "C:\PROGRA~1\Wanadoo\SEARCH~1.DLL" [empty string] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"] avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"] avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"] avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"] avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"] AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."] Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"] EPSON Printer Status Agent2, EPSONStatusAgent2, "C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe" ["SEIKO EPSON CORPORATION"] France Telecom Routing Table Service, FTRTSVC, "C:\WINDOWS\System32\FTRTSVC.exe" ["France Telecom"] Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] Sunbelt Personal Firewall 4, SPF4, ""C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"" ["Sunbelt Software"] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ Adobe PDF Port\Driver = "C:\WINDOWS\system32\AdobePDF.dll" ["Adobe Systems Incorporated."] EPSON V3 2KMonitor300\Driver = "E_SL2300.DLL" ["SEIKO EPSON CORPORATION"] ---------- (launch time: 2007-08-30 20:23:13) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 54 seconds, including 10 seconds for message boxes) Je continue la procedure
  18. microgolgi
    VundoFix V6.5.7 Checking Java version... Scan started at 10:30:37 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\awvtt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:23:02 26/08/2007 Listing files found while scanning.... C:\windows\system32\ftinspxg.exe C:\windows\system32\maxjdmjb.dll C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\pmnlm.dll Beginning removal... Attempting to delete C:\windows\system32\ftinspxg.exe C:\windows\system32\ftinspxg.exe Has been deleted! Attempting to delete C:\windows\system32\maxjdmjb.dll C:\windows\system32\maxjdmjb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\mlnmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\pmnlm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 17:37:16 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\cfhkj.bak1 C:\WINDOWS\system32\cfhkj.ini C:\WINDOWS\system32\jkhfc.dll C:\windows\system32\mgcenlry.exe C:\windows\system32\ustvytly.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cfhkj.bak1 C:\WINDOWS\system32\cfhkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cfhkj.ini C:\WINDOWS\system32\cfhkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfc.dll Could not be deleted. Attempting to delete C:\windows\system32\mgcenlry.exe C:\windows\system32\mgcenlry.exe Has been deleted! Attempting to delete C:\windows\system32\ustvytly.dll C:\windows\system32\ustvytly.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfc.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 18:51:55 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\mlljk.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\kjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mlljk.dll C:\WINDOWS\system32\mlljk.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:32:44 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\llkkj.bak1 C:\WINDOWS\system32\llkkj.bak2 C:\WINDOWS\system32\llkkj.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\jkkll.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.bak1 C:\WINDOWS\system32\llkkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.bak2 C:\WINDOWS\system32\llkkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.ini C:\WINDOWS\system32\llkkj.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:43:12 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\rrutv.bak1 C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\vturr.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\rrutv.bak1 C:\WINDOWS\system32\rrutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\rrutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vturr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vturr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:50:50 30/08/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.7 Checking Java version... Scan started at 14:58:44 30/08/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.7 Checking Java version... Scan started at 18:54:42 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\vturp.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\prutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturp.dll C:\WINDOWS\system32\vturp.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 20:14:37 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\ututv.bak1 C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\vtutu.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\ututv.bak1 C:\WINDOWS\system32\ututv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ututv.ini C:\WINDOWS\system32\ututv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vtutu.dll C:\WINDOWS\system32\vtutu.dll Has been deleted! Performing Repairs to the registry. Done!
  19. microgolgi
    Deckard's System Scanner v20070826.66 Run by jeremy on 2007-08-30 19:23:28 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as jeremy.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 19:23:34, on 30/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\jeremy\Bureau\dss.exe C:\PROGRA~1\HIJACK~1\jeremy.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A} - C:\WINDOWS\system32\vtutu.dll O2 - BHO: (no name) - {38916424-DD75-4DDB-8335-79DF03A5E9C3} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- Files created between 2007-07-30 and 2007-08-30 ----------------------------- 2007-08-30 19:05:07 6448 ---hs---- C:\WINDOWS\system32\ututv.bak1 2007-08-30 19:05:00 298080 --a------ C:\WINDOWS\system32\vtutu.dll 2007-08-30 18:37:14 0 d-------- C:\Program Files\Sunbelt Software 2007-08-30 15:31:31 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisoft 2007-08-30 15:31:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-30 13:51:33 0 d-------- C:\!KillBox 2007-08-30 13:34:09 0 d-------- C:\Program Files\Navilog1 2007-08-27 22:19:53 0 d-------- C:\Program Files\Picasa2 2007-08-26 20:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-26 16:47:40 0 d-------- C:\Documents and Settings\jeremy\.housecall6.6 2007-08-26 16:45:57 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2007-08-26 16:45:57 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-08-26 16:45:56 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-08-26 10:30:37 0 d-------- C:\VundoFix Backups 2007-08-25 18:48:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-25 18:39:40 0 d-------- C:\Program Files\Lavasoft 2007-08-24 14:38:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\Creative 2007-08-24 12:48:59 0 d-------- C:\WINDOWS\system32\NtmsData 2007-08-24 12:27:41 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control> 2007-08-24 12:27:41 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access> 2007-08-24 12:23:12 38402 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player> 2007-08-24 12:20:09 0 d-------- C:\Program Files\Creative 2007-08-23 21:25:04 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll 2007-08-22 17:12:27 0 dr-h----- C:\Documents and Settings\jeremy\Application Data\SecuROM 2007-08-22 17:12:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2007-08-22 17:08:37 0 d-------- C:\Program Files\Ubisoft 2007-08-22 17:00:50 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-16 16:32:42 0 d-------- C:\Program Files\MSXML 6.0 2007-08-12 20:30:58 102400 --a------ C:\WINDOWS\system32\CmutEuro32.dll <Not Verified; Euro Information; Librairie Europe commune Crédit Mutuel et CIC> 2007-08-12 20:30:58 176128 --a------ C:\WINDOWS\calceuro.exe <Not Verified; Euro-Information; CALCEURO> 2007-08-12 20:30:56 0 d-------- C:\Program Files\CyberMUT 2007-08-12 20:28:04 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisbi 2007-08-05 14:44:46 0 d-------- C:\Documents and Settings\jeremy\Application Data\uTorrent 2007-08-02 19:41:09 37027 --a------ C:\WINDOWS\atmoUn.exe 2007-08-02 19:41:07 0 d-------- C:\Program Files\Viewpoint 2007-08-02 19:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-08-01 19:08:55 0 d-------- C:\Documents and Settings\jeremy\Application Data\MySpace 2007-08-01 19:08:52 0 d-------- C:\Program Files\MySpace -- Find3M Report --------------------------------------------------------------- 2007-08-30 19:23:24 0 d-------- C:\Program Files\Wanadoo 2007-08-27 22:20:04 0 d-------- C:\Program Files\Google 2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs 2007-08-26 19:24:27 506796 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-08-26 19:24:27 84354 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-08-26 12:40:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\dvdcss 2007-08-24 12:30:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-16 23:31:34 0 d-------- C:\Documents and Settings\jeremy\Application Data\AdobeUM 2007-07-28 10:06:40 0 d-------- C:\Documents and Settings\jeremy\Application Data\Serif 2007-07-26 20:14:23 30720 --a------ C:\WINDOWS\6816White12.dat 2007-07-26 20:14:23 4 --a------ C:\WINDOWS\6816Error.dat 2007-07-26 20:14:19 30720 --a------ C:\WINDOWS\6816Dark12.dat 2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Offset.dat 2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Gain.dat 2007-07-26 20:14:15 6 --a------ C:\WINDOWS\6816Exposure.dat 2007-07-22 16:32:49 0 d-------- C:\Program Files\TagRename 2007-07-22 16:17:38 0 d-------- C:\Program Files\Free Audio Pack 2007-07-15 22:09:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\EoRezo 2007-07-15 22:05:53 0 d-------- C:\Documents and Settings\jeremy\Application Data\ItsLabel 2007-07-13 23:03:49 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-13 21:28:19 0 d-------- C:\Program Files\Messenger Plus! Live 2007-07-13 21:28:18 0 d-------- C:\Program Files\Windows Live 2007-07-13 21:28:18 0 d-------- C:\Program Files\MSN Messenger 2007-07-02 07:56:03 0 d-------- C:\Program Files\Winamp 2007-06-17 22:20:31 79 --a------ C:\WINDOWS\system32\netwbix32.dll 2007-06-15 23:50:21 1277 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A}] 30/08/2007 19:05 298080 --a------ C:\WINDOWS\system32\vtutu.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{38916424-DD75-4DDB-8335-79DF03A5E9C3}] C:\WINDOWS\system32\vturp.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60D13203-2DC3-4E31-8909-E70BEC38D9F8}] 23/08/2007 21:25 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28/07/2007 00:03] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 17:09] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2007 19:30] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [07/07/2006 18:45] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [23/08/2004 14:50] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [17/08/2007 22:48] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 06:37:56] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/02/2007 19:30:42] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [26/06/2007 22:36:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{60D13203-2DC3-4E31-8909-E70BEC38D9F8}"= C:\WINDOWS\system32\nnnkhfe.dll [23/08/2007 21:25 43542] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkhfe] nnnkhfe.dll 23/08/2007 21:25 43542 C:\WINDOWS\system32\nnnkhfe.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtutu] C:\WINDOWS\system32\vtutu.dll 30/08/2007 19:05 298080 C:\WINDOWS\system32\vtutu.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-30 19:25:33 ------------
  20. microgolgi
    C:\WINDOWS\system32\yeppeljd.exe moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnkhfe.dll C:\WINDOWS\system32\nnnkhfe.dll NOT unregistered. File move failed. C:\WINDOWS\system32\nnnkhfe.dll scheduled to be moved on reboot. Created on 08/30/2007 19:15:44 Logfile of HijackThis v1.99.1 Scan saved at 19:22:01, on 30/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2E0290E5-1B58-40B5-9093-4EBD0FB5CB3A} - C:\WINDOWS\system32\vtutu.dll O2 - BHO: (no name) - {38916424-DD75-4DDB-8335-79DF03A5E9C3} - C:\WINDOWS\system32\vturp.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll O20 - Winlogon Notify: vtutu - C:\WINDOWS\system32\vtutu.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe PAr cobtre, j'ai plein d'alert d'intrusion bloquée par Sunbelt
  21. microgolgi
    re, merci pour ton aide. VundoFix V6.5.7 Checking Java version... Scan started at 10:30:37 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\awvtt.dll C:\WINDOWS\system32\awvtt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.bak1 C:\WINDOWS\system32\ttvwa.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.bak2 C:\WINDOWS\system32\ttvwa.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\ttvwa.ini C:\WINDOWS\system32\ttvwa.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:23:02 26/08/2007 Listing files found while scanning.... C:\windows\system32\ftinspxg.exe C:\windows\system32\maxjdmjb.dll C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\pmnlm.dll Beginning removal... Attempting to delete C:\windows\system32\ftinspxg.exe C:\windows\system32\ftinspxg.exe Has been deleted! Attempting to delete C:\windows\system32\maxjdmjb.dll C:\windows\system32\maxjdmjb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.bak1 C:\WINDOWS\system32\mlnmp.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.bak2 C:\WINDOWS\system32\mlnmp.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\mlnmp.ini C:\WINDOWS\system32\mlnmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnlm.dll C:\WINDOWS\system32\pmnlm.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 17:37:16 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\cfhkj.bak1 C:\WINDOWS\system32\cfhkj.ini C:\WINDOWS\system32\jkhfc.dll C:\windows\system32\mgcenlry.exe C:\windows\system32\ustvytly.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\cfhkj.bak1 C:\WINDOWS\system32\cfhkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\cfhkj.ini C:\WINDOWS\system32\cfhkj.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfc.dll Could not be deleted. Attempting to delete C:\windows\system32\mgcenlry.exe C:\windows\system32\mgcenlry.exe Has been deleted! Attempting to delete C:\windows\system32\ustvytly.dll C:\windows\system32\ustvytly.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\jkhfc.dll C:\WINDOWS\system32\jkhfc.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 18:51:55 26/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\mlljk.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\kjllm.bak1 C:\WINDOWS\system32\kjllm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\kjllm.ini C:\WINDOWS\system32\kjllm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\mlljk.dll C:\WINDOWS\system32\mlljk.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:32:44 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\llkkj.bak1 C:\WINDOWS\system32\llkkj.bak2 C:\WINDOWS\system32\llkkj.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\jkkll.dll C:\WINDOWS\system32\jkkll.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.bak1 C:\WINDOWS\system32\llkkj.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.bak2 C:\WINDOWS\system32\llkkj.bak2 Has been deleted! Attempting to delete C:\WINDOWS\system32\llkkj.ini C:\WINDOWS\system32\llkkj.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:43:12 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\rrutv.bak1 C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\vturr.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\rrutv.bak1 C:\WINDOWS\system32\rrutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\rrutv.ini C:\WINDOWS\system32\rrutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vturr.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\vturr.dll C:\WINDOWS\system32\vturr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.7 Checking Java version... Scan started at 14:50:50 30/08/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.7 Checking Java version... Scan started at 14:58:44 30/08/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.5.7 Checking Java version... Scan started at 18:54:42 30/08/2007 Listing files found while scanning.... C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\vturp.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\prutv.bak1 C:\WINDOWS\system32\prutv.bak1 Has been deleted! Attempting to delete C:\WINDOWS\system32\prutv.ini C:\WINDOWS\system32\prutv.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\vturp.dll C:\WINDOWS\system32\vturp.dll Has been deleted! Performing Repairs to the registry. Done! PAr contre j'ai plus de fenetres qui s'ouvrent.
  22. microgolgi
    Eh ben mais elle vient d'ou cette infection? et c quoi exactement comme infection? bon allez jv suivre ton procedure
  23. microgolgi
    Deckard's System Scanner v20070826.66 Run by jeremy on 2007-08-30 18:19:25 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as jeremy.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:19:31, on 30/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\jeremy\Bureau\dss.exe C:\PROGRA~1\HIJACK~1\jeremy.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {D4BB6CA1-DF75-4EC1-809B-98CE51B05E1F} - C:\WINDOWS\system32\vturp.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll O20 - Winlogon Notify: vturp - C:\WINDOWS\system32\vturp.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- Files created between 2007-07-30 and 2007-08-30 ----------------------------- 2007-08-30 17:45:49 6488 ---hs---- C:\WINDOWS\system32\prutv.bak1 2007-08-30 17:45:41 298080 --a------ C:\WINDOWS\system32\vturp.dll 2007-08-30 15:31:31 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisoft 2007-08-30 15:31:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-08-30 13:51:33 0 d-------- C:\!KillBox 2007-08-30 13:34:09 0 d-------- C:\Program Files\Navilog1 2007-08-27 22:19:53 0 d-------- C:\Program Files\Picasa2 2007-08-26 20:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-26 16:47:40 0 d-------- C:\Documents and Settings\jeremy\.housecall6.6 2007-08-26 16:45:57 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2007-08-26 16:45:57 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-08-26 16:45:56 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-08-26 10:30:37 0 d-------- C:\VundoFix Backups 2007-08-25 18:48:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-25 18:39:40 0 d-------- C:\Program Files\Lavasoft 2007-08-24 20:49:54 574508 --a------ C:\WINDOWS\system32\yeppeljd.exe 2007-08-24 14:38:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\Creative 2007-08-24 12:48:59 0 d-------- C:\WINDOWS\system32\NtmsData 2007-08-24 12:27:41 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control> 2007-08-24 12:27:41 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access> 2007-08-24 12:23:12 38402 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player> 2007-08-24 12:20:09 0 d-------- C:\Program Files\Creative 2007-08-23 21:25:04 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll 2007-08-22 17:12:27 0 dr-h----- C:\Documents and Settings\jeremy\Application Data\SecuROM 2007-08-22 17:12:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2007-08-22 17:08:37 0 d-------- C:\Program Files\Ubisoft 2007-08-22 17:00:50 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-16 16:32:42 0 d-------- C:\Program Files\MSXML 6.0 2007-08-12 20:30:58 102400 --a------ C:\WINDOWS\system32\CmutEuro32.dll <Not Verified; Euro Information; Librairie Europe commune Crédit Mutuel et CIC> 2007-08-12 20:30:58 176128 --a------ C:\WINDOWS\calceuro.exe <Not Verified; Euro-Information; CALCEURO> 2007-08-12 20:30:56 0 d-------- C:\Program Files\CyberMUT 2007-08-12 20:28:04 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisbi 2007-08-05 14:44:46 0 d-------- C:\Documents and Settings\jeremy\Application Data\uTorrent 2007-08-02 19:41:09 37027 --a------ C:\WINDOWS\atmoUn.exe 2007-08-02 19:41:07 0 d-------- C:\Program Files\Viewpoint 2007-08-02 19:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-08-01 19:08:55 0 d-------- C:\Documents and Settings\jeremy\Application Data\MySpace 2007-08-01 19:08:52 0 d-------- C:\Program Files\MySpace -- Find3M Report --------------------------------------------------------------- 2007-08-30 17:42:16 0 d-------- C:\Program Files\Wanadoo 2007-08-27 22:20:04 0 d-------- C:\Program Files\Google 2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs 2007-08-26 19:24:27 506796 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-08-26 19:24:27 84354 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-08-26 12:40:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\dvdcss 2007-08-24 12:30:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-16 23:31:34 0 d-------- C:\Documents and Settings\jeremy\Application Data\AdobeUM 2007-07-28 10:06:40 0 d-------- C:\Documents and Settings\jeremy\Application Data\Serif 2007-07-26 20:14:23 30720 --a------ C:\WINDOWS\6816White12.dat 2007-07-26 20:14:23 4 --a------ C:\WINDOWS\6816Error.dat 2007-07-26 20:14:19 30720 --a------ C:\WINDOWS\6816Dark12.dat 2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Offset.dat 2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Gain.dat 2007-07-26 20:14:15 6 --a------ C:\WINDOWS\6816Exposure.dat 2007-07-22 16:32:49 0 d-------- C:\Program Files\TagRename 2007-07-22 16:17:38 0 d-------- C:\Program Files\Free Audio Pack 2007-07-15 22:09:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\EoRezo 2007-07-15 22:05:53 0 d-------- C:\Documents and Settings\jeremy\Application Data\ItsLabel 2007-07-13 23:03:49 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-13 21:28:19 0 d-------- C:\Program Files\Messenger Plus! Live 2007-07-13 21:28:18 0 d-------- C:\Program Files\Windows Live 2007-07-13 21:28:18 0 d-------- C:\Program Files\MSN Messenger 2007-07-02 07:56:03 0 d-------- C:\Program Files\Winamp 2007-06-17 22:20:31 79 --a------ C:\WINDOWS\system32\netwbix32.dll 2007-06-15 23:50:21 1277 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60D13203-2DC3-4E31-8909-E70BEC38D9F8}] 23/08/2007 21:25 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4BB6CA1-DF75-4EC1-809B-98CE51B05E1F}] 30/08/2007 17:45 298080 --a------ C:\WINDOWS\system32\vturp.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28/07/2007 00:03] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 17:09] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2007 19:30] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [07/07/2006 18:45] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [23/08/2004 14:50] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [17/08/2007 22:48] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 06:37:56] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/02/2007 19:30:42] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [26/06/2007 22:36:46] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{60D13203-2DC3-4E31-8909-E70BEC38D9F8}"= C:\WINDOWS\system32\nnnkhfe.dll [23/08/2007 21:25 43542] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkhfe] nnnkhfe.dll 23/08/2007 21:25 43542 C:\WINDOWS\system32\nnnkhfe.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vturp] C:\WINDOWS\system32\vturp.dll 30/08/2007 17:45 298080 C:\WINDOWS\system32\vturp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-30 18:21:34 ------------
  24. microgolgi
    Rapport de OTMoveIT DllUnregisterServer procedure not found in C:\WINDOWS\system32\nnnkhfe.dll C:\WINDOWS\system32\nnnkhfe.dll NOT unregistered. File move failed. C:\WINDOWS\system32\nnnkhfe.dll scheduled to be moved on reboot. C:\WINDOWS\system32\kjllm.bak2 moved successfully. File/Folder C:\WINDOWS\system32\yeppeljf.exe not found. C:\WINDOWS\system32\hhfkhorzcu.exe moved successfully. C:\WINDOWS\system32\urdluiy.exe moved successfully. C:\WINDOWS\system32\oyftqpesh.exe moved successfully. C:\WINDOWS\system32\hwmmwtygaw.exe moved successfully. C:\WINDOWS\system32\qosairqmy.exe moved successfully. C:\WINDOWS\system32\xczzotqs.exe moved successfully. C:\WINDOWS\system32\ihmuhob.exe moved successfully. C:\WINDOWS\system32\xdjwxx.exe moved successfully. C:\WINDOWS\system32\awilors.exe moved successfully. C:\WINDOWS\system32\pdwmuqvlce.exe moved successfully. C:\WINDOWS\system32\wtoartir.exe moved successfully. C:\WINDOWS\system32\evyozivw.exe moved successfully. Created on 08/30/2007 17:38:41 --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 17:32:41 30/08/2007 + Résultat de l'analyse: C:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP149\A0045337.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{53BE7D99-FA0C-4D2E-A3F8-8B3038249D30}\RP149\A0045342.exe -> Downloader.Tiny.id : Nettoyé et sauvegardé (mise en quarantaine). C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.71:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.72:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.73:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.229:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.230:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.231:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.232:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.233:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.234:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.235:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.236:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.237:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.238:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.239:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.240:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.241:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.242:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.243:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.244:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.245:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.537:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.538:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.558:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.252:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.253:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.93:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé. :mozilla.94:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé. :mozilla.95:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé. :mozilla.96:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Addynamix : Nettoyé. :mozilla.208:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.209:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.152:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.153:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.154:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.155:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.216:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.13:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.786:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé. :mozilla.337:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.830:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.831:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.832:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.338:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé. :mozilla.339:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé. :mozilla.340:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé. :mozilla.341:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé. :mozilla.167:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.45:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.935:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé. :mozilla.255:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.75:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.76:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.77:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.78:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.79:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.940:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.941:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.942:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.943:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.944:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.452:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Hotlog : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyé. :mozilla.460:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.461:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.7:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.168:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.974:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé. :mozilla.605:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.606:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.607:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé. :mozilla.616:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.617:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.618:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.619:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.620:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.306:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.634:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.635:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.636:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.637:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.638:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.106:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.108:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.110:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.111:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.112:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.113:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.114:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.655:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.656:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.657:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.658:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Specificclick : Nettoyé. :mozilla.670:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.671:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.672:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.176:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.609:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.610:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.611:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.612:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.613:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé. :mozilla.730:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.731:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.732:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.856:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.759:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé. :mozilla.760:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé. :mozilla.778:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.779:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.780:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.781:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.782:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.783:C:\Documents and Settings\jeremy\Application Data\Mozilla\Firefox\Profiles\pht2srqd.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\jeremy\Cookies\jeremy@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 17:43:32, on 30/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe Et voila! eh ebn c long l'analyse avec AVG AS.
  25. microgolgi
    Deckard's System Scanner v20070826.66 Run by jeremy on 2007-08-30 15:04:49 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 94: 2007-08-30 13:04:59 UTC - RP151 - Deckard's System Scanner Restore Point 93: 2007-08-28 21:54:16 UTC - RP150 - Software Distribution Service 3.0 92: 2007-08-28 11:45:59 UTC - RP149 - Point de vérification système 91: 2007-08-26 18:24:44 UTC - RP148 - Installed Ad-Aware 2007 90: 2007-08-25 16:47:01 UTC - RP147 - Removed Ad-Aware 2007 -- First Restore Point -- 1: 2007-05-29 18:52:08 UTC - RP58 - Supprimé SpellForce 2 - Shadow Wars Backed up registry hives. Performed disk cleanup. -- HijackThis (run as jeremy.exe) ---------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:05:45, on 30/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Fichiers communs\Logitech\KhalShared\KHALMNPR.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\jeremy\Bureau\dss.exe C:\WINDOWS\System32\wbem\wmiprvse.exe C:\PROGRA~1\HIJACK~1\jeremy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.chemtable.com/order3.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {60D13203-2DC3-4E31-8909-E70BEC38D9F8} - C:\WINDOWS\system32\nnnkhfe.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {68FEF0F3-B2A7-4C52-9B00-8C495CD03F28} - C:\WINDOWS\system32\pmnlm.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {838F02C0-6F57-4332-8298-1D5A7A19F1F9} - C:\WINDOWS\system32\jkkll.dll (file missing) O2 - BHO: (no name) - {8992AFAC-465A-40E6-8611-585EEB8DEE01} - C:\WINDOWS\system32\vturr.dll (file missing) O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {CACF3C3A-708F-4CD0-AE52-AE78A2CD536E} - C:\WINDOWS\system32\awvtt.dll (file missing) O2 - BHO: (no name) - {D3388959-E43E-403A-A8F3-335F27D9B6ED} - C:\WINDOWS\system32\mlljk.dll (file missing) O2 - BHO: (no name) - {DA38295B-6DF8-40C1-A086-39CB7DC7A5CD} - C:\WINDOWS\system32\jkhfc.dll (file missing) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O18 - Protocol: bw+0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: offline-8876480 - {4B4DBA08-3C50-4119-8F13-A446EE1F511C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: nnnkhfe - C:\WINDOWS\SYSTEM32\nnnkhfe.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) -------------------- backup-20070830-135316-112 O4 - HKLM\..\Run: [gadynurvsl] c:\windows\system32\gadynurvsl.exe gadynurvsl backup-20070830-135316-808 O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) backup-20070830-135317-281 O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology (StarForce); SF FrontLine> R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology (StarForce); SF FrontLine> R0 sfsync04 (StarForce Protection Synchronization Driver (version 4.x)) - c:\windows\system32\drivers\sfsync04.sys <Not Verified; Protection Technology (StarForce); SF FrontLine> R1 aslm75 - c:\windows\system32\drivers\aslm75.sys R3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows> S3 L8042mou (Logitech SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys <Not Verified; Logitech, Inc.; Logitech SetPoint> S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing) S3 RT2500USB (Hercules Wireless USB Dongle Driver) - c:\windows\system32\drivers\rt73.sys (file missing) S3 SANDRA - c:\program files\sisoftware\sisoftware sandra lite 2005.sr3\sandra.sys (file missing) S3 ZSMC211 (USB PC Camera (ZS211)) - c:\windows\system32\drivers\zs211.sys <Not Verified; ZSMC Corporation; > -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program files\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> R2 EPSONStatusAgent2 (EPSON Printer Status Agent2) - c:\program files\fichiers communs\epson\ebapi\sagent2.exe <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer> R2 FTRTSVC (France Telecom Routing Table Service) - c:\windows\system32\ftrtsvc.exe <Not Verified; France Telecom; FTRTSVC NT Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2007-07-30 and 2007-08-30 ----------------------------- 2007-08-30 13:51:33 0 d-------- C:\!KillBox 2007-08-30 13:34:09 0 d-------- C:\Program Files\Navilog1 2007-08-27 22:19:53 0 d-------- C:\Program Files\Picasa2 2007-08-27 05:56:52 773284 -----n--- C:\WINDOWS\system32\kjllm.bak2 2007-08-26 20:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-08-26 16:47:40 0 d-------- C:\Documents and Settings\jeremy\.housecall6.6 2007-08-26 16:45:57 69689 --a------ C:\WINDOWS\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2007-08-26 16:45:57 507904 --a------ C:\WINDOWS\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-08-26 16:45:56 286720 --a------ C:\WINDOWS\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2007-08-26 10:30:37 0 d-------- C:\VundoFix Backups 2007-08-25 18:48:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-25 18:39:40 0 d-------- C:\Program Files\Lavasoft 2007-08-24 20:49:54 574508 --a------ C:\WINDOWS\system32\yeppeljd.exe 2007-08-24 14:38:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\Creative 2007-08-24 12:48:59 0 d-------- C:\WINDOWS\system32\NtmsData 2007-08-24 12:27:41 25088 -----n--- C:\WINDOWS\system32\CTSVCCTL.EXE <Not Verified; Creative Technology Ltd; Creative Service Control> 2007-08-24 12:27:41 44032 -----n--- C:\WINDOWS\system32\CTSVCCDA.EXE <Not Verified; Creative Technology Ltd; Creative Service for CDROM Access> 2007-08-24 12:23:12 38402 -----n--- C:\WINDOWS\system32\drivers\StMp3Rec.sys <Not Verified; Generic; Generic MP3 Player> 2007-08-24 12:20:09 0 d-------- C:\Program Files\Creative 2007-08-23 21:25:04 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll 2007-08-22 17:12:27 0 dr-h----- C:\Documents and Settings\jeremy\Application Data\SecuROM 2007-08-22 17:12:26 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; > 2007-08-22 17:08:37 0 d-------- C:\Program Files\Ubisoft 2007-08-22 17:00:50 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-16 16:32:42 0 d-------- C:\Program Files\MSXML 6.0 2007-08-12 20:30:58 102400 --a------ C:\WINDOWS\system32\CmutEuro32.dll <Not Verified; Euro Information; Librairie Europe commune Crédit Mutuel et CIC> 2007-08-12 20:30:58 176128 --a------ C:\WINDOWS\calceuro.exe <Not Verified; Euro-Information; CALCEURO> 2007-08-12 20:30:56 0 d-------- C:\Program Files\CyberMUT 2007-08-12 20:28:04 0 d-------- C:\Documents and Settings\jeremy\Application Data\Grisbi 2007-08-05 14:44:46 0 d-------- C:\Documents and Settings\jeremy\Application Data\uTorrent 2007-08-02 19:41:09 37027 --a------ C:\WINDOWS\atmoUn.exe 2007-08-02 19:41:07 0 d-------- C:\Program Files\Viewpoint 2007-08-02 19:41:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-08-01 19:08:55 0 d-------- C:\Documents and Settings\jeremy\Application Data\MySpace 2007-08-01 19:08:52 0 d-------- C:\Program Files\MySpace -- Find3M Report --------------------------------------------------------------- 2007-08-30 14:50:43 0 d-------- C:\Program Files\Wanadoo 2007-08-27 22:20:04 0 d-------- C:\Program Files\Google 2007-08-26 20:24:09 0 d-------- C:\Program Files\Fichiers communs 2007-08-26 19:24:27 506796 --a------ C:\WINDOWS\system32\perfh00C.dat 2007-08-26 19:24:27 84354 --a------ C:\WINDOWS\system32\perfc00C.dat 2007-08-26 12:40:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\dvdcss 2007-08-24 12:30:25 0 d--h----- C:\Program Files\InstallShield Installation Information 2007-08-16 23:31:34 0 d-------- C:\Documents and Settings\jeremy\Application Data\AdobeUM 2007-07-28 10:06:40 0 d-------- C:\Documents and Settings\jeremy\Application Data\Serif 2007-07-26 20:14:23 30720 --a------ C:\WINDOWS\6816White12.dat 2007-07-26 20:14:23 4 --a------ C:\WINDOWS\6816Error.dat 2007-07-26 20:14:19 30720 --a------ C:\WINDOWS\6816Dark12.dat 2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Offset.dat 2007-07-26 20:14:15 3 --a------ C:\WINDOWS\6816Gain.dat 2007-07-26 20:14:15 6 --a------ C:\WINDOWS\6816Exposure.dat 2007-07-22 16:32:49 0 d-------- C:\Program Files\TagRename 2007-07-22 16:17:38 0 d-------- C:\Program Files\Free Audio Pack 2007-07-15 22:09:23 0 d-------- C:\Documents and Settings\jeremy\Application Data\EoRezo 2007-07-15 22:05:53 0 d-------- C:\Documents and Settings\jeremy\Application Data\ItsLabel 2007-07-13 23:03:49 0 d-------- C:\Program Files\Windows Media Connect 2 2007-07-13 21:28:19 0 d-------- C:\Program Files\Messenger Plus! Live 2007-07-13 21:28:18 0 d-------- C:\Program Files\Windows Live 2007-07-13 21:28:18 0 d-------- C:\Program Files\MSN Messenger 2007-07-02 07:56:03 0 d-------- C:\Program Files\Winamp 2007-06-26 18:57:17 279552 --a------ C:\WINDOWS\system32\hhfkhorzcu.exe 2007-06-26 00:40:47 274432 --a------ C:\WINDOWS\system32\urdluiy.exe 2007-06-23 16:28:48 273408 --a------ C:\WINDOWS\system32\oyftqpesh.exe 2007-06-22 16:41:45 278528 --a------ C:\WINDOWS\system32\hwmmwtygaw.exe 2007-06-22 07:42:45 275456 --a------ C:\WINDOWS\system32\qosairqmy.exe 2007-06-22 00:14:20 276992 --a------ C:\WINDOWS\system32\xczzotqs.exe 2007-06-21 17:22:32 457728 --a------ C:\WINDOWS\system32\ihmuhob.exe 2007-06-21 07:38:43 459264 --a------ C:\WINDOWS\system32\xdjwxx.exe 2007-06-20 19:11:22 452608 --a------ C:\WINDOWS\system32\awilors.exe 2007-06-20 18:01:32 451584 --a------ C:\WINDOWS\system32\pdwmuqvlce.exe 2007-06-19 22:25:31 451584 --a------ C:\WINDOWS\system32\wtoartir.exe 2007-06-18 19:06:01 454656 --a------ C:\WINDOWS\system32\evyozivw.exe 2007-06-17 22:20:31 79 --a------ C:\WINDOWS\system32\netwbix32.dll 2007-06-15 23:50:21 1277 --a------ C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60D13203-2DC3-4E31-8909-E70BEC38D9F8}] 23/08/2007 21:25 43542 --a------ C:\WINDOWS\system32\nnnkhfe.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{68FEF0F3-B2A7-4C52-9B00-8C495CD03F28}] C:\WINDOWS\system32\pmnlm.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{838F02C0-6F57-4332-8298-1D5A7A19F1F9}] C:\WINDOWS\system32\jkkll.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8992AFAC-465A-40E6-8611-585EEB8DEE01}] C:\WINDOWS\system32\vturr.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CACF3C3A-708F-4CD0-AE52-AE78A2CD536E}] C:\WINDOWS\system32\awvtt.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D3388959-E43E-403A-A8F3-335F27D9B6ED}] C:\WINDOWS\system32\mlljk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA38295B-6DF8-40C1-A086-39CB7DC7A5CD}] C:\WINDOWS\system32\jkhfc.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [19/04/2007 13:26] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [28/07/2007 00:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [19/08/2004 17:09] "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [12/02/2007 19:30] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [07/07/2006 18:45] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [23/08/2004 14:50] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [02/12/2004 18:23] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [17/08/2007 22:48] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [24/10/2003 06:37:56] Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [12/02/2007 19:30:42] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [26/06/2007 22:36:46] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{60D13203-2DC3-4E31-8909-E70BEC38D9F8}"= C:\WINDOWS\system32\nnnkhfe.dll [23/08/2007 21:25 43542] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkhfe] nnnkhfe.dll 23/08/2007 21:25 43542 C:\WINDOWS\system32\nnnkhfe.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" -- End of Deckard's System Scanner: finished at 2007-08-30 15:08:28 ------------ voila
×
×
  • Créer...