Cassidy

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:55:14, on 10/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe C:\Program Files\Internet Explorer\Anti-Virus\FSGK32.EXE C:\Program Files\Internet Explorer\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Internet Explorer\Anti-Virus\fssm32.exe C:\Program Files\Internet Explorer\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\Common\FCH32.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Internet Explorer\Common\FAMEH32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fsqh.exe C:\Program Files\Internet Explorer\Anti-Virus\fsrw.exe C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe C:\Program Files\Internet Explorer\Anti-Virus\fsav32.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Common\FSM32.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\INTERN~1\ANTI-S~1\fsaw.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Internet Explorer\FSGUI\fsguidll.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Windows Media Player\wmpenc.exe C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Th£ WoRlD oF CasSidy\Bureau\Logiciels\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Explorer\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Internet Explorer\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Internet Explorer\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [instant Access] C:\WINDOWS\system32\procia.exe /run (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1006\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'CATHY') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-1115034969-3688569970-1850989012-1006 Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe (User 'CATHY') O4 - S-1-5-21-1115034969-3688569970-1850989012-1006 User Startup: OpenOffice.org 1.1.5.lnk = C:\Program Files\OpenOffice.org1.1.5\program\quickstart.exe (User 'CATHY') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Internet Explorer\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxenligne.orange.fr/orange2.0/gam...amesControl.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128369038015 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.msnjeux.com/online2/MSN_INTL_FR...mesLauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internet Explorer\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12075 bytes Oui, il y a plusieurs sessions Que veux tu, gaffeur un jour , gaffeur toujours

Alors là franchement je suis bêbête sur ce coup la! J'ai bien fait le scan, en oubliant de sauver le rapport avant d'enlever les infections :s J'ai bien supprimé procia.exe, et il y avait deux fichiers Dialer.InstantAccess.f

Je ne le trouvait pas ( décidément , c'est un farceur ) J'ai utilisé OTMoveIt, on m'indique : Invalid time flag : Run ( User ' CHALDER ' ) Must be numerical ?

La chasse aux virus me fait JUBILER Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:39, on 06/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe C:\Program Files\Internet Explorer\Anti-Virus\FSGK32.EXE C:\Program Files\Internet Explorer\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Internet Explorer\Anti-Virus\fssm32.exe C:\Program Files\Internet Explorer\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\Common\FCH32.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Internet Explorer\Common\FAMEH32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fsqh.exe C:\Program Files\Internet Explorer\Anti-Virus\fsrw.exe C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe C:\Program Files\Internet Explorer\Anti-Virus\fsav32.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Common\FSM32.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\INTERN~1\ANTI-S~1\fsaw.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Internet Explorer\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\mmc.exe C:\WINDOWS\system32\DfrgNtfs.exe C:\Documents and Settings\Th£ WoRlD oF CasSidy\Bureau\Logiciels\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Explorer\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Internet Explorer\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Internet Explorer\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [instant Access] C:\WINDOWS\system32\procia.exe /run (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 (User 'CHALDER') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Internet Explorer\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxenligne.orange.fr/orange2.0/gam...amesControl.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128369038015 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.msnjeux.com/online2/MSN_INTL_FR...mesLauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internet Explorer\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 11589 bytes

C'est bizzare, parce sous la colonne results, on m'indique : File/Folder c:\program files\spyspotter3 not found.

Rapport MBAM : Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1030 Windows 5.1.2600 Service Pack 2 19:42:11 06/08/2008 mbam-log-8-6-2008 (19-42-11).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 143494 Temps écoulé: 2 hour(s), 22 minute(s), 21 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP884\A0453874.dll (Adware.PopCap) -> Quarantined and deleted successfully.

J'ai bien fait le Fix checked mais le dossier Spyspotter3 est introuvable, j'ai fait une recherche mais rien à faire :s Je t'envoie le rapport MBAM plus tard

Et voilà M. Apollo Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:31:24, on 05/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe C:\Program Files\Internet Explorer\Anti-Virus\FSGK32.EXE C:\Program Files\Internet Explorer\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Internet Explorer\Anti-Virus\fssm32.exe C:\Program Files\Internet Explorer\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe C:\Program Files\Internet Explorer\Common\FCH32.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsqh.exe C:\Program Files\Internet Explorer\Common\FAMEH32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fsrw.exe C:\WINDOWS\system32\slrundll.exe C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe C:\Program Files\Internet Explorer\Anti-Virus\fsav32.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\notepad.exe C:\Program Files\Internet Explorer\Common\FSM32.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\PROGRA~1\INTERN~1\ANTI-S~1\fsaw.exe C:\Program Files\Internet Explorer\FSGUI\ispnews.exe C:\Program Files\Internet Explorer\FSGUI\fsguidll.exe C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Th£ WoRlD oF CasSidy\Bureau\Logiciels\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Explorer\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Internet Explorer\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Internet Explorer\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Internet Explorer\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxenligne.orange.fr/orange2.0/gam...amesControl.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128369038015 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.msnjeux.com/online2/MSN_INTL_FR...mesLauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internet Explorer\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10834 bytes

Option 2 Navilog : Clean Navipromo version 3.6.1 commencé le 05/08/2008 à 18:58:23,95 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Th£ WoRlD oF CasSidy" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\CATHY\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\APPLIC~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CATHY\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CHALDER\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\THWORL~2\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CATHY\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CATHY\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CHALDER\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Thœ WoRlD oF CasSidy\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * * Dans "C:\DOCUME~1\CATHY\locals~1\applic~1" * * Dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 05/08/2008 à 19:05:09,07 *** Au fait Apollo, j'ai effectué une défragmentation qu'est ce que t'en dis?

Incroyable Merci Apollo Je vais faire ce que tu me conseilles de ce pas

Navilog option 1 Search Navipromo version 3.6.1 commencé le 04/08/2008 à 10:53:09,81 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Th£ WoRlD oF CasSidy" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\APPLIC~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CATHY\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CHALDER\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\THWORL~2\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CATHY\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CATHY\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CHALDER\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier Navipromo trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\CATHY\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : tmoxykvc_navtmp.dat trouvé ! * Dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" : * Dans "C:\DOCUME~1\CATHY\locals~1\applic~1" : * Dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 04/08/2008 à 12:33:46,84 *** Rapport Javara : JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Mon Aug 04 13:14:03 2008 Found and removed: C:\Program Files\Java\jre1.5.0_04 Found and removed: C:\Program Files\Java\jre1.5.0_06 Could not delete: C:\Program Files\Java\jre1.5.0_10 Found and removed: Software\JavaSoft\Java2D\1.5.0_04 Found and removed: Software\JavaSoft\Java2D\1.5.0_06 Found and removed: Software\JavaSoft\Java2D\1.5.0_10 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Classes\JavaPlugin.150_04 Found and removed: SOFTWARE\Classes\JavaPlugin.150_06 Found and removed: SOFTWARE\Classes\JavaPlugin.150_10 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150040} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_04\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. Voilà Apollo !

Voila le nouveau Log hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:24, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe C:\Program Files\Internet Explorer\Anti-Virus\FSGK32.EXE C:\Program Files\Internet Explorer\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Internet Explorer\Common\FSMB32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fssm32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\Common\FCH32.EXE C:\Program Files\Internet Explorer\Common\FAMEH32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fsqh.exe C:\Program Files\Internet Explorer\Anti-Virus\fsrw.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe C:\Program Files\Internet Explorer\Anti-Virus\fsav32.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\Common\FSM32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Internet Explorer\FSGUI\ispnews.exe C:\PROGRA~1\INTERN~1\ANTI-S~1\fsaw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Internet Explorer\FSGUI\fsguidll.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wisptis.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Th£ WoRlD oF CasSidy\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Explorer\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Internet Explorer\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Internet Explorer\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [gmyaqoq] c:\windows\system32\gmyaqoq.exe gmyaqoq O4 - HKLM\..\Run: [wewseiusq] c:\windows\system32\wewseiusq.exe wewseiusq O4 - HKLM\..\Run: [womewos] c:\windows\system32\womewos.exe womewos O4 - HKLM\..\Run: [meuem] c:\windows\system32\meuem.exe meuem O4 - HKLM\..\Run: [msquowq] c:\windows\system32\msquowq.exe msquowq O4 - HKLM\..\Run: [ksqmk] c:\windows\system32\ksqmk.exe ksqmk O4 - HKLM\..\Run: [amwauok] c:\windows\system32\amwauok.exe amwauok O4 - HKLM\..\Run: [umgse] c:\windows\system32\umgse.exe umgse O4 - HKLM\..\Run: [ukqsk] c:\windows\system32\ukqsk.exe ukqsk O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [instant Access] C:\WINDOWS\system32\procia.exe /run (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'CHALDER') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Internet Explorer\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxenligne.orange.fr/orange2.0/gam...amesControl.cab O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FR...pandaonline.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.msnjeux.com/online2/MSN_INTL_FR...rs.1.0.0.32.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128369038015 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.msnjeux.com/online2/MSN_INTL_FR...mesLauncher.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_...mjolauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FR...outLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.msnjeux.com/online2/MSN_INTL_FR...shapo/shapo.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internet Explorer\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13589 bytes

Rapport MBAM : Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1017 Windows 5.1.2600 Service Pack 2 13:02:42 03/08/2008 mbam-log-8-3-2008 (13-02-42).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 135417 Temps écoulé: 3 hour(s), 46 minute(s), 11 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 16 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 12 Fichier(s) infecté(s): 49 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{19ebcbe0-9245-4397-bc5d-883d34782043} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1e07646f-07c4-4847-a250-0ec8114f2963} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f814be58-1bf9-4b50-829a-e889f86127ad} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\seekmotoolbar.seekmotoolband.1 (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{deceaaa2-370a-49bb-9362-68c3a58ddc62} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\seekmotoolbar.seekmotoolband.1 (Adware.Seekmo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\AWBase (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\AWBase\database (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\PGBase (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\res (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\WABase (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\WABase\Plugins (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Th£ WoRlD oF CasSidy\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Th£ WoRlD oF CasSidy\Application Data\WinAntiVirus Pro 2006\Logs (Rogue.WinAntivirus) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully. C:\Program Files\Adobe\Acrobat 6.0\Reader\PDF417Encoder.dll (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\ASupdater.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\BkSites.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\bnlink.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\bpupdater.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\history.db (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\lapv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\License.rtf (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\online.url (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\PGupdater.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\phigh.bin (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\pmedium.bin (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\prc.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\prerules.xml (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\ps.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\pv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\sr.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\st.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\support.url (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\unins000.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\UninstallPage.html (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\up.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\updater.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\vbpv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\WAupdater.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\worldmap.swf (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\AWBase\vbpv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\AWBase\database\enemies.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\button.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\button2.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\header.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\logo.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\spacer.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\top1.jpg (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\top2.jpg (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\img\top_line.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\PGBase\vbpv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\res\cross.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\res\Register.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\res\wa6p.gif (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\WABase\vbase000.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\WABase\vbpv.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\WinAntiVirus Pro 2006\WABase\Plugins\vbase001.dat (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\Program Files\FunWebProducts\Shared\0023F91B.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Documents and Settings\Th£ WoRlD oF CasSidy\Application Data\WinAntiVirus Pro 2006\Logs\update.log (Rogue.WinAntivirus) -> Quarantined and deleted successfully. C:\WINDOWS\dialerexe.ini (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\a_lolita_scorned.zip (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\iaccess32.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. Nouveau Log Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:05:31, on 03/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe C:\Program Files\Internet Explorer\Anti-Virus\FSGK32.EXE C:\Program Files\Internet Explorer\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Internet Explorer\Common\FSMB32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fssm32.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\Common\FCH32.EXE C:\Program Files\Internet Explorer\Common\FAMEH32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fsqh.exe C:\Program Files\Internet Explorer\Anti-Virus\fsrw.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe C:\Program Files\Internet Explorer\Anti-Virus\fsav32.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\Common\FSM32.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Internet Explorer\FSGUI\ispnews.exe C:\PROGRA~1\INTERN~1\ANTI-S~1\fsaw.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Internet Explorer\FSGUI\fsguidll.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wisptis.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Th£ WoRlD oF CasSidy\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Explorer\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Internet Explorer\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Internet Explorer\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [gmyaqoq] c:\windows\system32\gmyaqoq.exe gmyaqoq O4 - HKLM\..\Run: [wewseiusq] c:\windows\system32\wewseiusq.exe wewseiusq O4 - HKLM\..\Run: [womewos] c:\windows\system32\womewos.exe womewos O4 - HKLM\..\Run: [meuem] c:\windows\system32\meuem.exe meuem O4 - HKLM\..\Run: [msquowq] c:\windows\system32\msquowq.exe msquowq O4 - HKLM\..\Run: [ksqmk] c:\windows\system32\ksqmk.exe ksqmk O4 - HKLM\..\Run: [amwauok] c:\windows\system32\amwauok.exe amwauok O4 - HKLM\..\Run: [umgse] c:\windows\system32\umgse.exe umgse O4 - HKLM\..\Run: [ukqsk] c:\windows\system32\ukqsk.exe ukqsk O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [instant Access] C:\WINDOWS\system32\procia.exe /run (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'CHALDER') O4 - HKUS\S-1-5-21-1115034969-3688569970-1850989012-1005\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'CHALDER') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Internet Explorer\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxenligne.orange.fr/orange2.0/gam...amesControl.cab O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FR...pandaonline.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.msnjeux.com/online2/MSN_INTL_FR...rs.1.0.0.32.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128369038015 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.msnjeux.com/online2/MSN_INTL_FR...mesLauncher.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_...mjolauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FR...outLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.msnjeux.com/online2/MSN_INTL_FR...shapo/shapo.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internet Explorer\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13643 bytes Merci

La voici enfin! Désolé pour le retard :s ( Navilog ) Clean Navipromo version 3.6.1 commencé le 01/08/2008 à 18:46:31,23 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Th£ WoRlD oF CasSidy" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** Creation backups fichiers trouvés par Catchme *** Copie vers "C:\Program Files\navilog1\Backupnavi" Copie C:\WINDOWS\system32\ssymeye.dat réalisée avec succès ! Copie C:\WINDOWS\system32\ssymeye.exe réalisée avec succès ! Copie C:\WINDOWS\system32\ssymeye_nav.dat réalisée avec succès ! Copie C:\WINDOWS\system32\ssymeye_navps.dat réalisée avec succès ! *** Suppression des fichiers trouvés avec Catchme *** C:\WINDOWS\system32\ssymeye.dat supprimé ! C:\WINDOWS\system32\ssymeye.exe supprimé ! C:\WINDOWS\system32\ssymeye_nav.dat supprimé ! C:\WINDOWS\system32\ssymeye_navps.dat supprimé ! ** 2ème passage avec résultats Catchme ** * Dans "C:\WINDOWS\system32" * C:\WINDOWS\prefetch\ssymeye*.pf trouvé ! Copie C:\WINDOWS\prefetch\ssymeye*.pf réalisée avec succès ! C:\WINDOWS\prefetch\ssymeye*.pf supprimé ! wewseiusq_nav.dat trouvé ! Copie wewseiusq_nav.dat réalisée avec succès ! wewseiusq_nav.dat supprimé ! wewseiusq_navps.dat trouvé ! Copie wewseiusq_navps.dat réalisée avec succès ! wewseiusq_navps.dat supprimé ! C:\WINDOWS\prefetch\wewseiusq*.pf trouvé ! Copie C:\WINDOWS\prefetch\wewseiusq*.pf réalisée avec succès ! C:\WINDOWS\prefetch\wewseiusq*.pf supprimé ! C:\WINDOWS\prefetch\sgosu*.pf trouvé ! Copie C:\WINDOWS\prefetch\sgosu*.pf réalisée avec succès ! C:\WINDOWS\prefetch\sgosu*.pf supprimé ! ukqsk.exe trouvé ! Copie ukqsk.exe réalisée avec succès ! ukqsk.exe supprimé ! ukqsk.dat trouvé ! Copie ukqsk.dat réalisée avec succès ! ukqsk.dat supprimé ! ukqsk_nav.dat trouvé ! Copie ukqsk_nav.dat réalisée avec succès ! ukqsk_nav.dat supprimé ! ukqsk_navps.dat trouvé ! Copie ukqsk_navps.dat réalisée avec succès ! ukqsk_navps.dat supprimé ! C:\WINDOWS\prefetch\ukqsk*.pf trouvé ! Copie C:\WINDOWS\prefetch\ukqsk*.pf réalisée avec succès ! C:\WINDOWS\prefetch\ukqsk*.pf supprimé ! womewos.exe trouvé ! Copie womewos.exe réalisée avec succès ! womewos.exe supprimé ! womewos.dat trouvé ! Copie womewos.dat réalisée avec succès ! womewos.dat supprimé ! womewos_nav.dat trouvé ! Copie womewos_nav.dat réalisée avec succès ! womewos_nav.dat supprimé ! womewos_navps.dat trouvé ! Copie womewos_navps.dat réalisée avec succès ! womewos_navps.dat supprimé ! C:\WINDOWS\prefetch\womewos*.pf trouvé ! Copie C:\WINDOWS\prefetch\womewos*.pf réalisée avec succès ! C:\WINDOWS\prefetch\womewos*.pf supprimé ! * Dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\CATHY\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\APPLIC~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CATHY\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CHALDER\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\THWORL~2\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CATHY\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CATHY\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\CHALDER\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** C:\WINDOWS\Downloaded Program Files\sysinetsvc32.inf supprimé ! C:\WINDOWS\iaccess32.exe !!ERREUR SUPPRESSION!! C:\WINDOWS\system32\msegcompid.dll supprimé ! *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Thœ WoRlD oF CasSidy\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * btgljxunp.exe trouvé ! Copie btgljxunp.exe réalisée avec succès ! btgljxunp.exe supprimé ! ckocm.exe trouvé ! Copie ckocm.exe réalisée avec succès ! ckocm.exe supprimé ! ckocm.dat trouvé ! Copie ckocm.dat réalisée avec succès ! ckocm.dat supprimé ! ckocm_navup.dat trouvé ! Copie ckocm_navup.dat réalisée avec succès ! ckocm_navup.dat supprimé ! C:\WINDOWS\prefetch\ckocm*.pf trouvé ! Copie C:\WINDOWS\prefetch\ckocm*.pf réalisée avec succès ! C:\WINDOWS\prefetch\ckocm*.pf supprimé ! gsgua.exe trouvé ! Copie gsgua.exe réalisée avec succès ! gsgua.exe supprimé ! gsgua.dat trouvé ! Copie gsgua.dat réalisée avec succès ! gsgua.dat supprimé ! gsgua_navup.dat trouvé ! Copie gsgua_navup.dat réalisée avec succès ! gsgua_navup.dat supprimé ! C:\WINDOWS\prefetch\gsgua*.pf trouvé ! Copie C:\WINDOWS\prefetch\gsgua*.pf réalisée avec succès ! C:\WINDOWS\prefetch\gsgua*.pf supprimé ! ieokceqyxt.dat trouvé ! Copie ieokceqyxt.dat réalisée avec succès ! ieokceqyxt.dat supprimé ! ieokceqyxt_nav.dat trouvé ! Copie ieokceqyxt_nav.dat réalisée avec succès ! ieokceqyxt_nav.dat supprimé ! ieokceqyxt_navps.dat trouvé ! Copie ieokceqyxt_navps.dat réalisée avec succès ! ieokceqyxt_navps.dat supprimé ! jmuknlv.exe trouvé ! Copie jmuknlv.exe réalisée avec succès ! jmuknlv.exe supprimé ! procia.exe trouvé ! Copie procia.exe réalisée avec succès ! procia.exe supprimé ! C:\WINDOWS\prefetch\procia*.pf trouvé ! Copie C:\WINDOWS\prefetch\procia*.pf réalisée avec succès ! C:\WINDOWS\prefetch\procia*.pf supprimé ! riiurok.dat trouvé ! Copie riiurok.dat réalisée avec succès ! riiurok.dat supprimé ! riiurok_navup.dat trouvé ! Copie riiurok_navup.dat réalisée avec succès ! riiurok_navup.dat supprimé ! * Dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * * Dans "C:\DOCUME~1\CATHY\locals~1\applic~1" * * Dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Recherche clés RUN orphelines Navipromo *** !! Résultats temporairement non pris en charge !! !! Les clés trouvées ne sont pas forcément infectées !! Clés trouvés : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "gmyaqoq"="c:\\windows\\system32\\gmyaqoq.exe gmyaqoq" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "wewseiusq"="c:\\windows\\system32\\wewseiusq.exe wewseiusq" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "womewos"="c:\\windows\\system32\\womewos.exe womewos" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "meuem"="c:\\windows\\system32\\meuem.exe meuem" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msquowq"="c:\\windows\\system32\\msquowq.exe msquowq" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ksqmk"="c:\\windows\\system32\\ksqmk.exe ksqmk" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "amwauok"="c:\\windows\\system32\\amwauok.exe amwauok" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "umgse"="c:\\windows\\system32\\umgse.exe umgse" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ukqsk"="c:\\windows\\system32\\ukqsk.exe ukqsk" *** Nettoyage terminé le 01/08/2008 à 19:06:47,92 ***

Biensur Les voici Le ToolBar S&D -----------\\ ToolBar S&D 1.0.7 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Thœ WoRlD oF CasSidy ] [ "C:\Toolbar SD" ] [ Selection : 2 ] [ 01/08/2008 | 17:00:02,42 ] [ PC : LUTIN ] [ MAJ : 25-07-2008 | 17:35 ] -----------\\ SUPPRESSION Supprime! - C:\Program Files\GamesBar\Localization-French.ini Supprime! - C:\Program Files\Seekmo Programs\Seekmo Toolbar Supprime! - C:\DOCUME~1\CATHY\APPLIC~1\ShopperReports\cs Supprime! - C:\DOCUME~1\CATHY\APPLIC~1\ShopperReports\shprrprt.log Supprime! - C:\DOCUME~1\CHALDER\APPLIC~1\ShopperReports\cs Supprime! - C:\DOCUME~1\CHALDER\APPLIC~1\ShopperReports\shprrprt.log Supprime! - C:\DOCUME~1\CHALDER\APPLIC~1\ShopperReports\shprrprt_1149902614.log Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\ShopperReports\cs Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\ShopperReports\shprrprt.log Supprime! - C:\DOCUME~1\LOCALS~1\APPLIC~1\ShopperReports\cs Supprime! - C:\DOCUME~1\LOCALS~1\APPLIC~1\ShopperReports\shprrprt.log Supprime! - C:\DOCUME~1\THWORL~1\LOCALS~1\Temp\ICD1.tmp Supprime! - C:\Program Files\GamesBar Supprime! - C:\Program Files\Hotbar Supprime! - C:\Program Files\Seekmo Programs Supprime! - C:\DOCUME~1\CATHY\APPLIC~1\ShopperReports Supprime! - C:\DOCUME~1\CHALDER\APPLIC~1\ShopperReports Supprime! - C:\DOCUME~1\INVIT~1\APPLIC~1\ShopperReports Supprime! - C:\DOCUME~1\LOCALS~1\APPLIC~1\ShopperReports -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Search_URL"="http://www.google.com/ie" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home" -----------\\ Fin du rapport a 17:07:28,12 Le SmitFraudFix SmitFraudFix v2.333 Rapport fait à 17:19:43,37, 01/08/2008 Executé à partir de C:\Documents and Settings\Thœ WoRlD oF CasSidy\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: VIA Rhine II Fast Ethernet Adapter DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8AC4767-E167-4F29-986B-8EC59B4E7574}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8AC4767-E167-4F29-986B-8EC59B4E7574}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS2\Services\Tcpip\..\{A8AC4767-E167-4F29-986B-8EC59B4E7574}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Le dernier rapport Navilog en date Search Navipromo version 3.6.1 commencé le 31/07/2008 à 17:47:52,70 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Th£ WoRlD oF CasSidy" Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\APPLIC~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CATHY\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CHALDER\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\PROPRI~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\THWORL~2\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CATHY\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CATHY\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\CHALDER\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Fichier(s) caché(s) : C:\WINDOWS\system32\gmyaqoq.dat C:\WINDOWS\system32\gmyaqoq.exe C:\WINDOWS\system32\gmyaqoq_nav.dat C:\WINDOWS\system32\gmyaqoq_navps.dat *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : amwauok.exe trouvé ! amwauok.dat trouvé ! amwauok_nav.dat trouvé ! amwauok_navps.dat trouvé ! ksqmk.exe trouvé ! ksqmk.dat trouvé ! ksqmk_navup.dat trouvé ! meuem.exe trouvé ! meuem.dat trouvé ! meuem_nav.dat trouvé ! meuem_navps.dat trouvé ! msquowq.exe trouvé ! msquowq.dat trouvé ! msquowq_nav.dat trouvé ! msquowq_navps.dat trouvé ! umgse.exe trouvé ! umgse.dat trouvé ! umgse_nav.dat trouvé ! umgse_navps.dat trouvé ! wewseiusq.exe trouvé ! wewseiusq.dat trouvé ! wewseiusq_nav.dat trouvé ! wewseiusq_navps.dat trouvé ! Fichiers suspects : sgosu.exe trouvé ! sgosu.dat trouvé ! sgosu_nav.dat trouvé ! sgosu_navps.dat trouvé ! ukqsk.exe trouvé ! ukqsk.dat trouvé ! ukqsk_nav.dat trouvé ! ukqsk_navps.dat trouvé ! womewos.exe trouvé ! womewos.dat trouvé ! womewos_nav.dat trouvé ! womewos_navps.dat trouvé ! * Recherche dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\CATHY\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** C:\WINDOWS\iaccess32.exe trouvé ! C:\WINDOWS\system32\msegcompid.dll trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : amwauok.dat trouvé ! amwauok_nav.dat trouvé ! amwauok_navps.dat trouvé ! btgljxunp.exe trouvé ! ckocm.dat trouvé ! ckocm_navup.dat trouvé ! gmyaqoq.dat trouvé ! gmyaqoq_nav.dat trouvé ! gmyaqoq_navps.dat trouvé ! gsgua.dat trouvé ! gsgua_navup.dat trouvé ! ieokceqyxt.dat trouvé ! ieokceqyxt_nav.dat trouvé ! ieokceqyxt_navps.dat trouvé ! jmuknlv.exe trouvé ! ksqmk.dat trouvé ! ksqmk_navup.dat trouvé ! meuem.dat trouvé ! meuem_nav.dat trouvé ! meuem_navps.dat trouvé ! msquowq.dat trouvé ! msquowq_nav.dat trouvé ! msquowq_navps.dat trouvé ! procia.exe trouvé ! riiurok.dat trouvé ! riiurok_navup.dat trouvé ! sgosu.dat trouvé ! sgosu_nav.dat trouvé ! sgosu_navps.dat trouvé ! tmoxykvc_navtmp.dat trouvé ! ukqsk.dat trouvé ! ukqsk_nav.dat trouvé ! ukqsk_navps.dat trouvé ! umgse_nav.dat trouvé ! umgse_navps.dat trouvé ! wewseiusq.dat trouvé ! wewseiusq_nav.dat trouvé ! wewseiusq_navps.dat trouvé ! womewos.dat trouvé ! womewos_nav.dat trouvé ! womewos_navps.dat trouvé ! * Dans "C:\Documents and Settings\Th£ WoRlD oF CasSidy\locals~1\applic~1" : * Dans "C:\DOCUME~1\CATHY\locals~1\applic~1" : * Dans "C:\DOCUME~1\CHALDER\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 31/07/2008 à 19:16:41,62 *** Le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:36:53, on 01/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE C:\WINDOWS\System32\cisvc.exe C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe C:\Program Files\Internet Explorer\Anti-Virus\FSGK32.EXE C:\Program Files\Internet Explorer\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Internet Explorer\Anti-Virus\fssm32.exe C:\Program Files\Internet Explorer\Common\FSMB32.EXE C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe C:\Program Files\Internet Explorer\Common\FCH32.EXE C:\WINDOWS\wanmpsvc.exe C:\Program Files\Internet Explorer\Common\FAMEH32.EXE C:\Program Files\Internet Explorer\Anti-Virus\fsqh.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\Common\FSM32.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe C:\Program Files\Internet Explorer\FSGUI\ispnews.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Internet Explorer\Anti-Virus\fsrw.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Internet Explorer\Anti-Virus\fsav32.exe C:\PROGRA~1\INTERN~1\ANTI-S~1\fsaw.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Internet Explorer\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Th£ WoRlD oF CasSidy\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Explorer\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [ML1HelperStartUp] C:\PROGRA~1\MIDNIG~1\ML1HEL~1.EXE /partner ML1 O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3 O4 - HKLM\..\Run: [spySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Internet Explorer\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Internet Explorer\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [riiurok] c:\windows\system32\riiurok.exe riiurok O4 - HKLM\..\Run: [ieokceqyxt] c:\windows\system32\ieokceqyxt.exe ieokceqyxt O4 - HKLM\..\Run: [gmyaqoq] c:\windows\system32\gmyaqoq.exe gmyaqoq O4 - HKLM\..\Run: [wewseiusq] c:\windows\system32\wewseiusq.exe wewseiusq O4 - HKLM\..\Run: [womewos] c:\windows\system32\womewos.exe womewos O4 - HKLM\..\Run: [meuem] c:\windows\system32\meuem.exe meuem O4 - HKLM\..\Run: [msquowq] c:\windows\system32\msquowq.exe msquowq O4 - HKLM\..\Run: [ksqmk] c:\windows\system32\ksqmk.exe ksqmk O4 - HKLM\..\Run: [amwauok] c:\windows\system32\amwauok.exe amwauok O4 - HKLM\..\Run: [umgse] c:\windows\system32\umgse.exe umgse O4 - HKLM\..\Run: [ukqsk] c:\windows\system32\ukqsk.exe ukqsk O4 - HKLM\..\Run: [gsgua] c:\windows\system32\gsgua.exe gsgua O4 - HKLM\..\Run: [ckocm] c:\windows\system32\ckocm.exe ckocm O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Internet Explorer\backweb\7431218\Program\fspex.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Internet Explorer\Anti-Spyware\blockpopups.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Internet Explorer\Anti-Spyware\ieshield.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - "C:\PROGRA~1\Livecom\APPLIC~1\CommunicationAgent\Messager.exe" (file missing) O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {011F473E-0880-43D4-99F3-F490A84128AE} (GenimoWebGames Control) - http://jeuxenligne.orange.fr/orange2.0/gam...amesControl.cab O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FR...pandaonline.cab O16 - DPF: {49E67060-2C0D-415E-94C7-52A49F73B2F1} (CPlayFirstPiratePoppersControl Object) - http://www.msnjeux.com/online2/MSN_INTL_FR...rs.1.0.0.32.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128369038015 O16 - DPF: {7CCAD6DD-DD0B-440B-91FF-7670F5AADC21} (SpinTop Games Launcher) - http://www.msnjeux.com/online2/MSN_INTL_FR...mesLauncher.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://msnfr.oberon-media.com/online2/MSN_...mjolauncher.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_FR_XP.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.msnjeux.com/online2/MSN_INTL_FR...outLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://www.msnjeux.com/online2/MSN_INTL_FR...shapo/shapo.cab O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://msnfr.oberon-media.com/online2/MSN_...sh.1.0.0.80.cab O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} - http://static.zangocash.com/cab/Seekmo/ie/...ece5b5b666353a7 O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://jeuxenligne.orange.fr/gameshell/onl...ploader_v10.cab O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://msnfr.oberon-media.com/online2/MSN_...gamesloader.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab O23 - Service: Antivirus Firewall (BackWeb Plug-in - 7431218) - Securitoo Portal - C:\PROGRA~1\INTERN~1\backweb\7431218\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corporation - C:\Program Files\Internet Explorer\Anti-Virus\fsgk32st.exe O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\Internet Explorer\backweb\7431218\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Explorer\FWES\Program\fsdfwd.exe O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Internet Explorer\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13372 bytes