Rapport HiJackThis + problème d'espae qui disparait !!

[Ekarissor]

J'ai eu le temps de faire les 2 dernières analyses. Voilà le résultat:

 

04/15/07 23:15:07 [info]: BlackLight Engine 1.0.61 initialized

04/15/07 23:15:07 [info]: OS: 5.1 build 2600 (Service Pack 2)

04/15/07 23:15:07 [Note]: 7019 4

04/15/07 23:15:07 [Note]: 7005 0

04/15/07 23:15:27 [Note]: 7006 0

04/15/07 23:15:27 [Note]: 7011 1576

04/15/07 23:15:27 [Note]: 7026 0

04/15/07 23:15:27 [Note]: 7026 0

04/15/07 23:15:27 [Note]: 7024 3

04/15/07 23:15:27 [info]: Hidden process: C:\windows\system32\vpugqyvewu.exe

04/15/07 23:15:42 [Note]: FSRAW library version 1.7.1021

04/15/07 23:23:59 [info]: Hidden file: c:\WINDOWS\system32\vpugqyvewu.dat

04/15/07 23:23:59 [Note]: 10002 1

04/15/07 23:23:59 [info]: Hidden file: C:\windows\system32\vpugqyvewu.exe

04/15/07 23:23:59 [Note]: 10002 1

04/15/07 23:23:59 [info]: Hidden file: c:\WINDOWS\system32\vpugqyvewu_nav.dat

04/15/07 23:23:59 [Note]: 10002 1

04/15/07 23:23:59 [info]: Hidden file: c:\WINDOWS\system32\vpugqyvewu_navps.dat

04/15/07 23:23:59 [Note]: 10002 1

04/15/07 23:28:56 [Note]: 7007 0

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:29:51, on 15/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\System32\svchost.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Soft4Ever\looknstop\looknstop.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\dwwin.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

 

 

Voilà

Bonne soirée à toi

[regis56]

Bonjour Ekarissor !

 

1) Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

 

Télécharge Brute Force Uninstaller (de Merijn).

Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

 

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

 

2)-Redémarrer en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec"et appuyer sur [Entrée].

NB:Si problème aller voir ici: http://service1.symantec.com/SUPPORT/INTER...020325143456924

 

3) Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

 

- Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");

- Double-clique sur EGDACCESS.bfu

- Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :

C:\BFU\EGDACCESS.bfu

 

Clique sur Execute et laisse-le faire son travail.

 

Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).

Clique Exit pour fermer le programme BFU.

 

 

4)Créer un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code" )

 

----code----

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vpugqyvewu

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|vpugqyvewu

RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|vpugqyvewu

FileDelete %SYSDIR%\vpugqyvewu_navtmp.dat

FileDelete %SYSDIR%\vpugqyvewu_navup.dat

FileDelete %SYSDIR%\vpugqyvewu_navps.dat

FileDelete %SYSDIR%\vpugqyvewu_nav.dat

FileDelete %SYSDIR%\vpugqyvewu.dat

FileDelete %SYSDIR%\vpugqyvewu_m2s.xml

FileDelete %SYSDIR%\vpugqyvewu.exe

FileDelete %WINDIR%\PREFETCH\vpugqyvewu.exe-*.pf

----code----

 

5) Enregistre ce fichier dans c:\BFU

-Nom du fichier : aftermath.bfu

-Type : tous les fichiers

-cliquer sur Enregistrer

-quitter le Bloc note

 

6) Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

 

- Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");

- Double-clique sur aftermath.bfu

- Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :

C:\BFU\aftermath.bfu

 

Clique sur Execute et laisse-le faire son travail.

 

Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).

Clique Exit pour fermer le programme BFU.

 

7) Repasse un scan complet avec AVG Anti-Spyware (toujours en mode Sans Échec), et sauvegarde son rapport.

 

8 ) Redémarre en mode Normal.

 

Poste le nouveau rapport d'AVG Anti-Spyware

un nouveau log HijackThis!

Et un nouveau rapport Blacklight STP dans ta prochaine réponse.

 

Bon courage à plus !

[Ekarissor]

Rebonsoir et désolé pour le retard...

J'ai eu un petit moment d'absence et, après avoir fait l'analyse AVG, j'ai oublié d'enregistrer le rapport... Si c'est vraiment important et indispensable, dis le moi et je le recommencerai l'analyse (pour info, j'ai trouvé 18 programmes espions)

 

Voici celui d'HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 22:37:32, on 24/04/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16414)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto

O4 - HKLM\..\Run: [nwrdnybjua] c:\windows\system32\nwrdnybjua.exe nwrdnybjua

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

 

 

Voici celui de Blacklight:

04/24/07 23:03:10 [info]: BlackLight Engine 1.0.61 initialized

04/24/07 23:03:10 [info]: OS: 5.1 build 2600 (Service Pack 2)

04/24/07 23:03:11 [Note]: 7019 4

04/24/07 23:03:11 [Note]: 7005 0

04/24/07 23:03:17 [Note]: 7006 0

04/24/07 23:03:18 [Note]: 7011 160

04/24/07 23:03:18 [Note]: 7026 0

04/24/07 23:03:19 [Note]: 7026 0

04/24/07 23:03:20 [Note]: 7024 3

04/24/07 23:03:20 [info]: Hidden process: C:\WINDOWS\system32\yvmfptllt.exe

04/24/07 23:03:57 [Note]: FSRAW library version 1.7.1021

04/24/07 23:11:40 [info]: Hidden file: c:\WINDOWS\system32\yvmfptllt.dat

04/24/07 23:11:40 [Note]: 10002 1

04/24/07 23:11:40 [info]: Hidden file: C:\WINDOWS\system32\yvmfptllt.exe

04/24/07 23:11:40 [Note]: 10002 1

04/24/07 23:11:41 [info]: Hidden file: c:\WINDOWS\system32\yvmfptllt_nav.dat

04/24/07 23:11:41 [Note]: 10002 1

04/24/07 23:11:41 [info]: Hidden file: c:\WINDOWS\system32\yvmfptllt_navps.dat

04/24/07 23:11:41 [Note]: 10002 1

04/24/07 23:17:18 [Note]: 7007 0

04/24/07 23:03:10 [info]: BlackLight Engine 1.0.61 initialized

04/24/07 23:03:10 [info]: OS: 5.1 build 2600 (Service Pack 2)

04/24/07 23:03:11 [Note]: 7019 4

04/24/07 23:03:11 [Note]: 7005 0

04/24/07 23:03:17 [Note]: 7006 0

04/24/07 23:03:18 [Note]: 7011 160

04/24/07 23:03:18 [Note]: 7026 0

04/24/07 23:03:19 [Note]: 7026 0

04/24/07 23:03:20 [Note]: 7024 3

04/24/07 23:03:20 [info]: Hidden process: C:\WINDOWS\system32\yvmfptllt.exe

04/24/07 23:03:57 [Note]: FSRAW library version 1.7.1021

04/24/07 23:11:40 [info]: Hidden file: c:\WINDOWS\system32\yvmfptllt.dat

04/24/07 23:11:40 [Note]: 10002 1

04/24/07 23:11:40 [info]: Hidden file: C:\WINDOWS\system32\yvmfptllt.exe

04/24/07 23:11:40 [Note]: 10002 1

04/24/07 23:11:41 [info]: Hidden file: c:\WINDOWS\system32\yvmfptllt_nav.dat

04/24/07 23:11:41 [Note]: 10002 1

04/24/07 23:11:41 [info]: Hidden file: c:\WINDOWS\system32\yvmfptllt_navps.dat

04/24/07 23:11:41 [Note]: 10002 1

04/24/07 23:17:18 [Note]: 7007 0

 

 

 

Voilà

Bonne soirée

[regis56]

Salut !

 

Bon va falloir recommencer non pas a cause du rapport AVG mais parceque l'infection est revenue...

 

Refait bien celle qui va suivre et pas une autre même si elle se ressemble.

 

D'ailleur pour ne pas avoir d'erreure supprime ce dossier

=> C:\BFU\

 

Ensuite :

 

1) Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

 

Télécharge Brute Force Uninstaller (de Merijn).

Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU)

 

FAIS UN CLIC-DROIT ICI et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

 

2)-Redémarrer en mode sans échec :

(En mode sans échec : seul les processus systèmes sont lancés il est donc plus facile de supprimer ce qui est infecté.)

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé,

Il y a un écran noir qui apparaît rapidement, appuyer sur la touche [F8] ou [F5] jusqu'à l'affichage du menu des options avancées de Windows. Sélectionner "Mode sans échec"et appuyer sur [Entrée].

NB:Si problème aller voir ici: http://service1.symantec.com/SUPPORT/INTER...020325143456924

 

3) Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

 

- Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");

- Double-clique sur EGDACCESS.bfu

- Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :

C:\BFU\EGDACCESS.bfu

 

Clique sur Execute et laisse-le faire son travail.

 

Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).

Clique Exit pour fermer le programme BFU.

 

 

4)Créer un fichier Bloc Notes avec le texte qui se trouve dans l'espace "code" ci-dessous (copie/colle, sans le mot "Code" )

 

----code----

RegDeleteKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\yvmfptllt

RegDelValue HKLM\Software\Microsoft\Windows\CurrentVersion\Run|yvmfptllt

RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Run|yvmfptllt

FileDelete %SYSDIR%\yvmfptllt_navtmp.dat

FileDelete %SYSDIR%\yvmfptllt_navup.dat

FileDelete %SYSDIR%\yvmfptllt_navps.dat

FileDelete %SYSDIR%\yvmfptllt_nav.dat

FileDelete %SYSDIR%\yvmfptllt.dat

FileDelete %SYSDIR%\yvmfptllt_m2s.xml

FileDelete %SYSDIR%\yvmfptllt.exe

FileDelete %WINDIR%\PREFETCH\yvmfptllt.exe-*.pf

----code----

 

5) Enregistre ce fichier dans c:\BFU

-Nom du fichier : aftermath.bfu

-Type : tous les fichiers

-cliquer sur Enregistrer

-quitter le Bloc note

 

6) Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU)

 

- Clique sur le petit dossier jaune (à droite de la boîte "Scriptline to execute");

- Double-clique sur aftermath.bfu

- Tu devrais maintenant voir ceci dans la boîte "Scriptline to execute" :

C:\BFU\aftermath.bfu

 

Clique sur Execute et laisse-le faire son travail.

 

Attendre que Complete script execution apparaîsse et clique sur OK (l'exécution est rapide..).

Clique Exit pour fermer le programme BFU.

 

7) Repasse un scan complet avec AVG Anti-Spyware (toujours en mode Sans Échec), et sauvegarde son rapport.

 

8 ) Redémarre en mode Normal.

 

Poste le nouveau rapport d'AVG Anti-Spyware

un nouveau log HijackThis!

Et un nouveau rapport Blacklight STP dans ta prochaine réponse.

 

Bon courage à plus !

[Ekarissor]

Voilà le résultat

 

 

13:57: Removal process completed. Elapsed time 00:07:58

13:55: Quarantining All Traces: imrworldwide.com cookie

13:55: Quarantining All Traces: fe.lea.lycos.com cookie

13:55: Quarantining All Traces: apmebf cookie

13:55: Quarantining All Traces: zedo cookie

13:55: Quarantining All Traces: xiti cookie

13:55: Quarantining All Traces: weborama cookie

13:55: Quarantining All Traces: tradedoubler cookie

13:55: Quarantining All Traces: reliablestats cookie

13:55: Quarantining All Traces: serving-sys cookie

13:55: Quarantining All Traces: mediaplex cookie

13:55: Quarantining All Traces: directtrack cookie

13:55: Quarantining All Traces: bs.serving-sys cookie

13:55: Quarantining All Traces: bluestreak cookie

13:55: Quarantining All Traces: atlas dmt cookie

13:55: Quarantining All Traces: advertising cookie

13:55: Quarantining All Traces: adtech cookie

13:55: Quarantining All Traces: yieldmanager cookie

13:55: Quarantining All Traces: whenu searchbar/pricebandit

13:55: Quarantining All Traces: drivecleaner

13:55: Quarantining All Traces: great net downloadware

13:55: Quarantining All Traces: directrevenue-abetterinternet

13:53: Quarantining All Traces: superbar

13:53: Quarantining All Traces: networkessentials

13:53: Quarantining All Traces: 180search assistant/zango

13:53: Quarantining All Traces: great net mediacharger

13:52: Quarantining All Traces: lopdotcom

13:52: Quarantining All Traces: ist software

13:51: Quarantining All Traces: instant access

13:51: Quarantining All Traces: gsim

13:50: Quarantining All Traces: livesexcams

13:50: Quarantining All Traces: topsearch

13:50: Quarantining All Traces: magiccontrol

13:49: Quarantining All Traces: blazefind

13:49: Removal process initiated

13:48: Traces Found: 153

13:48: Custom Sweep has completed. Elapsed time 01:21:40

13:48: File Sweep Complete, Elapsed Time: 01:17:51

13:36: Warning: TCompressedFile.GetStreams(1): Stream read error

13:32: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.

13:32: polall1r.inf (ID = 83425)

13:32: satmat.inf (ID = 488322)

13:32: satmat.ini (ID = 83499)

13:32: biini.inf (ID = 83199)

13:32: belt.inf (ID = 83154)

13:32: btgrab.inf (ID = 83223)

13:32: backup-20061012-230603-133.inf (ID = 446698)

13:31: Warning: Failed to open file "c:\documents and settings\squall\local settings\temporary internet files\content.ie5\qtghlkss\wanadoo[1].". Opération réussie

13:30: backup-20061012-230602-916.inf (ID = 365397)

12:38: drivecleaner 2006 free (2 subtraces) (ID = 2147553290)

12:38: drivecleaner 2006 free (ID = 2147553289)

12:38: drivecleaner 2006 free (2 subtraces) (ID = 2147553290)

12:30: Starting File Sweep

12:30: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.

12:30: Cookie Sweep Complete, Elapsed Time: 00:00:01

12:30: julien@xiti[2].txt (ID = 3717)

12:30: julien@xiti[1].txt (ID = 3717)

12:30: julien@weborama[2].txt (ID = 3658)

12:30: julien@tradedoubler[1].txt (ID = 3575)

12:30: julien@imrworldwide[2].txt (ID = 2845)

12:30: Found Spy Cookie: imrworldwide.com cookie

12:30: julien@fe.lea.lycos[1].txt (ID = 2660)

12:30: Found Spy Cookie: fe.lea.lycos.com cookie

12:30: julien@bluestreak[1].txt (ID = 2314)

12:30: julien@atdmt[1].txt (ID = 2253)

12:30: julien@apmebf[2].txt (ID = 2229)

12:30: Found Spy Cookie: apmebf cookie

12:30: julien@ad.yieldmanager[2].txt (ID = 3751)

12:30: banana@zedo[2].txt (ID = 3762)

12:30: Found Spy Cookie: zedo cookie

12:30: banana@xiti[1].txt (ID = 3717)

12:30: Found Spy Cookie: xiti cookie

12:30: banana@weborama[3].txt (ID = 3658)

12:30: banana@weborama[2].txt (ID = 3658)

12:30: Found Spy Cookie: weborama cookie

12:30: banana@tradedoubler[2].txt (ID = 3575)

12:30: Found Spy Cookie: tradedoubler cookie

12:30: banana@stats1.reliablestats[2].txt (ID = 3254)

12:30: Found Spy Cookie: reliablestats cookie

12:30: banana@serving-sys[1].txt (ID = 3343)

12:30: Found Spy Cookie: serving-sys cookie

12:30: banana@mediastay.directtrack[2].txt (ID = 2528)

12:30: banana@mediaplex[2].txt (ID = 6442)

12:30: banana@mediaplex[1].txt (ID = 6442)

12:30: Found Spy Cookie: mediaplex cookie

12:30: banana@directtrack[1].txt (ID = 2527)

12:30: Found Spy Cookie: directtrack cookie

12:30: banana@bs.serving-sys[2].txt (ID = 2330)

12:30: Found Spy Cookie: bs.serving-sys cookie

12:30: banana@bluestreak[2].txt (ID = 2314)

12:30: Found Spy Cookie: bluestreak cookie

12:30: banana@atdmt[3].txt (ID = 2253)

12:30: banana@atdmt[2].txt (ID = 2253)

12:30: Found Spy Cookie: atlas dmt cookie

12:30: banana@advertising[2].txt (ID = 2175)

12:30: Found Spy Cookie: advertising cookie

12:30: banana@adtech[2].txt (ID = 2155)

12:30: Found Spy Cookie: adtech cookie

12:30: banana@ad.yieldmanager[2].txt (ID = 3751)

12:30: Found Spy Cookie: yieldmanager cookie

12:30: Starting Cookie Sweep

12:30: Registry Sweep Complete, Elapsed Time:00:00:36

12:30: HKU\S-1-5-21-1343024091-1078145449-682003330-1005\software\microsoft\windows\currentversion\ext\stats\{ba2325ed-f9eb-4830-8fce-0bc35b16969b}\ (ID = 1887336)

12:30: Found Adware: whenu searchbar/pricebandit

12:30: HKU\S-1-5-21-1343024091-1078145449-682003330-1005\software\eicouohwumaclouifmlneogwlccwcilohaniiagwumwn\ (ID = 1848138)

12:30: HKU\S-1-5-21-1343024091-1078145449-682003330-1005\software\vcom\dialers\ (ID = 1573666)

12:30: HKU\S-1-5-21-1343024091-1078145449-682003330-1005\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)

12:30: HKU\S-1-5-21-1343024091-1078145449-682003330-1005\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)

12:30: HKU\S-1-5-21-1343024091-1078145449-682003330-1005\software\dynamic toolbar\gsim\ (ID = 127017)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\eicouohwumaclouifmlneogwlccwcilohaniiagwumwn\ (ID = 1848138)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\drivecleaner 2006 free\ (ID = 1635403)

12:30: Found Adware: drivecleaner

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\vcom\dialers\ (ID = 1573666)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\internet explorer\new windows\allow\ || www.lop.com (ID = 130289)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\internet explorer\new windows\allow\ || lop.com (ID = 130287)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\p2eclient\ (ID = 128846)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\ ||

 

goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)

12:30: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {71ed4fba-4024-4bbe-91dc-9704c93f453e} (ID =

 

104516)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\downloadware\ (ID = 1580490)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\vcom\dialers\ (ID = 1573666)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\downloadware\ (ID = 775210)

12:29: Found Adware: great net downloadware

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\btgrab\ (ID = 145850)

12:29: Found Adware: directrevenue-abetterinternet

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo (ID = 143306)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo.se (ID = 143305)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo.it (ID = 143304)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo.fr (ID = 143303)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo.es (ID = 143302)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo.de (ID = 143301)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || yahoo.co.uk (ID = 143300)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || xuppa (ID = 143299)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || web (ID = 143298)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || voila (ID = 143297)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || virgilio (ID = 143296)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || tiscali (ID = 143295)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || t-online (ID = 143294)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || supereva (ID = 143293)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || spray (ID = 143292)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || search (ID = 143291)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || search123 (ID = 143290)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || search.ch (ID = 143289)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || passagen (ID = 143288)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn (ID = 143287)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.se (ID = 143286)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.it (ID = 143285)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.fr (ID = 143284)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.es (ID = 143283)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.de (ID = 143282)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.co.uk (ID = 143281)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || msn.ch (ID = 143280)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lycos (ID = 143279)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lycos.it (ID = 143278)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lycos.fr (ID = 143277)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lycos.es (ID = 143276)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lycos.de (ID = 143275)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lycos.co.uk (ID = 143274)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || looksmart (ID = 143273)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || looksmart.co.uk (ID = 143272)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || lookseek (ID = 143271)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || libero (ID = 143270)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || kanoodle (ID = 143269)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || iwon (ID = 143268)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || infospace (ID = 143267)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || hotbot (ID = 143266)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || greasycow (ID = 143265)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || google (ID = 143264)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || google.it (ID = 143263)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || google.fr (ID = 143262)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || google.de (ID = 143261)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || google.co.uk (ID = 143260)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || google.ch (ID = 143259)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || goclick (ID = 143258)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || freenet (ID = 143257)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || fireball (ID = 143256)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || espotting (ID = 143255)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || dogpile (ID = 143254)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || askjeeves.com (ID = 143253)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || askjeeves.co.uk (ID = 143252)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || aol.co.uk (ID = 143251)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || alexa (ID = 143250)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || ah-ha (ID = 143249)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ || 7search (ID = 143248)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\engines\ (ID = 143247)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\ || toolbar visible (ID = 143245)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\ || force update (ID = 143244)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\ || client update (ID = 143243)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\superbar\ (ID = 143242)

12:29: Found Adware: superbar

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\updater\ (ID = 136178)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\hopper\ (ID = 136157)

12:29: Found Adware: networkessentials

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\180solutions\ (ID = 135617)

12:29: Found Adware: 180search assistant/zango

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\mediacharger\ (ID = 134901)

12:29: Found Adware: great net mediacharger

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\internet explorer\new windows\allow\ || www.searchweb2.com (ID = 130290)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\internet explorer\new windows\allow\ || www.lop.com (ID = 130289)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\internet explorer\new windows\allow\ || searchweb2.com (ID = 130288)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\internet explorer\new windows\allow\ || lop.com (ID = 130287)

12:29: Found Adware: lopdotcom

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\ist\ (ID = 129108)

12:29: Found Adware: ist software

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\p2eclient\ (ID = 128846)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\ ||

 

goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\windows\currentversion\run\ || instant access (ID = 128817)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\egdhtml\ (ID = 128787)

12:29: Found Adware: instant access

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\dynamic toolbar\gsim\ (ID = 127017)

12:29: Found Adware: gsim

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {71ed4fba-4024-4bbe-91dc-9704c93f453e} (ID =

 

104516)

12:29: HKU\WRSS_Profile_S-1-5-21-1343024091-1078145449-682003330-1007\software\iesearchbar\ (ID = 104513)

12:29: HKLM\software\vcom\dialers\ (ID = 1573674)

12:29: Found Adware: livesexcams

12:29: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (ID = 143930)

12:29: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (ID = 143928)

12:29: Found Adware: topsearch

12:29: HKLM\software\classes\interface\{4c7f0895-6fd8-46ee-880e-053df58ddae3}\ (ID = 134688)

12:29: HKLM\software\classes\interface\{0fd5fdc2-2080-4c47-9e7a-724a6201551b}\ (ID = 134686)

12:29: HKCR\interface\{4c7f0895-6fd8-46ee-880e-053df58ddae3}\ (ID = 134665)

12:29: HKCR\interface\{0fd5fdc2-2080-4c47-9e7a-724a6201551b}\ (ID = 134663)

12:29: Found Trojan Horse: magiccontrol

12:29: HKLM\software\classes\interface\{8c505a6b-124b-4768-8fd3-1a066c839848}\ (ID = 104492)

12:29: HKCR\interface\{8c505a6b-124b-4768-8fd3-1a066c839848}\ (ID = 104460)

12:29: Found Adware: blazefind

12:29: Starting Registry Sweep

12:29: Memory Sweep Complete, Elapsed Time: 00:02:38

12:26: Starting Memory Sweep

12:26: Sweep initiated using definitions version 917

12:26: Spy Sweeper 5.3.2.2361 started

12:26: | Start of Session, jeudi 24 mai 2007 |

***************

12:25: Traces Found: 0

12:25: Sweep Canceled

12:25: Sweep initiated using definitions version 917

12:25: Spy Sweeper 5.3.2.2361 started

12:25: | Start of Session, jeudi 24 mai 2007 |

***************

12:22: Program Version 5.3.2.2361 Using Spyware Definitions 917

12:21: Spy Sweeper 5.3.2.2361 started

12:21: | Start of Session, jeudi 24 mai 2007 |

***************

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

07:17: Tamper Detection

Operation: Terminate

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

Source: C:\WINDOWS\system32\csrss.exe

07:17: Tamper Detection

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

07:06: Warning: TAllUserItem.MapMe: Descripteur non valide

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

07:06: Shield States

07:05: Spyware Definitions: 916

07:03: Spy Sweeper 5.3.2.2361 started

07:03: Spy Sweeper 5.3.2.2361 started

07:03: | Start of Session, jeudi 24 mai 2007 |

***************

12:02: ApplicationMinimized - EXIT

12:02: ApplicationMinimized - ENTER

11:58: ApplicationMinimized - EXIT

11:58: ApplicationMinimized - ENTER

11:58: ApplicationMinimized - EXIT

11:58: ApplicationMinimized - ENTER

11:58: ApplicationMinimized - EXIT

11:58: ApplicationMinimized - ENTER

11:40: ApplicationMinimized - EXIT

11:40: ApplicationMinimized - ENTER

11:40: ApplicationMinimized - EXIT

11:40: ApplicationMinimized - ENTER

11:40: ApplicationMinimized - EXIT

11:40: ApplicationMinimized - ENTER

11:38: ApplicationMinimized - EXIT

11:38: ApplicationMinimized - ENTER

11:38: ApplicationMinimized - EXIT

11:38: ApplicationMinimized - ENTER

11:38: ApplicationMinimized - EXIT

11:38: ApplicationMinimized - ENTER

11:37: ApplicationMinimized - EXIT

11:37: ApplicationMinimized - ENTER

11:37: ApplicationMinimized - EXIT

11:37: ApplicationMinimized - ENTER

11:37: ApplicationMinimized - EXIT

11:37: ApplicationMinimized - ENTER

11:36: ApplicationMinimized - EXIT

11:36: ApplicationMinimized - EXIT

11:36: ApplicationMinimized - ENTER

11:36: ApplicationMinimized - ENTER

11:35: ApplicationMinimized - EXIT

11:35: ApplicationMinimized - ENTER

11:35: ApplicationMinimized - EXIT

11:35: ApplicationMinimized - ENTER

11:35: ApplicationMinimized - EXIT

11:35: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:34: ApplicationMinimized - EXIT

11:34: ApplicationMinimized - ENTER

11:27: ApplicationMinimized - EXIT

11:27: ApplicationMinimized - EXIT

11:27: ApplicationMinimized - ENTER

11:27: ApplicationMinimized - ENTER

11:20: ApplicationMinimized - EXIT

11:20: ApplicationMinimized - ENTER

11:20: ApplicationMinimized - EXIT

11:20: ApplicationMinimized - ENTER

11:20: ApplicationMinimized - EXIT

11:20: ApplicationMinimized - ENTER

11:18: ApplicationMinimized - EXIT

11:18: ApplicationMinimized - ENTER

11:18: ApplicationMinimized - EXIT

11:18: ApplicationMinimized - ENTER

11:18: ApplicationMinimized - EXIT

11:18: ApplicationMinimized - ENTER

11:14: ApplicationMinimized - EXIT

11:14: ApplicationMinimized - ENTER

11:14: ApplicationMinimized - EXIT

11:14: ApplicationMinimized - ENTER

11:14: ApplicationMinimized - EXIT

11:14: ApplicationMinimized - ENTER

11:11: ApplicationMinimized - EXIT

11:11: ApplicationMinimized - EXIT

11:11: ApplicationMinimized - ENTER

11:11: ApplicationMinimized - ENTER

11:10: ApplicationMinimized - EXIT

11:10: ApplicationMinimized - EXIT

11:10: ApplicationMinimized - ENTER

11:10: ApplicationMinimized - ENTER

11:03: ApplicationMinimized - EXIT

11:03: ApplicationMinimized - EXIT

11:03: ApplicationMinimized - ENTER

11:03: ApplicationMinimized - ENTER

11:02: Your spyware definitions have been updated.

11:02: ApplicationMinimized - EXIT

11:02: ApplicationMinimized - ENTER

11:02: ApplicationMinimized - EXIT

11:02: ApplicationMinimized - ENTER

11:02: ApplicationMinimized - EXIT

11:02: ApplicationMinimized - ENTER

10:58: ApplicationMinimized - EXIT

10:58: ApplicationMinimized - ENTER

10:58: ApplicationMinimized - EXIT

10:58: ApplicationMinimized - ENTER

10:58: ApplicationMinimized - EXIT

10:58: ApplicationMinimized - ENTER

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

10:25: IE Hijack Shield: Resetting Home Page value.

IE Tracking Cookies Shield: Off

10:25: Shield States

10:23: Spyware Definitions: 916

10:22: Spy Sweeper 5.3.2.2361 started

10:22: Spy Sweeper 5.3.2.2361 started

10:22: | Start of Session, jeudi 24 mai 2007 |

***************

20:26: ApplicationMinimized - EXIT

20:26: ApplicationMinimized - ENTER

Keylogger: Off

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: Off

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

Spy Installation Shield: On

Memory Shield: Off

IE Hijack Shield: On

IE Tracking Cookies Shield: Off

20:05: Shield States

20:05: Spyware Definitions: 916

20:04: Spy Sweeper 5.3.2.2361 started

20:04: Spy Sweeper 5.3.2.2361 started

20:04: | Start of Session, mercredi 23 mai 2007 |

***************

 

 

 

 

 

RESULTAT D'HIJACKTHIS:

Logfile of HijackThis v1.99.1

Scan saved at 13:59:40, on 24/05/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] "C:\PROGRA~1\Wanadoo\GestMaj.exe" TaskBarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] "C:\PROGRA~1\Wanadoo\Shell.exe" appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: START_PAGE_URL=http://www.creative.com

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTSVCCDA.EXE (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

merci d'avance

Modifié le 27 mai 2007 par Ekarissor

[regis56]

SAlut !

 

Voici ce que vas devoir faire stp :

 

Lancer HijackThis, (scan only ou scanner seulement) cocher les lignes suivantes si présentes:

 

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [userFaultCheck] C:\WINDOWS\system32\dumprep 0 -u

O8 - Extra context menu item: &Search - http://kt.bar.need2find.com/KT/menusearch.html?p=KT

 

Fermer tous les programmes et navigateur, et Cliquer sur Fix Checked

 

Ensuite fais un scan en ligne ici :

 

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus.