A l'aide!!!

MSN_Fix 1.333 
 
C:\Documents and Settings\djlaguigue\Bureau\MSNFix
Fix exécuté le 11/07/2007 - 22:24:12,04 By djlaguigue
mode sans échec         
   
************************ Recherche les fichiers présents     
   
... C:\WINDOWS\_default.pif 
... C:\WINDOWS\svchost.exe
... C:\WINDOWS\system32\dllcache\winsno.exe
 
************************ Recherche les dossiers présents     
 
Aucun dossier trouvé
 
 
 
 
************************ Suppression des fichiers     
   
.. OK ... C:\WINDOWS\_default.pif 
.. OK ... C:\WINDOWS\svchost.exe 
.. OK ... C:\WINDOWS\system32\dllcache\winsno.exe 
 
 
 
************************ Nettoyage du registre
 
 
 
************************ Fichiers suspects
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
 
 
 
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11072007_22251968.zip
 
 
 ------------------------------------------------------------------------ 
 Auteur : !aur3n7            Contact: http://246694.aceboard.fr   
 ------------------------------------------------------------------------ 
 
---------------------------------------------  END  ---------------------------------------------
 

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 22:26:11 11/07/2007

Listing files found while scanning....

C:\windows\system32\awtst.dll
C:\windows\system32\awtstqq.dll
C:\windows\system32\awttrrr.dll
C:\windows\system32\awtuuvu.dll
C:\windows\system32\byxyxxy.dll
C:\windows\system32\ddcawvv.dll
C:\windows\system32\ddccaxy.dll
C:\windows\system32\ddccayv.dll
C:\windows\system32\ddccdaa.dll
C:\windows\system32\efcaywx.dll
C:\windows\system32\fbdadovy.exe
C:\windows\system32\fccdaxu.dll
C:\windows\system32\fccdbxy.dll
C:\windows\system32\fccyywx.dll
C:\windows\system32\gebywxy.dll
C:\windows\system32\hggdccb.dll
C:\windows\system32\hqjkrdis.dll
C:\windows\system32\iifdeff.dll
C:\windows\system32\iifgfgh.dll
C:\windows\system32\iifghgd.dll
C:\windows\system32\ijkmp.bak1
C:\windows\system32\ijkmp.bak2
C:\windows\system32\ijkmp.ini
C:\windows\system32\ijkmp.ini2
C:\windows\system32\jhdwiceo.ini
C:\windows\system32\khfcbxw.dll
C:\windows\system32\kjllm.ini
C:\windows\system32\mljgddd.dll
C:\windows\system32\mljhecc.dll
C:\windows\system32\mljkhec.dll
C:\windows\system32\mlljk.dll
C:\windows\system32\nnnljki.dll
C:\windows\system32\nnnlljg.dll
C:\windows\system32\oeciwdhj.dll
C:\windows\system32\opnmkii.dll
C:\WINDOWS\System32\pmkji.dll
C:\windows\system32\pmnmnmk.dll
C:\windows\system32\ssqrpqr.dll
C:\windows\system32\tstwa.bak1
C:\windows\system32\tstwa.bak2
C:\windows\system32\tstwa.ini
C:\windows\system32\tuvsssp.dll
C:\windows\system32\urqqqno.dll
C:\windows\system32\vturpmj.dll
C:\WINDOWS\System32\vtuttrp.dll
C:\windows\system32\wvutsss.dll
C:\windows\system32\wvuvtss.dll
C:\windows\system32\xxywtts.dll
C:\windows\system32\xxywvvs.dll
C:\windows\system32\xxyyvwv.dll

Beginning removal...

 Attempting to delete C:\windows\system32\awtst.dll
C:\windows\system32\awtst.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtstqq.dll
C:\windows\system32\awtstqq.dll Has been deleted!

 Attempting to delete C:\windows\system32\awttrrr.dll
C:\windows\system32\awttrrr.dll Has been deleted!

 Attempting to delete C:\windows\system32\awtuuvu.dll
C:\windows\system32\awtuuvu.dll Has been deleted!

 Attempting to delete C:\windows\system32\byxyxxy.dll
C:\windows\system32\byxyxxy.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddcawvv.dll
C:\windows\system32\ddcawvv.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddccaxy.dll
C:\windows\system32\ddccaxy.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddccayv.dll
C:\windows\system32\ddccayv.dll Has been deleted!

 Attempting to delete C:\windows\system32\ddccdaa.dll
C:\windows\system32\ddccdaa.dll Has been deleted!

 Attempting to delete C:\windows\system32\efcaywx.dll
C:\windows\system32\efcaywx.dll Has been deleted!

 Attempting to delete C:\windows\system32\fbdadovy.exe
C:\windows\system32\fbdadovy.exe Has been deleted!

 Attempting to delete C:\windows\system32\fccdaxu.dll
C:\windows\system32\fccdaxu.dll Has been deleted!

 Attempting to delete C:\windows\system32\fccdbxy.dll
C:\windows\system32\fccdbxy.dll Has been deleted!

 Attempting to delete C:\windows\system32\fccyywx.dll
C:\windows\system32\fccyywx.dll Has been deleted!

 Attempting to delete C:\windows\system32\gebywxy.dll
C:\windows\system32\gebywxy.dll Has been deleted!

 Attempting to delete C:\windows\system32\hggdccb.dll
C:\windows\system32\hggdccb.dll Has been deleted!

 Attempting to delete C:\windows\system32\hqjkrdis.dll
C:\windows\system32\hqjkrdis.dll Has been deleted!

 Attempting to delete C:\windows\system32\iifdeff.dll
C:\windows\system32\iifdeff.dll Has been deleted!

 Attempting to delete C:\windows\system32\iifgfgh.dll
C:\windows\system32\iifgfgh.dll Has been deleted!

 Attempting to delete C:\windows\system32\iifghgd.dll
C:\windows\system32\iifghgd.dll Has been deleted!

 Attempting to delete C:\windows\system32\ijkmp.bak1
C:\windows\system32\ijkmp.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\ijkmp.bak2
C:\windows\system32\ijkmp.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\ijkmp.ini
C:\windows\system32\ijkmp.ini Has been deleted!

 Attempting to delete C:\windows\system32\ijkmp.ini2
C:\windows\system32\ijkmp.ini2 Has been deleted!

 Attempting to delete C:\windows\system32\jhdwiceo.ini
C:\windows\system32\jhdwiceo.ini Has been deleted!

 Attempting to delete C:\windows\system32\khfcbxw.dll
C:\windows\system32\khfcbxw.dll Has been deleted!

 Attempting to delete C:\windows\system32\kjllm.ini
C:\windows\system32\kjllm.ini Has been deleted!

 Attempting to delete C:\windows\system32\mljgddd.dll
C:\windows\system32\mljgddd.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljhecc.dll
C:\windows\system32\mljhecc.dll Has been deleted!

 Attempting to delete C:\windows\system32\mljkhec.dll
C:\windows\system32\mljkhec.dll Has been deleted!

 Attempting to delete C:\windows\system32\mlljk.dll
C:\windows\system32\mlljk.dll Has been deleted!

 Attempting to delete C:\windows\system32\nnnljki.dll
C:\windows\system32\nnnljki.dll Has been deleted!

 Attempting to delete C:\windows\system32\nnnlljg.dll
C:\windows\system32\nnnlljg.dll Has been deleted!

 Attempting to delete C:\windows\system32\oeciwdhj.dll
C:\windows\system32\oeciwdhj.dll Has been deleted!

 Attempting to delete C:\windows\system32\opnmkii.dll
C:\windows\system32\opnmkii.dll Has been deleted!

 Attempting to delete C:\WINDOWS\System32\pmkji.dll
C:\WINDOWS\System32\pmkji.dll Could not be deleted.

 Attempting to delete C:\windows\system32\pmnmnmk.dll
C:\windows\system32\pmnmnmk.dll Has been deleted!

 Attempting to delete C:\windows\system32\ssqrpqr.dll
C:\windows\system32\ssqrpqr.dll Has been deleted!

 Attempting to delete C:\windows\system32\tstwa.bak1
C:\windows\system32\tstwa.bak1 Has been deleted!

 Attempting to delete C:\windows\system32\tstwa.bak2
C:\windows\system32\tstwa.bak2 Has been deleted!

 Attempting to delete C:\windows\system32\tstwa.ini
C:\windows\system32\tstwa.ini Has been deleted!

 Attempting to delete C:\windows\system32\tuvsssp.dll
C:\windows\system32\tuvsssp.dll Has been deleted!

 Attempting to delete C:\windows\system32\urqqqno.dll
C:\windows\system32\urqqqno.dll Has been deleted!

 Attempting to delete C:\windows\system32\vturpmj.dll
C:\windows\system32\vturpmj.dll Has been deleted!

 Attempting to delete C:\WINDOWS\System32\vtuttrp.dll
C:\WINDOWS\System32\vtuttrp.dll Could not be deleted.

 Attempting to delete C:\windows\system32\wvutsss.dll
C:\windows\system32\wvutsss.dll Has been deleted!

 Attempting to delete C:\windows\system32\wvuvtss.dll
C:\windows\system32\wvuvtss.dll Has been deleted!

 Attempting to delete C:\windows\system32\xxywtts.dll
C:\windows\system32\xxywtts.dll Has been deleted!

 Attempting to delete C:\windows\system32\xxywvvs.dll
C:\windows\system32\xxywvvs.dll Has been deleted!

 Attempting to delete C:\windows\system32\xxyyvwv.dll
C:\windows\system32\xxyyvwv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.4

Checking Java version...

Sun Java not detected
Scan started at 22:48:59 11/07/2007

Listing files found while scanning....

C:\windows\system32\ijkmp.ini
C:\WINDOWS\System32\pmkji.dll
C:\WINDOWS\system32\vtuttrp.dll

Beginning removal...

 Attempting to delete C:\windows\system32\ijkmp.ini
C:\windows\system32\ijkmp.ini Has been deleted!

 Attempting to delete C:\WINDOWS\System32\pmkji.dll
C:\WINDOWS\System32\pmkji.dll Could not be deleted.

 Attempting to delete C:\WINDOWS\system32\vtuttrp.dll
C:\WINDOWS\system32\vtuttrp.dll Could not be deleted.

Performing Repairs to the registry.
Done!

fichier host original inexistant.

Logfile of HijackThis v1.99.1
Scan saved at 00:28:32, on 12/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\lswyctwd.exe
C:\WINDOWS\System32\dllcache\winsntp.exe
C:\WINDOWS\system32\drivers\spoolsv32.exe
C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe
C:\WINDOWS\System32\netdiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\join.exe
C:\WINDOWS\System32\sym.exe
C:\WINDOWS\System32\psycho.exe
C:\WINDOWS\System32\ActiveX.exe
C:\WINDOWS\System32\MSNMGR.EXE
C:\WINDOWS\System32\Roma.exe
C:\WINDOWS\System32\uqhwwe.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\linkprd.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\clcl12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\DJLAGU~1\LOCALS~1\Temp\Rar$EX00.718\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DRam prosessor] plscd.exe
O4 - HKLM\..\Run: [NetDiag] netdiag.exe
O4 - HKLM\..\Run: [Microsoft Update Machine] yinjhd.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Windows Service Agent] sym.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [join] C:\WINDOWS\System32\join.exe
O4 - HKLM\..\Run: [ISPSERVICE] C:\WINDOWS\System32\psycho.exe
O4 - HKLM\..\Run: [progs] ActiveX.exe
O4 - HKLM\..\Run: [Winsock2 driver] MSNMGR.EXE
O4 - HKLM\..\Run: [Microsoftt Windows Update] Roma.exe
O4 - HKLM\..\Run: [Program Access Service] ddgbydpsov.exe
O4 - HKLM\..\Run: [scan-] uqhwwe.exe
O4 - HKLM\..\Run: [Intel system tool] C:\WINDOWS\System32\svehost.exe
O4 - HKLM\..\Run: [clcl12] C:\WINDOWS\System32\clcl12.exe
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKLM\..\RunServices: [NetDiag] netdiag.exe
O4 - HKLM\..\RunServices: [Microsoft Update Machine] yinjhd.exe
O4 - HKLM\..\RunServices: [Windows Service Agent] sym.exe
O4 - HKLM\..\RunServices: [progs] ActiveX.exe
O4 - HKLM\..\RunServices: [Microsoftt Windows Update] Roma.exe
O4 - HKLM\..\RunServices: [Program Access Service] ddgbydpsov.exe
O4 - HKLM\..\RunServices: [scan-] uqhwwe.exe
O4 - HKLM\..\RunServices: [Microsoft] googlehzaf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Microsoft Update Machine] yinjhd.exe
O4 - HKCU\..\Run: [Windows Service Agent] sym.exe
O4 - HKCU\..\Run: [Microsoftt Windows Update] Roma.exe
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\System32\linkprd.exe /res
O4 - HKCU\..\RunOnce: [Winsock2 driver] MSNMGR.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5833B39-B6A8-477A-A591-FE25F15E7630}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Windows Time Service (CSRRS) - Unknown owner - C:\WINDOWS\system\csrrs.exe (file missing)
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: DomainService -  - C:\WINDOWS\System32\lswyctwd.exe
O23 - Service: Memorex Network Analysis Tool - Unknown owner - C:\WINDOWS\System32\dllcache\winsntp.exe
O23 - Service: Spooler SubSystem App (SPOOLSV32) - Unknown owner - C:\WINDOWS\system32\drivers\spoolsv32.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

Search Navipromo version 2.0.5 commencé le 12/07/2007 à  1:36:01,70
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Executé en mode sans échec

*** Recherche Programmes installes ***

 
Instant Access


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***


C:\Program Files\Instant Access trouvé !


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\djlaguigue\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of October, 2007.
Version information: 2.2.1064.

[+] Started on 07/12/07 at 01:36:05.
[-] ERROR: F-Secure BlackLight cannot be used in safe mode.
[+] Exited on 07/12/07 at 01:36:05 (return code = 3).


*** Recherche fichiers ***


C:\WINDOWS\system32\linkprd.exe trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]
 
 

Recherche Clé Magic Control
 
 
 
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
 
1)Recherche fichiers connus:


2)Recherche Heuristique :
*
C:\WINDOWS\system32\cgnepq.dat trouvé !
**
C:\WINDOWS\system32\cgnepq.dat trouvé !
***
****
C:\WINDOWS\system32\cgnepq_navps.dat trouvé !
*****
C:\WINDOWS\system32\cgnepq_nav.dat trouvé !
******
*******
********
C:\WINDOWS\system32\googlehzaf.exe trouvé !
C:\WINDOWS\system32\linkprd.exe trouvé !
C:\WINDOWS\system32\lswyctwd.exe trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse Terminé le 12/07/2007 à  1:36:43,34 ***

Logfile of HijackThis v1.99.1
Scan saved at 03:59:32, on 12/07/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\spoolsv32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\djlaguigue\Mes documents\AGA.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5ACFDED9-598A-44F9-AA91-8B4B3AFD4981} - C:\WINDOWS\System32\pmkji.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtuttrp.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:fr
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [progs] ActiveX.exe
O4 - HKLM\..\Run: [cgnepq] c:\windows\system32\cgnepq.exe cgnepq
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection.cab?version=
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5833B39-B6A8-477A-A591-FE25F15E7630}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: pmkji - C:\WINDOWS\System32\pmkji.dll
O20 - Winlogon Notify: vtuttrp - C:\WINDOWS\SYSTEM32\vtuttrp.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Unknown owner - C:\Program Files\Digidesign\Drivers\MMERefresh.exe (file missing)
O23 - Service: Spooler SubSystem App (SPOOLSV32) - Unknown owner - C:\WINDOWS\system32\drivers\spoolsv32.exe
O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

Clean Navipromo version 2.0.5 commencé le 12/07/2007 à 14:21:08,18

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 01.07.2007 a 12h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 

*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\djlaguigue\Application Data ***



*** Suppression fichiers ***

C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\djlaguigue\Local Settings\Temp effectué !

 
*** Sauvegarde du registre vers dossier Backupnavi***
 
 
sauvegarde du registre réalise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

*
C:\WINDOWS\System32\cgnepq.dat trouvé !
Copie C:\WINDOWS\system32\cgnepq.dat réalise avec succes !
C:\WINDOWS\system32\cgnepq.dat supprimé !

**
***
****
C:\WINDOWS\System32\cgnepq_navps.dat trouvé !
Copie C:\WINDOWS\system32\cgnepq_navps.dat réalise avec succes !
C:\WINDOWS\system32\cgnepq_navps.dat supprimé !

*****
C:\WINDOWS\System32\cgnepq_nav.dat trouvé !
Copie C:\WINDOWS\system32\cgnepq_nav.dat réalise avec succes !
C:\WINDOWS\system32\cgnepq_nav.dat supprimé !

******
*******
********

3)Contrôle présence clés Rootkit dans le registre :

Aucune autre clés présente dans le registre !

4)Certificats :

Certificat Egroup supprimé !

*** Nettoyage termine le 12/07/2007 à 14:23:07,12 ***