[Résolu] windows has detected spyware infection
Dernière réponse : dans Sécurité
Bonjour,
Depuis ce matin j'ai un icone représenté par un triangle jaune avec un point d'exclamation à l'intérieur sur ma barre de tache. La bulle affiche: "windows has detected spyware infection! It is recomended to use special antispyware tools..etc" De plus je n'ai plus accès au panneau de configuration ni à d'autres fonctions, il me dit qu'il y a des restrictions. Cette bulle s'ouvre très souvent et de plus une autre fenetre s'ouvre aussi sans arret qui s'appelle: "windows security alert" et elle dit: "warning potential spyware operation! Your computer is making unauthorized copies of your system and intertnet files" etc... et a la fin me demande de télécharger un "spyware remover". Merci de m'aider car c'est mon pc du boulot et ca me bloque pas mal! Merci d'avance pour votre aide.
Depuis ce matin j'ai un icone représenté par un triangle jaune avec un point d'exclamation à l'intérieur sur ma barre de tache. La bulle affiche: "windows has detected spyware infection! It is recomended to use special antispyware tools..etc" De plus je n'ai plus accès au panneau de configuration ni à d'autres fonctions, il me dit qu'il y a des restrictions. Cette bulle s'ouvre très souvent et de plus une autre fenetre s'ouvre aussi sans arret qui s'appelle: "windows security alert" et elle dit: "warning potential spyware operation! Your computer is making unauthorized copies of your system and intertnet files" etc... et a la fin me demande de télécharger un "spyware remover". Merci de m'aider car c'est mon pc du boulot et ca me bloque pas mal! Merci d'avance pour votre aide.
Autres pages sur : resolu windows has detected spyware infection
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
**Si le lien ne fonctionne pas, clique ici**
Tout d'abord merci de votre réponse, voici le rapport:
SmitFraudFix v2.162
Rapport fait à 12:25:43,87, 18/09/2007
Executé à partir de C:\Documents and Settings\Resp\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Resp\Application Data\13006.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
10.18.250.4 download.microsoft.com
10.18.250.4 downloads.microsoft.com
10.18.250.4 go.microsoft.com
10.18.250.4 microsoft.com
10.18.250.4 msdn.microsoft.com
10.18.250.4 office.microsoft.com
10.18.250.4 support.microsoft.com
10.18.250.4 windowsupdate.microsoft.com
10.18.250.4 www.microsoft.com
10.18.250.4 pandasoftware.com
10.18.250.4 www.pandasoftware.com
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Resp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Resp\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Resp\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{12909C72-EEDB-40D9-88BA-AD1444F64A38}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B22817D2-B675-4703-9464-184D455AD090}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12909C72-EEDB-40D9-88BA-AD1444F64A38}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B22817D2-B675-4703-9464-184D455AD090}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{12909C72-EEDB-40D9-88BA-AD1444F64A38}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B22817D2-B675-4703-9464-184D455AD090}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.162
Rapport fait à 12:25:43,87, 18/09/2007
Executé à partir de C:\Documents and Settings\Resp\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Resp\Application Data\13006.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
10.18.250.4 download.microsoft.com
10.18.250.4 downloads.microsoft.com
10.18.250.4 go.microsoft.com
10.18.250.4 microsoft.com
10.18.250.4 msdn.microsoft.com
10.18.250.4 office.microsoft.com
10.18.250.4 support.microsoft.com
10.18.250.4 windowsupdate.microsoft.com
10.18.250.4 www.microsoft.com
10.18.250.4 pandasoftware.com
10.18.250.4 www.pandasoftware.com
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Resp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Resp\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Resp\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
Description: ADI USB Remote NDIS Network Device #2 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{12909C72-EEDB-40D9-88BA-AD1444F64A38}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B22817D2-B675-4703-9464-184D455AD090}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{12909C72-EEDB-40D9-88BA-AD1444F64A38}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B22817D2-B675-4703-9464-184D455AD090}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{12909C72-EEDB-40D9-88BA-AD1444F64A38}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\..\{B22817D2-B675-4703-9464-184D455AD090}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Re,
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
&
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge R-Hosts.exe (de S!ri)
Lance R-Hosts puis clique sur "Restaurer".
Valide la modification en appuyant sur OK.
&
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Je vous met tout de meme le rapport de HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:23, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Resp\Application Data\13006.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uhetlvi.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uhetlvi.exe
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_FR...
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
O16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) - http://www.jointheorgy.com/static/class/webcam_ie6/webc...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10286 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:46:23, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Resp\Application Data\13006.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzî[8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uhetlvi.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
}ïÁzîžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uhetlvi.exe
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_FR...
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
O16 - DPF: {F4653484-F38C-455F-BB15-1175E527754E} (VideoProducer Class) - http://www.jointheorgy.com/static/class/webcam_ie6/webc...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 10286 bytes
Re,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
Double clique combofix.exe.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Re, tout d'abord, le pare feu windows bloque messenger et kerio firewall, je maintins le blocage ou non?
Voici le rapport de combofix:
ComboFix 07-09-18.4 - "Resp" 2007-09-18 12:53:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.98 [GMT 2:00]
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Resp\APPLIC~1\13006.exe
C:\DOCUME~1\Resp\APPLIC~1\antivirus.exe
C:\DOCUME~1\Resp\APPLIC~1\drvcleaner.exe
C:\DOCUME~1\Resp\APPLIC~1\errsafer.exe
C:\DOCUME~1\Resp\APPLIC~1\privprotect.exe
C:\Program Files\Fichiers communs\WinSoftware
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\svcsysnet32.dll
C:\WINDOWS\tmlpcert2005
.
((((((((((((((((((((((((((((( Fichiers créés 2007-08-18 to 2007-09-18 ))))))))))))))))))))))))))))))))))))
.
2007-09-18 12:57 10,240 --a------ C:\WINDOWS\system32\printer.exe
2007-09-18 12:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 12:44 <REP> d-------- C:\Program Files\Trend Micro
2007-09-18 11:39 10,240 --a------ C:\WINDOWS\system32\spoolvs.exe
2007-09-18 11:39 10,240 --a------ C:\WINDOWS\shell.exe
2007-09-14 08:54 <REP> d-------- C:\DOCUME~1\Resp\Contacts
2007-09-14 08:53 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-21 09:50 <REP> d-------- C:\Program Files\AdVantage
2007-08-21 09:49 6,743,992 --a--c--- C:\bsplayer223.953_clip.exe
2007-08-20 12:27 <REP> d-------- C:\Program Files\Webteh
2007-08-20 12:27 <REP> d-------- C:\DOCUME~1\Resp\APPLIC~1\BSplayer Pro
2007-08-20 12:27 <REP> d-------- C:\DOCUME~1\Resp\APPLIC~1\BSplayer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 11:35 --------- d-------- C:\Program Files\Everest Poker
2007-09-15 18:29 --------- d-------- C:\DOCUME~1\Resp\APPLIC~1\Vso
2007-09-14 08:53 --------- d-------- C:\Program Files\MSN Messenger
2007-09-10 15:49 --------- d-------- C:\Program Files\palmOne
2007-09-05 17:32 --------- d-------- C:\Program Files\FacturationV4
2007-04-16 09:04 95696 --a------ C:\DOCUME~1\Resp\APPLIC~1\sysdoctor.exe
2007-04-03 12:40 29184 --a------ C:\DOCUME~1\Resp\wn22.exe
2006-05-26 15:43 23452688 --a------ C:\Program Files\AdbeRdr707_fr_FR.exe
2006-04-13 11:26 263312 --a------ C:\Program Files\NSSetup.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 09:19]
"nwiz"="nwiz.exe" [2003-05-02 09:19 C:\WINDOWS\system32\nwiz.exe]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 06:41]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 12:02]
"Network Services"="netsvc.exe" []
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 12:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-19 10:34]
"Uypmin"="C:\Program Files\Ozxhxg\Uoywqv.exe" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-28 13:41]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 18:42]
"Printer"="C:\WINDOWS\system32\printer.exe" [2005-01-16 17:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"iwrr"="C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-06-28 15:19]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [2005-01-22 00:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Network Services"=netsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 RNBTOKEN;Rainbow iKey Token;C:\WINDOWS\system32\DRIVERS\RNBTOKEN.SYS
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 12:57:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-18 12:59:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 12:58
.
--- E O F ---
Voici le rapport de combofix:
ComboFix 07-09-18.4 - "Resp" 2007-09-18 12:53:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.98 [GMT 2:00]
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Resp\APPLIC~1\13006.exe
C:\DOCUME~1\Resp\APPLIC~1\antivirus.exe
C:\DOCUME~1\Resp\APPLIC~1\drvcleaner.exe
C:\DOCUME~1\Resp\APPLIC~1\errsafer.exe
C:\DOCUME~1\Resp\APPLIC~1\privprotect.exe
C:\Program Files\Fichiers communs\WinSoftware
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\svcsysnet32.dll
C:\WINDOWS\tmlpcert2005
.
((((((((((((((((((((((((((((( Fichiers créés 2007-08-18 to 2007-09-18 ))))))))))))))))))))))))))))))))))))
.
2007-09-18 12:57 10,240 --a------ C:\WINDOWS\system32\printer.exe
2007-09-18 12:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-18 12:44 <REP> d-------- C:\Program Files\Trend Micro
2007-09-18 11:39 10,240 --a------ C:\WINDOWS\system32\spoolvs.exe
2007-09-18 11:39 10,240 --a------ C:\WINDOWS\shell.exe
2007-09-14 08:54 <REP> d-------- C:\DOCUME~1\Resp\Contacts
2007-09-14 08:53 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-08-21 09:50 <REP> d-------- C:\Program Files\AdVantage
2007-08-21 09:49 6,743,992 --a--c--- C:\bsplayer223.953_clip.exe
2007-08-20 12:27 <REP> d-------- C:\Program Files\Webteh
2007-08-20 12:27 <REP> d-------- C:\DOCUME~1\Resp\APPLIC~1\BSplayer Pro
2007-08-20 12:27 <REP> d-------- C:\DOCUME~1\Resp\APPLIC~1\BSplayer
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-18 11:35 --------- d-------- C:\Program Files\Everest Poker
2007-09-15 18:29 --------- d-------- C:\DOCUME~1\Resp\APPLIC~1\Vso
2007-09-14 08:53 --------- d-------- C:\Program Files\MSN Messenger
2007-09-10 15:49 --------- d-------- C:\Program Files\palmOne
2007-09-05 17:32 --------- d-------- C:\Program Files\FacturationV4
2007-04-16 09:04 95696 --a------ C:\DOCUME~1\Resp\APPLIC~1\sysdoctor.exe
2007-04-03 12:40 29184 --a------ C:\DOCUME~1\Resp\wn22.exe
2006-05-26 15:43 23452688 --a------ C:\Program Files\AdbeRdr707_fr_FR.exe
2006-04-13 11:26 263312 --a------ C:\Program Files\NSSetup.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-02 09:19]
"nwiz"="nwiz.exe" [2003-05-02 09:19 C:\WINDOWS\system32\nwiz.exe]
"IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 06:41]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 12:02]
"Network Services"="netsvc.exe" []
"NeroCheck"="C:\WINDOWS\System32\\NeroCheck.exe" [2001-07-09 12:50]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-04-19 10:34]
"Uypmin"="C:\Program Files\Ozxhxg\Uoywqv.exe" []
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-10-28 13:41]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 19:02]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 18:42]
"Printer"="C:\WINDOWS\system32\printer.exe" [2005-01-16 17:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" []
"iwrr"="C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe" []
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
"AdVantage"="C:\Program Files\AdVantage\AdVantage.exe" [2007-06-28 15:19]
"Spoolsv"="C:\WINDOWS\system32\spoolvs.exe" [2005-01-22 00:33]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Network Services"=netsvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=1 (0x1)
"DisableTaskMgr"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe C:\WINDOWS\shell.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Probe]
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 RNBTOKEN;Rainbow iKey Token;C:\WINDOWS\system32\DRIVERS\RNBTOKEN.SYS
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe -s
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe -s
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 12:57:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-18 12:59:03 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 12:58
.
--- E O F ---
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Voici le rapport:
18/09/2007 a 13:15:56,39
*** Recherche des fichiers dans C:
C:\eied_s7.cab FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\smdat32m.sys FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\printer.exe FOUND
C:\WINDOWS\system32\vbsys2.dll FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
"C:\Program Files\MyWay\" FOUND
"C:\Program Files\Need2Find\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
18/09/2007 a 13:15:56,39
*** Recherche des fichiers dans C:
C:\eied_s7.cab FOUND
*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\smdat32m.sys FOUND
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\printer.exe FOUND
C:\WINDOWS\system32\vbsys2.dll FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Everest Poker\" FOUND
"C:\Program Files\MyWay\" FOUND
"C:\Program Files\Need2Find\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
Tu peux patienter ?! On a une vie !
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement.
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Poste le rapport clean : C:\rapport_clean.txt
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement.
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Poste le rapport clean : C:\rapport_clean.txt
-Rapport AVG AS:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:19:41 18/09/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\eied.inf -> Adware.MediaTickets : Nettoyé et sauvegardé (mise en quarantaine).
C:\eied_s7.cab/eied.inf -> Adware.MediaTickets : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\webcam2.dll -> Adware.Webcam : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Nettoyé et sauvegardé (mise en quarantaine).
C:\temp\WinCtlAdInstPack.exe -> Adware.WinAD : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\netsvc.0xe -> Backdoor.Agobot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winhlpp32.exe -> Backdoor.Agobot : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435146.dll -> Dialer.EGroup.q : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\system32\svcsysnet32.dll.vir -> Dialer.EGroup.q : Nettoyé et sauvegardé (mise en quarantaine).
C:\eied_s7.cab/eied_s7_c_7.exe -> Downloader.Mediket.ae : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435143.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\drvcleaner.exe.vir -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Common files\iwrr\iwrrd\vocabulary -> Downloader.TSUpdate.j : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\VBSYS2.0LL -> Hijacker.Agent.ac : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vbsys2.dll -> Hijacker.Agent.ac : Nettoyé et sauvegardé (mise en quarantaine).
C:\vbsys2.dll -> Hijacker.Agent.ac : Nettoyé et sauvegardé (mise en quarantaine).
F:\Venu_du_web\WFI_FRA.exe -> Not-A-Virus.Downloader.Win32.Agent.c : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435141.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435142.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\antivirus.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\errsafer.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Resp\Application Data\sysdoctor.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Resp\wn22.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.6:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.7:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.10:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.11:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.12:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.13:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.22:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.8:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.9:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.17:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.18:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.19:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.20:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.21:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.23:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.140:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.141:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.142:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.30:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.31:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.34:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.56:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.52:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.53:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.54:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.55:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.64:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.68:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.69:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.72:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Komtrack : Nettoyé.
:mozilla.80:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.175:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.133:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Quarterserver : Nettoyé.
:mozilla.100:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.26:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.97:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.98:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.99:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.182:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.183:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.184:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.109:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.110:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.112:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.113:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.114:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.115:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.116:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.117:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.118:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.119:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.120:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.125:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.126:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP823\A0431522.dll -> Trojan.Agent : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\start.INF -> Trojan.Dagonit.INF : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\internt.0xe -> Trojan.Dialer.eb : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\O2OSERVICE_2.0LL -> Trojan.P2E.bg : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Ozxhxg\UOYWQV.0XE -> Trojan.Small.cy : Nettoyé et sauvegardé (mise en quarantaine).
C:\777.htm -> Trojan.Starter.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\fuck_you_bagle.txt -> Worm.NetSky.y : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
-Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:53, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9920 bytes
-Rapport Clean:
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 18/09/2007 a 19:24:19,57
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
tentative de suppression de C:\eied_s7.cab
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\smdat32m.sys
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\printer.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"
tentative de suppression de "C:\Program Files\MyWay\"
tentative de suppression de "C:\Program Files\Need2Find\"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Je quitte mon boulot, je re demain à 9h. Je lirais votre réponse à ce moment, merci encore, bonne soirée à demain.
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:19:41 18/09/2007
+ Résultat de l'analyse:
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\eied.inf -> Adware.MediaTickets : Nettoyé et sauvegardé (mise en quarantaine).
C:\eied_s7.cab/eied.inf -> Adware.MediaTickets : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Adware.Relevance : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\webcam2.dll -> Adware.Webcam : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Nettoyé et sauvegardé (mise en quarantaine).
C:\temp\WinCtlAdInstPack.exe -> Adware.WinAD : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\netsvc.0xe -> Backdoor.Agobot : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winhlpp32.exe -> Backdoor.Agobot : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435146.dll -> Dialer.EGroup.q : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\WINDOWS\system32\svcsysnet32.dll.vir -> Dialer.EGroup.q : Nettoyé et sauvegardé (mise en quarantaine).
C:\eied_s7.cab/eied_s7_c_7.exe -> Downloader.Mediket.ae : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435143.exe -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\drvcleaner.exe.vir -> Downloader.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Common files\iwrr\iwrrd\vocabulary -> Downloader.TSUpdate.j : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\VBSYS2.0LL -> Hijacker.Agent.ac : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\vbsys2.dll -> Hijacker.Agent.ac : Nettoyé et sauvegardé (mise en quarantaine).
C:\vbsys2.dll -> Hijacker.Agent.ac : Nettoyé et sauvegardé (mise en quarantaine).
F:\Venu_du_web\WFI_FRA.exe -> Not-A-Virus.Downloader.Win32.Agent.c : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435141.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435142.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\antivirus.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\errsafer.exe.vir -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Resp\Application Data\sysdoctor.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Resp\wn22.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.6:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.7:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.10:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.11:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.12:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.13:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.22:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.8:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.9:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.17:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.18:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.19:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.20:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.21:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.23:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.140:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.141:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.142:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.30:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.31:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.34:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.56:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.52:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.53:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.54:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.55:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.64:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.68:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.69:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.72:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Komtrack : Nettoyé.
:mozilla.80:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.175:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.133:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Quarterserver : Nettoyé.
:mozilla.100:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.26:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.97:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.98:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.99:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.182:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.183:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.184:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.109:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.110:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.112:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.113:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.114:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.115:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.116:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.117:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.118:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.119:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.120:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Valueclick : Nettoyé.
:mozilla.125:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.126:C:\Documents and Settings\Resp\Application Data\Mozilla\Profiles\default\io4ei63v.slt\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Resp\Cookies\resp@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP823\A0431522.dll -> Trojan.Agent : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\start.INF -> Trojan.Dagonit.INF : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\internt.0xe -> Trojan.Dialer.eb : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\O2OSERVICE_2.0LL -> Trojan.P2E.bg : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Ozxhxg\UOYWQV.0XE -> Trojan.Small.cy : Nettoyé et sauvegardé (mise en quarantaine).
C:\777.htm -> Trojan.Starter.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\fuck_you_bagle.txt -> Worm.NetSky.y : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
-Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:30:53, on 18/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9920 bytes
-Rapport Clean:
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 18/09/2007 a 19:24:19,57
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
tentative de suppression de C:\eied_s7.cab
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\smdat32m.sys
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\printer.exe
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"
tentative de suppression de "C:\Program Files\MyWay\"
tentative de suppression de "C:\Program Files\Need2Find\"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Je quitte mon boulot, je re demain à 9h. Je lirais votre réponse à ce moment, merci encore, bonne soirée à demain.
Re,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
RE,
-Rapport SDFix:
SDFix: Version 1.105
Run by Resp on 19/09/2007 at 09:50
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Killing PID 900 'shell.exe'
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\shell.exe - Deleted
C:\WINDOWS\system32\printer.exe - Deleted
C:\WINDOWS\system32\spoolvs.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
Finished!
-Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59:06, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9982 bytes
-Rapport SDFix:
SDFix: Version 1.105
Run by Resp on 19/09/2007 at 09:50
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Killing PID 900 'shell.exe'
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\WINDOWS\shell.exe - Deleted
C:\WINDOWS\system32\printer.exe - Deleted
C:\WINDOWS\system32\spoolvs.exe - Deleted
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\spoolvs.exe"="C:\\WINDOWS\\system32\\spoolvs.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\printer.exe"="C:\\WINDOWS\\system32\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\shell.exe"="C:\\WINDOWS\\shell.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe"="C:\\Documents and Settings\\Resp\\Menu D‚marrer\\Programmes\\D‚marrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu D‚marrer\\Programmes\\D‚marrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"%windir%\\system32\\winav.exe"="%windir%\\system32\\winav.exe:*:Enabled:@xpsp2res.dll,-22019"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
Finished!
-Rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:59:06, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autorun.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/...
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9982 bytes
Re,
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] .0.0.8.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\shell.exe
C:\Program Files\Ozxhxg
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
c:\eied_s7.cab
c:\ex.cab
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Network Services] netsvc.exe
O4 - HKLM\..\Run: [Uypmin] C:\Program Files\Ozxhxg\Uoywqv.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\RunServices: [Network Services] netsvc.exe
O4 - HKCU\..\Run: [iwrr] C:\PROGRA~1\COMMON~1\iwrr\iwrrm.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O15 - Trusted Zone: http://pro.onlycar.com
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.advnt01.com/dialer/fra_med_nostra.exe
O16 - DPF: {08F04139-8DFC-11D2-80E9-006008B066EE} (ConfigChkr Class) - https://paiements.click-and-trust.com/cab/vscnfchk.cab
O16 - DPF: {0E4796D6-A990-4372-9069-72FBDB4AE868} - http://www.one2one.com/static/class/one2oneSvc.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocac [...] .0.0.8.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://82.123.23.135:82/activex/AMC.cab
O16 - DPF: {DBA450CE-0D0B-4AEA-BA9B-6EE7CF03CAF9} (AXPhotosManager Controle) - http://www.topvendeur.fr/AX/axpm.cab
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\WINDOWS\shell.exe
C:\Program Files\Ozxhxg
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\spoolvs.exe
c:\eied_s7.cab
c:\ex.cab
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]
[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:08, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8657 bytes
Scan saved at 14:15:08, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\shell.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: findfast.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8657 bytes
Je suis d'accord avec toi, surtout que cette s...perie me bloque pas mal de choses (je n'ai pu accès au panneau de configuration et à certaines autres fonctions) qui me ralentissent dans mon travail. Je pense qu'ils seraient d'accord, surtout que cela empecherait peut etre ce genre d'incident. En as tu un à me proposer? Gratuit si possible car par contre ils sont un peu rétissents à la dépense.
AntiVir PersonalEdition Classic
Report file date: mercredi 19 septembre 2007 15:53
Scanning for 1075504 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Resp
Computer name: STEF
Version information:
BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 11:32:46
ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 13:44:06
ANTIVIR3.VDF : 6.39.1.152 174592 Bytes 19/09/2007 13:44:06
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 19/09/2007 13:44:06
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 19 septembre 2007 15:53
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'dkcktkn.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Surveyor.exe' - '1' Module(s) have been scanned
Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
Scan process 'DvzIncMsgr.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcMon.exe' - '1' Module(s) have been scanned
Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
Scan process 'AdVantage.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'brctrcen.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'dragdiag.exe' - '1' Module(s) have been scanned
Scan process 'type32.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'fbserver.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'fbguard.exe' - '1' Module(s) have been scanned
Scan process 'dklog.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'scardsvr.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned
Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '34' files ).
Starting the file scan:
Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'C:\' <SYSTEM_STEF>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Resp\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> setpath.cfexe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475e2ab3.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070919-135229-233-findfast.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47542d19.qua'!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20070919-135229-987-autorun.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47542d1d.qua'!
C:\qoobox\Quarantine\C\DOCUME~1\Resp\APPLIC~1\13006.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47212d56.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475a2d98.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/printer.exe
[DETECTION] Contains suspicious code HEUR/Malware
--> backups/shell.exe
[DETECTION] Contains suspicious code HEUR/Malware
--> backups/spoolvs.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47542d91.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP824\A0431556.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ddc.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431788.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252de9.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431793.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252dee.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431794.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252df1.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431795.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252df4.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431797.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252df6.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431810.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252df9.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431811.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252dfb.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431812.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252dfe.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431816.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e00.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431817.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e03.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431818.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e05.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431819.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e07.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431826.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e0a.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431827.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e0c.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431829.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e0e.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431830.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e12.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431850.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e15.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431851.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e17.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431852.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e19.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431853.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e1b.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431860.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e1d.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431861.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e20.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431862.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e22.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0431864.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e23.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0432859.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e25.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0432860.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e28.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0432861.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e29.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0432863.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e2c.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433860.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e2e.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433861.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e30.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433862.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e33.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433863.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e35.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433873.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e37.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433874.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e39.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433875.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e3b.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0433876.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e3d.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0434884.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e3f.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0434885.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e41.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0434886.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e43.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP831\A0434887.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e45.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0434890.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e48.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0434891.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e4a.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0434892.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e4b.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0434893.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e4d.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0434918.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e50.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0434927.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e53.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435005.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e56.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435006.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e58.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435007.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e5a.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435008.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e5c.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435016.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e5e.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435017.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e60.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435018.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e62.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP832\A0435019.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e64.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP833\A0435021.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e67.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP833\A0435022.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e6e.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP833\A0435023.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e70.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP833\A0435024.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e73.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP833\A0435055.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e76.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP833\A0435056.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e79.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435130.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e7d.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435131.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e7f.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435132.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e81.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435133.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e83.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435134.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e86.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435145.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e88.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435161.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e8a.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435162.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e8c.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435163.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e8d.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435253.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e91.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435254.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e93.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435255.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e95.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435256.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e97.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435272.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e99.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435273.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e9b.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435274.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252e9d.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435275.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ea0.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435277.dll
[DETECTION] Is the Trojan horse TR/Click.Agent.AC
[INFO] The file was moved to '47252ec0.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435278.dll
[DETECTION] Is the Trojan horse TR/Click.Agent.AC
[INFO] The file was moved to '47252ec2.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435279.exe
[DETECTION] Contains detection pattern of the worm WORM/Gaobot.197632
[INFO] The file was moved to '47252ec4.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435283.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.cpg.1
[INFO] The file was moved to '47252ec8.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435344.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ed0.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435345.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ed2.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435346.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ed6.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435347.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ed9.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435363.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252edb.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435364.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252edd.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435365.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252edf.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435366.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ee1.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435381.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ee3.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435382.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ee5.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435383.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ee7.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435384.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ee9.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435386.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252eeb.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435391.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252eed.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435392.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252eef.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435393.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ef1.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435423.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ef3.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435475.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ef6.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435476.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252ef8.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435478.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252efa.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP834\A0435479.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252efd.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435485.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f00.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435486.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f02.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435487.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f05.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435488.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f07.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435490.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f09.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435491.exe
[0] Archive type: RAR SFX (self extracting)
--> setpath.cfexe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f0e.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435492.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f12.qua'!
C:\System Volume Information\_restore{F5B16D28-DFC4-4E04-BC04-3F891AAAC2AD}\RP835\A0435493.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47252f14.qua'!
C:\WINDOWS\system32\xlibgfl254.dll
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KDE9S9IZ\WksPatch[2].exe
[DETECTION] Contains detection pattern of the worm WORM/Nachi.B.1
[INFO] The file was moved to '47643295.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\shell.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475632d1.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\printer.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] HEUR/Malware:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<Printer>=sz
rinter.exe[INFO] The file was moved to '475a32de.qua'!
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\spoolvs.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '476032df.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\' <DATA_STEF>
Begin scan in 'F:\' <SAVE_CD>
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: mercredi 19 septembre 2007 16:42
Used time: 49:28 min
The scan has been done completely.
4478 Scanning directories
247383 Files were scanned
5 viruses and/or unwanted programs were found
119 Files were classified as suspicious:
0 files were deleted
0 files were repaired
121 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
247378 Files not concerned
7231 Archives were scanned
3 Warnings
6 Notes
A noter que maintenant le triangle jaune avec le point d'exclamation dans la barre de tache et les fenetres intempestives qui en sortait ont pour le moment disparus, mais quand j'allume ou redémarre le PC, dès le bureau affiché, une fenetre s'ouvre et me dit que windows ne trouve pas C:\WINDOWS\shell.exe . De plus, je n'ai toujorus pas de panneau de configuration et certaines fonctions sont inaccessibles, en effet il me dit: "cette opération a été annulée en raison de restriction en vigueur sur cet ordinateur. Contactez votre administrateur systeme".
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:53, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9074 bytes
Scan saved at 17:13:53, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\dkcktkn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 9074 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:44, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8924 bytes
Scan saved at 17:55:44, on 19/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DkLog.exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdVantage\AdVantage.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wanadoo.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Contrôleur d’état.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Surveyor.lnk = C:\Program Files\ORCA\NORC@WEB\Surveyor.exe
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/composer/playe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partners/nike/nikefz...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: DkLogger - Datakey Incorporated - C:\WINDOWS\SYSTEM32\DkLog.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 8924 bytes
J'ai le meme probleme, et voici le rapport
SmitFraudFix v2.319
Rapport fait à 6:41:35,27, 04/05/2008
Executé à partir de C:\Documents and Settings\Doussa\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Doussa
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Doussa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Doussa\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci pour l'aide
SmitFraudFix v2.319
Rapport fait à 6:41:35,27, 04/05/2008
Executé à partir de C:\Documents and Settings\Doussa\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Doussa
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Doussa\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Doussa\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci pour l'aide
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumSpyware infection has detected
- ForumPossible spyware infection has been detected
- ForumSecurity system has detected spyware infecti
- ForumSpyware spyware infection was detected
- ForumWindows a detecte spyware infection
- ForumMessage possible spyware infection detected
- ForumPossible spyware infection detected
- ForumEcran bleu windows has detected a problem
- ForumVirus windows has detected spywareinfection
- ForumAlerte spyware infection
- Voir plus
