Virus Antivirus vista 2008
nina573
-
Meneha Messages postés 120 Statut Membre -
Meneha Messages postés 120 Statut Membre -
Bonjour,
J'ai un problème, une fenêtre s'ouvre toute seule quand je navigue sur internet, se faisant passer pour une installation de vista antivirus 2008, je n'ai pas installé ce logiciel mais je ne sait pas comment faire en sorte que cette fenêtre indésirable ne s'affiche plus... De plus, depuis l'apparition de cette fenêtre, j'ai des pop-ups qui s'affichent également.
Merci de m'expliquer comment faire pour résoudre ce problème...
Cordialement.
J'ai un problème, une fenêtre s'ouvre toute seule quand je navigue sur internet, se faisant passer pour une installation de vista antivirus 2008, je n'ai pas installé ce logiciel mais je ne sait pas comment faire en sorte que cette fenêtre indésirable ne s'affiche plus... De plus, depuis l'apparition de cette fenêtre, j'ai des pop-ups qui s'affichent également.
Merci de m'expliquer comment faire pour résoudre ce problème...
Cordialement.
Configuration: Windows XP Internet Explorer 7.0
10 réponses
-
tu devrais faire un scan en ligne Bitdefender et analyser ton pc avec MalwareByte's Anti-Malware !
-
Si tu as regardé les rapports, tu as vu que tu avais des trojans, et ton ordinateur est TRÈS infecté !
Je vais essayer d'arranger ça, mais je ne suis pas une pro, donc je vais faire ce que je pourrais...
Télécharge Trojan Remover, exécute le et mets le rapport.
et as-tu un antivirus ? si oui lequel ? dans tous les cas je te conseille de prendre avira antivir, c'est actuellement le meilleur antivirus gratuit disponible. -
Tu devrais quand meme prendre Avira Antivir. Il est certes en anglais, mais plus performant qu'avast. Par sécurité, télécharge Hijackthis, fais "scan and save a logfile", puis poste le rapport. Tu as des clés de registre vides que tu pourrais supprimer, nous le ferons via Hijackthis.
-
Tout à l'air ok !
Supprime cette entrée qui est inutile en cochant la case puis en cliquant sur "fix checked" : O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Voilà ton ordinateur devrait fonctionner correctement maintenant. -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
J'ai analysé mon ordinateur avec bitdefender et voici le rapport d'analyse:
BitDefender Online Scanner
Rapport d'analyse généré à: Tue, Sep 09, 2008 - 14:28:55
Voie d'analyse: A:\;C:\;D:\;E:\;
Statistiques
Temps
00:34:06
Fichiers
96926
Directoires
7113
Secteurs de boot
0
Archives
1386
Paquets programmes
8415
Résultats
Virus identifiés
2
Fichiers infectés
20
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
20
Info sur les moteurs
Définition virus
1747689
Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Aug 11 2008 17:31:32)
Analyse des plugins
16
Archive des plugins
43
Unpack des plugins
7
E-mail plugins
6
Système plugins
4
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe=>(ZIP Sfx o)=>msa0.dat
Infecté par: Trojan.FakeAlert.ACZ
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe=>(ZIP Sfx o)=>msa0.dat
Supprimé
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe=>(ZIP Sfx o)
Mis à jour
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe=>(ZIP Sfx o)=>msa1.dat
Infecté par: Trojan.FakeAlert.ACZ
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe=>(ZIP Sfx o)=>msa1.dat
Supprimé
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe=>(ZIP Sfx o)
Mis à jour
C:\System Volume Information\_restore{80DCA6DF-38B5-41B3-8730-9680228CB6A9}\RP109\A0020297.exe
Echec de la mise à jour
C:\WINDOWS\system32\cbXRHayw.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\cbXRHayw.dll
Echec de la désinfection
C:\WINDOWS\system32\cbXRHayw.dll
Supprimé
C:\WINDOWS\system32\efcDWNhF.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\efcDWNhF.dll
Echec de la désinfection
C:\WINDOWS\system32\efcDWNhF.dll
Supprimé
C:\WINDOWS\system32\fccaWNef.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\fccaWNef.dll
Echec de la désinfection
C:\WINDOWS\system32\fccaWNef.dll
Supprimé
C:\WINDOWS\system32\fccbXpmK.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\fccbXpmK.dll
Echec de la désinfection
C:\WINDOWS\system32\fccbXpmK.dll
Supprimé
C:\WINDOWS\system32\iifebBsS.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\iifebBsS.dll
Echec de la désinfection
C:\WINDOWS\system32\iifebBsS.dll
Supprimé
C:\WINDOWS\system32\jkkLCrsS.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\jkkLCrsS.dll
Echec de la désinfection
C:\WINDOWS\system32\jkkLCrsS.dll
Supprimé
C:\WINDOWS\system32\mlJDusqn.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\mlJDusqn.dll
Echec de la désinfection
C:\WINDOWS\system32\mlJDusqn.dll
Supprimé
C:\WINDOWS\system32\mlJDvVmN.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\mlJDvVmN.dll
Echec de la désinfection
C:\WINDOWS\system32\mlJDvVmN.dll
Supprimé
C:\WINDOWS\system32\nnnnOeBT.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\nnnnOeBT.dll
Echec de la désinfection
C:\WINDOWS\system32\nnnnOeBT.dll
Supprimé
C:\WINDOWS\system32\opnklkjJ.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\opnklkjJ.dll
Echec de la désinfection
C:\WINDOWS\system32\opnklkjJ.dll
Supprimé
C:\WINDOWS\system32\rqRIaBRK.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\rqRIaBRK.dll
Echec de la désinfection
C:\WINDOWS\system32\rqRIaBRK.dll
Supprimé
C:\WINDOWS\system32\rqRJAqPH.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\rqRJAqPH.dll
Echec de la désinfection
C:\WINDOWS\system32\rqRJAqPH.dll
Supprimé
C:\WINDOWS\system32\ssqOGyyv.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\ssqOGyyv.dll
Echec de la désinfection
C:\WINDOWS\system32\ssqOGyyv.dll
Supprimé
C:\WINDOWS\system32\ssqQkJaX.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\ssqQkJaX.dll
Echec de la désinfection
C:\WINDOWS\system32\ssqQkJaX.dll
Supprimé
C:\WINDOWS\system32\wvUoLccB.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\wvUoLccB.dll
Echec de la désinfection
C:\WINDOWS\system32\wvUoLccB.dll
Supprimé
C:\WINDOWS\system32\wvUoOFUN.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\wvUoOFUN.dll
Echec de la désinfection
C:\WINDOWS\system32\wvUoOFUN.dll
Supprimé
C:\WINDOWS\system32\xxywVlKA.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\xxywVlKA.dll
Echec de la désinfection
C:\WINDOWS\system32\xxywVlKA.dll
Supprimé
C:\WINDOWS\system32\yayxvTLC.dll
Infecté par: Trojan.Vundo.FJD
C:\WINDOWS\system32\yayxvTLC.dll
Echec de la désinfection
C:\WINDOWS\system32\yayxvTLC.dll
Supprimé -
Voila le résultat de l'analyse avec malwarebytes'. Que dois-je faire à présent??
Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1131
Windows 5.1.2600 Service Pack 3
09/09/2008 15:25:31
malwarebytes
Type de recherche: Examen complet (C:\|)
Eléments examinés: 94955
Temps écoulé: 39 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kewwngus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljJDVlLB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\xxyxXPFU.dll (Trojan.Vundo.H) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5f185477-1b56-41d3-8cdc-f25e4514e26e} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyxxpfu (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5f185477-1b56-41d3-8cdc-f25e4514e26e} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{661378b2-7493-4655-9140-49687c6b9a32} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{661378b2-7493-4655-9140-49687c6b9a32} (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0a15e18 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5f185477-1b56-41d3-8cdc-f25e4514e26e} (Trojan.Vundo.H) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjdvllb -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ljjdvllb -> No action taken.
Dossier(s) infecté(s):
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\xxyxXPFU.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\ljJDVlLB.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BLlVDJjl.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\BLlVDJjl.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kewwngus.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\sugnwwek.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\opnkjGYR.dll (Trojan.Vundo.H) -> No action taken.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> No action taken.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> No action taken. -
Voila le rapport de trojanremover en revanche mon problème à l'air résolu depuis que j'ai utilisé Malwarebytes' anti-malware. Mon antivirus actuel est avast
***** THE SYSTEM HAS BEEN RESTARTED *****
12/09/2008 19:56:03: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - already removed
HKCR\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - cannot be removed
=======================================================
12/09/2008 19:56:03: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2542. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 19:52:49 12 sept. 2008
Using Database v7133
Operating System: Windows XP SP3 [Windows XP Home Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Nina\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avast! Antivirus
************************************************************
************************************************************
19:52:50: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
19:52:50: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
19:52:50: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
19:52:51: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 28/08/2001
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 28/08/2001
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
78008 bytes
Created: 09/06/2008
Modified: 19/07/2008
Company: ALWIL Software
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
577536 bytes
Created: 09/06/2008
Modified: 17/11/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
31016 bytes
Created: 24/08/2007
Modified: 27/10/2006
Company: Microsoft Corporation
--------------------
Value Name: Apoint
Value Data: C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apoint.exe
-R- 147456 bytes
Created: 10/06/2008
Modified: 30/07/2003
Company: Alps Electric Co., Ltd.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
413696 bytes
Created: 27/05/2008
Modified: 27/05/2008
Company: Apple Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 11/01/2008
Modified: 11/01/2008
Company: Adobe Systems Incorporated
--------------------
Value Name: CamserviceDeluxe2
Value Data: C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe
81920 bytes
Created: 20/06/2008
Modified: 10/08/2007
Company: Guillemot Corporation S.A.
--------------------
Value Name: SiS KHooker
Value Data: C:\WINDOWS\system32\khooker.exe
C:\WINDOWS\system32\khooker.exe
294912 bytes
Created: 10/07/2008
Modified: 29/05/2003
Company: Silicon Integrated Systems Corporation
--------------------
Value Name: RemoteControl
Value Data: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
32768 bytes
Created: 10/07/2008
Modified: 15/07/2004
Company: Cyberlink Corp.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 10/07/2008
Modified: 09/07/2001
Company: Ahead Software Gmbh
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Sony Ericsson PC Suite
Value Data: "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
-R- 159744 bytes
Created: 26/10/2005
Modified: 26/10/2005
Company: Sony Ericsson Mobile Communications AB
--------------------
Value Name: AppleSyncNotifier
Value Data: C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
116040 bytes
Created: 10/07/2008
Modified: 10/07/2008
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
289064 bytes
Created: 30/07/2008
Modified: 30/07/2008
Company: Apple Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
917072 bytes
Created: 12/09/2008
Modified: 04/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ccleaner
Value Data: "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
C:\Program Files\CCleaner\CCleaner.exe
1189104 bytes
Created: 23/04/2008
Modified: 23/04/2008
Company: Piriform Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 28/08/2001
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: EPSON Stylus DX4400 Series
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA5.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
179200 bytes
Created: 10/07/2008
Modified: 25/01/2007
Company: SEIKO EPSON CORPORATION
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
19:52:55: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
2210608 bytes
Created: 24/08/2007
Modified: 27/10/2006
Company: Microsoft Corporation
----------
************************************************************
19:52:55: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
19:52:56: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\ssmypics.scr
C:\WINDOWS\System32\ssmypics.scr
47104 bytes
Created: 28/08/2001
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
************************************************************
19:52:56: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
19:52:57: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
19:53:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ApfiltrService
ImagePath: system32\DRIVERS\Apfiltr.sys
C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
-R- 92904 bytes
Created: 10/06/2008
Modified: 30/07/2003
Company: Alps Electric Co., Ltd.
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
116040 bytes
Created: 22/07/2008
Modified: 22/07/2008
Company: Apple Inc.
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 09/06/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
16056 bytes
Created: 09/06/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
147640 bytes
Created: 09/06/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
250040 bytes
Created: 09/06/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
348344 bytes
Created: 09/06/2008
Modified: 23/07/2008
Company: ALWIL Software
----------
Key: camfilt2
ImagePath: system32\DRIVERS\camfilt2.sys
C:\WINDOWS\system32\DRIVERS\camfilt2.sys
94720 bytes
Created: 20/06/2008
Modified: 06/08/2007
Company: Guillemot Corporation
----------
Key: CBTNDIS5
ImagePath: \??\C:\WINDOWS\system32\CBTNDIS5.SYS
C:\WINDOWS\system32\CBTNDIS5.SYS
17142 bytes
Created: 10/06/2008
Modified: 16/07/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 09/06/2008
Modified: 13/04/2008
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
441136 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: odysseyIM3
ImagePath: system32\DRIVERS\odysseyIM3.sys
C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
-R- 62673 bytes
Created: 10/06/2008
Modified: 14/05/2003
Company: Funk Software, Inc.
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: PRISM_A00
ImagePath: system32\DRIVERS\WL54CB.sys
C:\WINDOWS\system32\DRIVERS\WL54CB.sys
-R- 391008 bytes
Created: 12/06/2008
Modified: 07/04/2004
Company: Wireless Communications Corporation
----------
Key: RecAgent
ImagePath: System32\DRIVERS\RecAgent.sys
C:\WINDOWS\System32\DRIVERS\RecAgent.sys
13776 bytes
Created: 10/06/2008
Modified: 03/08/2004
Company: Smart Link
----------
Key: rtl8139
ImagePath: system32\DRIVERS\R8139n51.SYS
C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
46976 bytes
Created: 10/06/2008
Modified: 30/07/2003
Company: Realtek Semiconductor Corporation
----------
Key: SiS315
ImagePath: system32\DRIVERS\sisgrp.sys
C:\WINDOWS\system32\DRIVERS\sisgrp.sys
397824 bytes
Created: 10/07/2008
Modified: 30/07/2003
Company: Silicon Integrated Systems Corporation
----------
Key: sisagp
ImagePath: system32\DRIVERS\SISAGPX.sys
C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
-R- 30720 bytes
Created: 10/07/2008
Modified: 30/07/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SiSkp
ImagePath: system32\drivers\srvkp.sys
C:\WINDOWS\system32\drivers\srvkp.sys
-R- 10624 bytes
Created: 10/07/2008
Modified: 30/07/2003
Company: Silicon Integrated Systems Corporation
----------
Key: SNPSTD3
ImagePath: system32\DRIVERS\snpstd3.sys
C:\WINDOWS\system32\DRIVERS\snpstd3.sys
10371072 bytes
Created: 20/06/2008
Modified: 17/07/2007
Company: Sonix Co. Ltd.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{DDDF1380-3602-4E5A-8B76-BA42742E1B23}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: w300bus
ImagePath: system32\DRIVERS\w300bus.sys
C:\WINDOWS\system32\DRIVERS\w300bus.sys
-R- 60800 bytes
Created: 06/09/2008
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mdfl
ImagePath: system32\DRIVERS\w300mdfl.sys
C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
-R- 9264 bytes
Created: 06/09/2008
Modified: 13/03/2006
Company: MCCI
----------
Key: w300mdm
ImagePath: system32\DRIVERS\w300mdm.sys
C:\WINDOWS\system32\DRIVERS\w300mdm.sys
-R- 96352 bytes
Created: 06/09/2008
Modified: 13/03/2006
Company: MCCI
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
************************************************************
19:53:13: Scanning -----VXD ENTRIES-----
************************************************************
19:53:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
19:53:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
73912 bytes
Created: 09/06/2008
Modified: 19/07/2008
Company: ALWIL Software
----------
Key: EPPShellEx
CLSID: {509FE1AF-ADD5-49EC-BC55-7CF81FD16E78}
Path: C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
69632 bytes
Created: 10/07/2008
Modified: 13/04/2006
Company: SEIKO EPSON CORPORATION
----------
Key: XXX Groove GFS Context Menu Handler XXX
CLSID: {6C467336-8281-4E60-8204-430CED96822D}
Path: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
2210608 bytes
Created: 24/08/2007
Modified: 27/10/2006
Company: Microsoft Corporation
----------
************************************************************
19:53:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------
************************************************************
19:53:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4efb-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
882416 bytes
Created: 28/07/2008
Modified: 28/07/2008
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - this key has been removed [file not found to scan]
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this BHO is referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Trojan Remover was unable to remove this key
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {988B07F5-7392-455A-8A1F-64935CB8B6ED}
BHO: C:\Program Files\BarreConfCMCIC\TAPBar.dll
C:\Program Files\BarreConfCMCIC\TAPBar.dll
225280 bytes
Created: 14/09/2007
Modified: 14/09/2007
Company: Euro-Information
----------
Key: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
BHO: C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
368640 bytes
Created: 10/07/2008
Modified: 21/02/2005
Company: SEIKO EPSON CORPORATION
----------
Key: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
160496 bytes
Created: 28/07/2008
Modified: 28/07/2008
Company: Yahoo! Inc
----------
************************************************************
19:53:31: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
19:53:31: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
19:53:31: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
19:53:31: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
19:53:32: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
19:53:32: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 09/06/2008
Modified: 09/06/2008
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
19:53:32: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008
Modified: 30/07/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 13/09/2008 08:35:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: [blank]
----------
************************************************************
19:53:32: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
Key: Groove Explorer Icon Overlay 1 (GFS Unread Stub)
CLSID: {99FD978C-D287-4F50-827F-B2C658EDA8E7}
File: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 2 (GFS Stub)
CLSID: {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
File: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
CLSID: {920E6DB1-9907-4370-B3A0-BAFC03D81399}
File: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 3 (GFS Folder)
CLSID: {16F3DD56-1AF5-4347-846D-7C10C4192619}
File: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - file already scanned
----------
Key: Groove Explorer Icon Overlay 4 (GFS Unread Mark)
CLSID: {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
File: C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL - file already scanned
----------
************************************************************
19:53:33: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Nina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Nina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
434046 bytes
Created: 10/07/2008
Modified: 28/07/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Nina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
434046 bytes
Created: 10/07/2008
Modified: 28/07/2008
Company:
----------
Additional checks completed
************************************************************
19:53:34: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------
C:\WINDOWS\SOUNDMAN.EXE
--------------------
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
--------------------
C:\Program Files\Apoint2K\Apoint.exe
--------------------
C:\WINDOWS\system32\khooker.exe
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
--------------------
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
--------------------
C:\Program Files\Apoint2K\Apntex.exe
--------------------
C:\Program Files\iPod\bin\iPodService.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
--------------------
C:\Documents and Settings\Nina\Application Data\Simply Super Software\Trojan Remover\alg129.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
19:53:36: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
19:53:36: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
19:53:36: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.01net.com/telecharger/
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.01net.com/telecharger/
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.01net.com/telecharger/
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 19:53:36 12 sept. 2008
Total Scan time: 00:00:45
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
12/09/2008 19:53:44: restart commenced
************************************************************ -
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:09, on 12/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~1\TOOLBA~3.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7C.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7A.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7B.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nanouschka573.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:09, on 12/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~1\TOOLBA~3.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7C.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7A.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7B.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nanouschka573.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:05:09, on 12/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\khooker.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - C:\PROGRA~1\ORANGE~1\TOOLBA~3.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange Toolbar FR\ToolbarContainer250.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CamserviceDeluxe2] C:\Program Files\Hercules\Deluxe Optical Glass\Camservice.exe /startup
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_SA5.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7C.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7A.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\Nina\LOCALS~1\Temp\cce7B.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://nanouschka573.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
