besoin d'aide pour lire mon rapport hijack Fermé

Question

Bonjour,
bonsoir a tous n'etant pas trop qualifié j'aimerai vous demander ce vous pensé de mon rapport hijackthis
je vous remerci d'avance pour l'aide que vous m'apporterez

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:07, on 2009-02-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/sv-se?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.se/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://se.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://support.norton.com/sp/sv/se/home/current/solutions/v58540272?abproduct=LU&abversion=2.7&build=Symantec&ced=true&entsrc=CED_pubweb&error=1814&module=LU&src=_mi_tran_se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\PROGRA~1\ASKSEA~1\bin\DEFAUL~1.DLL
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.handelsbanken.se
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

ric025 · Answer

Salut!

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

Poste le rapport généré. (C:\TB.txt)

titisuede · Answer

bonsoir je te remerci beaucoup de mävoir repondu mais impossible de telecharger  Toolbar-S&D (Team IDN)

ric025 · Answer

Comment ça?

titisuede · Answer

c'est bon j'ai reussi a le telecharger je poste mon rapport bientot

titisuede · Answer

voici le rapport


   -----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3500+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : HP_Administrator ( Administrator )
   BOOT : Normal boot
   Antivirus : Telia Säker Surf 7.03 7.03 (Not Activated)
   Firewall  : Telia Säker Surf 7.03 7.03 (Activated)
   C:\ (Local Disk) - NTFS - Total:179 Go (Free:91 Go)
   D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 2009-02-16|21:53 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\DAEMON Tools Toolbar
   C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
   C:\Program Files\Multi_Media
   C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings
   C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127
   C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127es
   C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127	emp
   C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127	emp\ws-14289.log
   C:\Program Files\Search Settings
   C:\Program Files\Search Settings\kb127
   C:\Program Files\Search Settings\SearchSettings.exe
   C:\Program Files\Search Settings\kb127es
   C:\Program Files\Search Settings\kb127\SearchSettings.dll
   C:\Program Files\Search Settings\kb127\SearchSettingsRes409.dll
   C:\Program Files\Search Settings\kb127	emp
   C:\WINDOWS\iun6002.exe

   -----------\  Extensions

   (HP_Administrator) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (HP_Administrator) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.se/?gws_rd=ssl"
   "Default_Page_URL"="https://www.msn.com/sv-se?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF"
   "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/sv-se?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF"
   "Search Bar"="https://se.search.yahoo.com/?fr=cb-hp06"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Pack.epk
   [b]==> EGDACCESS <==/b

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\HP_ADM~1\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent



   1 - "C:\ToolBar SD\TB_1.txt" - 2009-02-16|21:53 - Option : [1]

   -----------\  Fin du rapport a 21:53:52,66

ric025 · Answer

Bien!

* Attention aux cracks! Vecteurs d'infections, c'est la porte ouverte à toutes sortes de cochonnerie! Je te conseille déjà vivement de supprimer ceci: C:\DOCUME~1\HP_ADM~1\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent   sans quoi, tu risques une réinfection sous peu.

=========

* Ensuite, la suite:

Relance toolbarSD et exécute cette fois l'option 2. Poste le rapport généré.

=========

* Fais suivre par ceci:

Télécharge sur le bureau navilog1

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Double-clique sur le raccourci "navilog1" sur ton bureau.
Appuie sur la lettre f de ton clavier puis sur la touche Entrée.
Appuie sur une touche de ton clavier pour continuer...

Tape 1, puis appuie sur la touche Entrée.
Ainsi Navilog1 va effectuer la recherche des fichiers infectieux:

/!\ NE PAS UTILISER L'OPTION 2, 3, 4 SANS AVIS /!\

Patiente, cela peut prendre une dizaine de minutes...
Navilog1 t'informera que la recherche est terminée :
Appuie sur une touche pour afficher le rapport qu'il a généré.

Le rapport sera sauvegardé dans le fichier suivant : "fixnavi.txt" à la racine
du disque dur (ex : C:\fixnavi.txt).

Poste le rapport généré.

titisuede · Answer

ok je te repond des que je peux,et encore merci pour ton aide

titisuede · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3500+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : HP_Administrator ( Administrator )
   BOOT : Normal boot
   Antivirus : Telia Säker Surf 7.03 7.03 (Not Activated)
   Firewall  : Telia Säker Surf 7.03 7.03 (Activated)
   C:\ (Local Disk) - NTFS - Total:179 Go (Free:91 Go)
   D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
   E:\ (CD or DVD)
   F:\ (USB)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 2009-02-16|22:15 )

   -----------\ SUPPRESSION

   Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
   Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\kb127
   Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
   Supprime! - C:\WINDOWS\iun6002.exe
   Supprime! - C:\Program Files\DAEMON Tools Toolbar
   Supprime! - C:\Program Files\Multi_Media
   Supprime! - C:\DOCUME~1\HP_ADM~1\APPLIC~1\Search Settings
   Supprime! - C:\Program Files\Search Settings

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  Extensions

   (HP_Administrator) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
   (HP_Administrator) - {EEE6C361-6118-11DC-9C72-001320C79847} => sweetim-toolbar


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.se/?gws_rd=ssl"
   "Default_Page_URL"="https://www.msn.com/sv-se?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF"
   "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/sv-se?cobrand=hp.msn.com&ocid=HPDHP&pc=HPDTDF"
   "Search Bar"="https://se.search.yahoo.com/?fr=cb-hp06"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\Pack.epk
   [b]==> EGDACCESS <==/b

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\HP_ADM~1\Application Data\uTorrent\Adobe Premiere Pro CS3 Multi-Language + Crack + Tutorials.torrent



   1 - "C:\ToolBar SD\TB_1.txt" - 2009-02-16|21:53 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 2009-02-16|22:18 - Option : [2]

   -----------\  Fin du rapport a 22:18:09,78

titisuede · Answer

voila mon rapport navilog1

Search Navipromo version 3.7.4 commencé le 2009-02-16 à 22:31:30,46

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrator ( Administrator )
BOOT : Normal boot

Antivirus : Telia Säker Surf 7.03 7.03 (Activated)
Firewall  : Telia Säker Surf 7.03 7.03 (Activated)

C:\ (Local Disk) - NTFS - Total:179 Go (Free:91 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\startm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrator\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrator\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\HP_Administrator\startm~1\programs" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" *** 


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\HP_Administrator\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !

*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\HP_Administrator\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 2009-02-16 à 22:32:31,11 ***

ric025 · Answer

Bien!

Relance Navilog, fais l'option 2 et poste le rapport.

Puis ceci pour vérifier et nettoyer:

Télécharge Malwarebytes Anti-Malware (MBAM):

MBAM

Installe-le en vérifiant que la case de mise à jour soit bien cochée en fin d'installation.

Après la mise à jour, lance-le et coche "Examen Rapide". Puis "Rechercher".

Si MBAM trouve quelque chose: fais "Voir les résultats" puis "Supprimer la sélection".

Poste le rapport généré.

A++ ;)

titisuede · Answer

rapport navilog2

Clean Navipromo version 3.7.4 commencé le 2009-02-16 à 22:51:14,37

Outil exécuté depuis C:\Program Files
avilog1

Mise à jour le 16.02.2009 à 18h00 par IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Sempron(tm) Processor 3500+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrator ( Administrator )
BOOT : Normal boot

Antivirus : Telia Säker Surf 7.03 7.03 (Activated)
Firewall  : Telia Säker Surf 7.03 7.03 (Activated)

C:\ (Local Disk) - NTFS - Total:179 Go (Free:91 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)


Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\HP_Administrator\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\startm~1\programs" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\startm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\HP_Administrator\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\HP_Administrator\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\HP_Administrator\startm~1\programs" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\startm~1\programs" *** 



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\HP_Administrator\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\HP_Administrator\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !

*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 2009-02-16 à 22:57:32,09 ***

titisuede · Answer

voici mon rapport MBAM

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1656
Windows 5.1.2600 Service Pack 3

2009-02-16 23:10:12
mbam-log-2009-02-16 (23-10-12).txt

Type de recherche: Examen rapide
Eléments examinés: 57056
Temps écoulé: 6 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion	dssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE	dss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.bemv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\fqbewlna.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8b93a89b-7332-4b4b-830c-72eb6323d0db} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8b93a89b-7332-4b4b-830c-72eb6323d0db} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	dsslog.0ll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	dssserf.0ll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	dssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	dssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\60325cahp25caa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avto1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avto2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avto3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\avto4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp	este4_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

ric025 · Answer

Ok! 

Redémarre le pc.

===========

Ré-ouvre MBAM, va dans "Quarantaine" et supprime tout.

===========

Fais ce petit nettoyage:

Télécharge CCleaner, version Slim, sans toolbar:

CCLEANER

Va dans "Options">>"Avancé". Décoche la première ligne.

Va dans la section "Nettoyeur". Lance l'analyse. La liste créée, lance le nettoyage deux fois de suite afin d'obtenir 0bytes supprimé!

Ensuite dans "Registre", lance une recherche des erreurs. La liste créée, fais-les réparer.

/!\ A ce moment CCleaner te demande normalement de sauvegarder le registre, fais-le. /!\

Recommence ensuite le cycle Recherche/Réparation des erreurs jusqu'à n'en trouver aucune lors de la recherche.

===========

Puis ceci pour vérifier la bonne suppression des infections:


Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe.

Clique sur Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

A noter: Les rapports se trouvent également ici: C:\rsit.

/!\ Poste les deux rapports (log + info) dans deux messages séparés, merci /!\

titisuede · Answer

rapport info

info.txt logfile of random's system information tool 1.05 2009-02-16 23:48:21

======Uninstall list======

-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\Telia\Telias sakerhetstjanster\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->C:\Program Files\Common Files\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\0569ced46d8a4bd43ea5027ac9bf923\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{643898A8-5565-49AC-B2FF-093D7A1F506C}
Adobe Reader 7.0.5 - Svenska-->MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A70500000002}
Adobe Setup-->MsiExec.exe /I{3F818569-A3A7-4D5E-AD4A-372C4A03678F}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Ant Renamer-->"C:\Program Files\Ant Renamer\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EcoLotoFoot-->"C:\Program Files\EcoLotofoot\unins000.exe"
EcoLotoFoot-->"C:\Program Files\EcoLotofootSha\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EVEREST Ultimate Edition v4.60-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
Free FLV Converter V 6.1.0-->"C:\Program Files\Free FLV Converter\unins000.exe"
Free Studio version 4.1-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe"  -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
Internet-tjänster-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5CFD7508-7774-48FE-8280-7A3C0AE71755} /l1053 
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.3.4 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kundupplevelseförbättringar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1053 
Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe
Lexmark Faxlösningar-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Verktygsfält-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar	oolband.dll"
Localization Pack for Microsoft Windows XP Media Center Edition-->MsiExec.exe /I{F18EA693-11C1-4317-9AF9-7983F89C9FCC}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1 Swedish Language Pack-->MsiExec.exe /X{992A2DB1-4ABC-4738-BD71-045C5FFE00D1}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MUI Help Package - SVE-->C:\WINDOWS\$NtUninstallKB841625_SVE$\spuninst\spuninst.exe
Navilog1 3.7.4-->"C:\Program Files\Navilog1\unins000.exe"
Need4 Video Converter 5.7-->C:\Program Files\Need4 Video Converter 5.7\uninst.exe
nrg2iso-->MsiExec.exe /I{61879398-F35C-4628-AC95-2B84B859FE93}
NVIDIA Drivers-->C:\WINDOWS\system32
vuninst.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Personal 4.9.3-->"C:\Program Files\Personal\bin\persinst.exe" -u
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x40c UNINSTALL
Pochette Express 2-->C:\Program Files\Pochette Express 2\uninstall.exe
Power IEv3-->MsiExec.exe /I{AF7C627C-F354-4FF1-8450-398C806B436E}
proDAD Heroglyph 2.5-->"C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
Quicksys RegDefrag 2.2-->"C:\Program Files\Quicksys\RegDefrag\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Satellite TV for PC-->"C:\Program Files\PC Satellite TV\unins001.exe"
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shadow Copy Client-->MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
SiSoftware Sandra Lite 2009-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\unins000.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x040c UNINSTALL -removeonly
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Telia Säker Surf-->"C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\PostInstall.exe"  /tUnInstall
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Video mp3 Extractor Pro-->"C:\Program Files\GeoVid\Video mp3 Extractor Pro\unins000.exe"
Video mp3 Extractor-->"C:\Program Files\Video mp3 Extractor\unins000.exe"
Windows Live inloggningsassistenten-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer-->MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger-->MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}

======Security center information======

AV: Telia Säker Surf 7.03
FW: Telia Säker Surf 7.03

System event log

Computer Name: EVA-TITI
Event Code: 7035
Message: Tjänsten F-Secure BlackLight Engine Driver tog emot en starta-kontroll.

Record Number: 9046
Source Name: Service Control Manager
Time Written: 20090121111811.000000+060
Event Type: information
User: NT INSTANS\SYSTEM

Computer Name: EVA-TITI
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on den 22 januari 2009 at 03:00: 
- Säkerhetsuppdatering för Windows XP (KB954459)

Record Number: 9045
Source Name: Windows Update Agent
Time Written: 20090121111804.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 7036
Message: Tjänsten F-Secure Anti-Virus Firewall Daemon ändrade tillstånd till körs.

Record Number: 9044
Source Name: Service Control Manager
Time Written: 20090121111742.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 7036
Message: Tjänsten COM+ System Application ändrade tillstånd till körs.

Record Number: 9043
Source Name: Service Control Manager
Time Written: 20090121111718.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 7035
Message: Tjänsten COM+ System Application tog emot en starta-kontroll.

Record Number: 9042
Source Name: Service Control Manager
Time Written: 20090121111717.000000+060
Event Type: information
User: NT INSTANS\SYSTEM

Application event log

Computer Name: EVA-TITI
Event Code: 105
Message: The service was started.

Record Number: 1858
Source Name: ARSVC
Time Written: 20081202113540.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 0
Message: 
Record Number: 1857
Source Name: iPod Service
Time Written: 20081201230642.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 1800
Message: Tjänsten Windows Security Center har startat.

Record Number: 1856
Source Name: SecurityCenter
Time Written: 20081201230228.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 1
Message: 
Record Number: 1855
Source Name: Bonjour Service
Time Written: 20081201230228.000000+060
Event Type: information
User: 

Computer Name: EVA-TITI
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 1854
Source Name: LightScribeService
Time Written: 20081201230224.000000+060
Event Type: information
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Smart Projects\IsoBusterC:\Program Files\DMV\MaxTV4\plugins;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009

-----------------EOF-----------------

titisuede · Answer

rapport log

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-02-16 23:47:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 94 GB (51%) free of 184 GB
Total RAM: 2494 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:18, on 2009-02-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OBealsched.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\FSGK32.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMB32.EXE
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Common\FAMEH32.EXE
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsqh.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\fsguidll.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fssm32.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsus.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files	rend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.symantec.com/...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayerpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Lexmark Verktygsfält - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar	oolband.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Telia\Telias sakerhetstjanster\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OBealsched.exe"  -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: StartupFaster
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O9 - Extra button: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Hjälp med anslutning - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.handelsbanken.se
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-tjänst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Anti-Virus\fsgk32st.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Telia\Telias sakerhetstjanster\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcr_device -   - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe

ric025 · Answer

Bien!

Relance hijackthis. Choisis cette fois "Do a system scan only".

La liste créée, coche les lignes suivantes:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.se/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q= 

R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll 

Clique ensuite sur "Fix Checked".

===================

Repasse un coup de ccleaner.

===================

Redémarre le pc une dernière fois et navigue un peu. 

--> Reviens pour me dire si tout est ok. Ainsi, on pourra finaliser.

A++

titisuede · Answer

ok et encore un grand merci

titisuede · Answer

oui c'est ok

ric025 · Answer

Parfait! Alors on finalise:

Mises à jour :

Mets Internet explorer à jour ici: Internet Explorer 7

=================

Nettoyage des outils:

Télécharge ToolsCleaner par A.Rothstein & dj QUIOU sur ton Bureau:

Toolscleaner

Clique sur Recherche et laisse le scan se terminer.

Clique, sur Suppression pour finaliser.

Tu peux, si tu le souhaites, te servir des Options facultatives.

Clique sur Quitter, pour que le rapport puisse se créer.

Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\). 

================

Garde MBAM et CCleaner, deux très bons outils à passer régulièrement. N'oublie pas de mettre à jour MBAM avant chaque scan. Les scans sont à passer en mode normal, l'examen rapide est suffisant.

================

Repasse CCleaner, registre compris.

================

!! Très Important !!

Supprimer les anciens points de restauration:

* Cliquer "démarrer", "panneau de configuration", performance et maintenance" puis système".
* Cliquer sur l'onglet "Restauration du système".
* Cocher la case "Désactiver la restauration...", puis "Appliquer" et valider par "OK".
* Redémarrer le pc.

* Cliquer "démarrer", "panneau de configuration", "performance et maintenance" puis "système".
* Cliquer sur l'onglet "Restauration du système".
* Redécocher la case "Désactiver la restauration...", puis "Appliquer" et valider par "OK".

Les points sont supprimés.

Création d'un nouveau point:

* Cliquer "démarrer", "panneau de configuration", "performance et maintenance" puis "restauration du système" (en haut à gauche).
* Dans la nouvelle fenêtre, cocher la case "Créer un point de restauration".
* Cliquer sur "Suivant".
* Entrer un nom pour le point de restauration : ce nom doit être assez évocateur (comme: "Après désinfection...")
* Cliquer sur "Créer" et le point de restauration se créé automatiquement.

=============

Addon à ajouter à firefox pour le sécuriser:

Ici : WOT : https://addons.mozilla.org/en-US/firefox/addon/wot-safe-browsing-tool/
Explications/Demo ici : http://www.mywot.com/fr/demo

=============

Si tu n'as plus de question et/ou problème, pour moi, c'est ok!

titisuede · Answer

voila mon rapport tcleaner
[ Rapport ToolsCleaner version 2.3.1 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\VundoFix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\HijackThis.exe: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\hijackthis.log: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\fixnavi.txt: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\cleannavi.txt: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\TB.txt: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\Rsit.exe: trouvé !
C:\Program Files\MsnFix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
 
voila je remerci vraiment beaucoup de ton aide,et je tiendrai au courant,

merci merci

ric025 · Answer

Ok! Tu as fait "supprimer" avec toolscleaner? Car ici, je ne vois que la recherche...

Et oui, tiens-moi au courant!

A++ ;)

titisuede · Answer

non je n'ai pas fait supprimer mais quitter

ric025 · Answer

Ok! Donc, il faut faire: "Rechercher" puis "Supprimer" puis "Quitter" pour avoir le rapport. Tu verras, il sera plus long.

Cela fera supprimer les outils que l'on a utilisés, sauf MBAM et CCleaner.

A+

titisuede · Answer

ok je le fais

titisuede · Answer

[ Rapport ToolsCleaner version 2.3.1 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\VundoFix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\cleannavi.txt: trouvé !
C:\TB.txt: trouvé !
C:\Vundofix backups: trouvé !
C:\Toolbar SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: trouvé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\HijackThis.exe: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\hijackthis.log: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\fixnavi.txt: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\cleannavi.txt: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\TB.txt: trouvé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\Rsit.exe: trouvé !
C:\Program Files\MsnFix: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\HijackThis.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\VundoFix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\cleannavi.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\hijackthis.log: supprimé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\fixnavi.txt: supprimé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\cleannavi.txt: supprimé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\TB.txt: supprimé !
C:\Documents and Settings\HP_Administrator\My Documents\Thierry Mapp\rapport hijackthis\Rsit.exe: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Vundofix backups: supprimé !
C:\Toolbar SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Start Menu\Programs\Navilog1: supprimé !
C:\Program Files\MsnFix: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

ric025 · Answer

Nickel!

Tu peux faire la suite tranquille.

Allez, je raccroche pour ce soir.

Bonne nuit.

A++ ;)

titisuede · Answer

ok je te souhaite une bonne nuit et un grand merci,a plus

Besoin d'aide pour lire mon rapport hijack

27 réponses

Discussions similaires