Infection WIN32:Horst-HW[trj] et WIN32Horst-GZ[trj] HELP
Dernière réponse : dans Sécurité
Bonjour à tous!
Alors voilà, comme le titre le dit j'ai quelques soucis d'infection par des trojan. J'utilise Avast comme antivirus, et le pare-feu windows est activé.
Il m'indique à chaque fois que c'est des fichiers dans le dossier TEMP dans C:\Documents and Settings\Esteves\Local Settings qui sont infectés. J'ai beau les avoir supprimer en mode sans échec ils "réaparaissent", j'imagine que la source ne vient pas de là...
Si vous pouviez m'aider en m'indiquant quels étapes je devrais suivre ce serait bien gentil![:)]( ":)")
Alors voilà, comme le titre le dit j'ai quelques soucis d'infection par des trojan. J'utilise Avast comme antivirus, et le pare-feu windows est activé.
Il m'indique à chaque fois que c'est des fichiers dans le dossier TEMP dans C:\Documents and Settings\Esteves\Local Settings qui sont infectés. J'ai beau les avoir supprimer en mode sans échec ils "réaparaissent", j'imagine que la source ne vient pas de là...
Si vous pouviez m'aider en m'indiquant quels étapes je devrais suivre ce serait bien gentil
Autres pages sur : infection win32 horst trj win32horst trj help
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Voici le raport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:54:56, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\DOCUME~1\Esteves\LOCALS~1\Temp\65exinjs.a9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:54:56, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\DOCUME~1\Esteves\LOCALS~1\Temp\65exinjs.a9.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Re,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Le rapport Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 16:21:11, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Le rapport de SDFix:
SDFix: Version 1.81
Run by Esteves - 01.05.2007 - 16:02:41.10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Esteves\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system\smss.exe - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe:*:Enabled:Mathematica 5.1"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe:*:Enabled:Mathematica 5.1 Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe:*:Enabled:math.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System"
"C:\\Documents and Settings\\Esteves\\Bureau\\Defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Bureau\\Defcon\\defcon.exe:*:Enabled![:D]( ":D")
efcon"
"C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe"="C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe:*:Enabled:RaceDriver 3 Application"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Programmes\\Defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Programmes\\Defcon\\defcon.exe:*:Enabled![:D]( ":D")
efcon"
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe"="C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe:*:Enabled:HIWAVE EXE"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Altium Designer 6\\DXP.exe"="C:\\Program Files\\Altium Designer 6\\DXP.exe:*:Enabled![:D]( ":D")
XP"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes fichiers reçus\\defcon\\defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes fichiers reçus\\defcon\\defcon\\defcon.exe:*:Enabled![:D]( ":D")
efcon"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Esteves\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Esteves\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe"="C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe:*![:D]( ":D")
isabled:MATLAB"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\87exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\87exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\30exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\30exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\36exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\36exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\66exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\66exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\1exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\1exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\43exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\43exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\51exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\51exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\42exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\42exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\93exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\93exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\19exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\19exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\49exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\49exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\15exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\15exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\70exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\70exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\35exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\35exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\77exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\77exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\92exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\92exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\37exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\37exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\90exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\90exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\daniel_esteves@hotmail.com\Sharing Folders\linouch01@hotmail.com\Thumbs.db
C:\Program Files\National Instruments\NI-CAN\bin\CanCoreVersion.dll
C:\Program Files\National Instruments\NI-CAN\bin\CANProviderVersion.dll
C:\Program Files\National Instruments\NI-CAN\bin\CANSupportVersion.dll
C:\Program Files\National Instruments\NI-DNET\bin\NidnetVersion.dll
C:\Program Files\National Instruments\NI-488.2\Bin\LaunchUtility.exe
C:\Program Files\National Instruments\NI-488.2\Help\LaunchUtility.exe
C:\Documents and Settings\Esteves\Mes documents\Mes Documents\HE-ARC\Modules Niveau I\Labo de physique\QuatriŠme exp‚rience - Pression et volume des gaz\~WRL0004.tmp
C:\Documents and Settings\Esteves\Mes documents\Mes Documents\HE-ARC\Modules Niveau II\LabView\Fichiers du prof\02_VI&sub_VI\~WRL0004.tmp
C:\Documents and Settings\Esteves\Mes documents\Mes images\Mes photos\Tor‚e … Pierre-…-Bot [9 juin 2006]\SIV5.tmp
Finished
Logfile of HijackThis v1.99.1
Scan saved at 16:21:11, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
C:\WINDOWS\system32\HPZipm12.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Le rapport de SDFix:
SDFix: Version 1.81
Run by Esteves - 01.05.2007 - 16:02:41.10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Esteves\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\odbc.INI - Deleted
C:\WINDOWS\system\smss.exe - Deleted
Removing Temp Files
ADS Check:
Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.
Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe:*:Enabled:Mathematica 5.1"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe:*:Enabled:Mathematica 5.1 Kernel"
"C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe"="C:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe:*:Enabled:math.exe"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe"="C:\\Program Files\\National Instruments\\LabVIEW 8.0\\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System"
"C:\\Documents and Settings\\Esteves\\Bureau\\Defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Bureau\\Defcon\\defcon.exe:*:Enabled
efcon""C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe"="C:\\Program Files\\Codemasters\\Race Driver 3\\RD3.exe:*:Enabled:RaceDriver 3 Application"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Programmes\\Defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Programmes\\Defcon\\defcon.exe:*:Enabled
efcon""C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"="C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe:*:Enabled:TrueVector Service"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe"="C:\\Program Files\\Metrowerks\\CodeWarrior CW12_V3.1\\prog\\hiwave.exe:*:Enabled:HIWAVE EXE"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi Client"
"C:\\Program Files\\Valve\\hl.exe"="C:\\Program Files\\Valve\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Altium Designer 6\\DXP.exe"="C:\\Program Files\\Altium Designer 6\\DXP.exe:*:Enabled
XP""C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes fichiers reçus\\defcon\\defcon\\defcon.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes fichiers reçus\\defcon\\defcon\\defcon.exe:*:Enabled
efcon""C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Documents and Settings\\Esteves\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\Esteves\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe"="C:\\Program Files\\MATLAB\\R2006b\\bin\\win32\\MATLAB.exe:*
isabled:MATLAB""C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\apache2\\bin\\Apache.exe"="C:\\Documents and Settings\\Esteves\\Mes documents\\Mes Documents\\HE-ARC\\Modules Niveau II\\Applications Internet\\movamp\\mnt\\usr\\local\\apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\87exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\87exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\30exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\30exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\36exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\36exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\66exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\66exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\1exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\1exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\43exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\43exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\51exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\51exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\42exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\42exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\93exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\93exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\19exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\19exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\49exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\49exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\15exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\15exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\70exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\70exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\35exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\35exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\77exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\77exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\92exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\92exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\37exinjs.a8.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\37exinjs.a8.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\90exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\90exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\28exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\28exinjs.a9.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes:
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\daniel_esteves@hotmail.com\Sharing Folders\linouch01@hotmail.com\Thumbs.db
C:\Program Files\National Instruments\NI-CAN\bin\CanCoreVersion.dll
C:\Program Files\National Instruments\NI-CAN\bin\CANProviderVersion.dll
C:\Program Files\National Instruments\NI-CAN\bin\CANSupportVersion.dll
C:\Program Files\National Instruments\NI-DNET\bin\NidnetVersion.dll
C:\Program Files\National Instruments\NI-488.2\Bin\LaunchUtility.exe
C:\Program Files\National Instruments\NI-488.2\Help\LaunchUtility.exe
C:\Documents and Settings\Esteves\Mes documents\Mes Documents\HE-ARC\Modules Niveau I\Labo de physique\QuatriŠme exp‚rience - Pression et volume des gaz\~WRL0004.tmp
C:\Documents and Settings\Esteves\Mes documents\Mes Documents\HE-ARC\Modules Niveau II\LabView\Fichiers du prof\02_VI&sub_VI\~WRL0004.tmp
C:\Documents and Settings\Esteves\Mes documents\Mes images\Mes photos\Tor‚e … Pierre-…-Bot [9 juin 2006]\SIV5.tmp
Finished
Les fichiers qu'avast me dit infectées sont ceux qui ressemble à ca (qui sont dans la liste):
C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME
C'est grave docteur?![:(]( ":(")
C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Esteves\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME
C'est grave docteur?
Re,
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
Télécharge puis installe AVG Anti-Spyware (AVG AS)
Fais les mises à jour mais ne lance pas de scan pour le moment.
AIDE : Tuto sur AVG Anti-Spyware (Malekal)
Redémarre en mode sans échec
Relance AVG AS :
- Choisis l'onglet "Analyse"
- Puis l'onglet "Paramètres"
- Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
- Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
[#ff0000]Si un fichier est infecté en fin d'analyse, clique sur "Appliquer toutes les actions"[/#f]
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Redémarre normalement
Poste le rapport AVG AS ainsi qu'un rapport Hijackthis.
J'ai pu mettre à jour AVG.
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:48:06, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
AVG AS:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:38:21 01.05.2007
+ Résultat de l'analyse:
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WindowBlinds v.5 cracks.exe -> Downloader.Agent.aii : Nettoyé.
:mozilla.170:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.171:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Esteves\Cookies\esteves@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.119:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.120:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.121:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.122:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.123:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.124:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.125:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.126:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.127:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.128:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.129:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.130:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.131:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.132:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.133:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.134:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.135:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.136:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.137:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.138:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.139:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.272:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.304:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.761:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.77:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.78:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.79:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.813:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.232:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.233:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.60:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.95:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.303:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.376:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.377:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.378:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.379:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.338:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.476:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.477:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.478:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Esteves\Cookies\esteves@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.343:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.349:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.350:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.351:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.352:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.382:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.383:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.52:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.46:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.836:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.552:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.553:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.554:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.839:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.20:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.21:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.22:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.637:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.638:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.649:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.820:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.61:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.25:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.760:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.229:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.779:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.780:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.781:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.302:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.356:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.357:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.358:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.359:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.360:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.361:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.362:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.363:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.364:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.365:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.366:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.367:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.368:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.369:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.370:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.371:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.372:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.373:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.374:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.375:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.514:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.515:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.516:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.15:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.792:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.38:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.39:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.40:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.41:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.80:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.81:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.82:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.83:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 22:48:06, on 01.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
AVG AS:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 22:38:21 01.05.2007
+ Résultat de l'analyse:
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WindowBlinds v.5 cracks.exe -> Downloader.Agent.aii : Nettoyé.
:mozilla.170:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.171:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Esteves\Cookies\esteves@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.119:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.120:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.121:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.122:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.123:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.124:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.125:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.126:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.127:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.128:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.129:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.130:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.131:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.132:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.133:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.134:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.135:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.136:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.137:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.138:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.139:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.272:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.304:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.761:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.77:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.78:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.79:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.813:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.232:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.233:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.60:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.95:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.303:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.376:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.377:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.378:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.379:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.338:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Com : Nettoyé.
:mozilla.476:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.477:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.478:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Esteves\Cookies\esteves@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.343:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé.
:mozilla.349:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.350:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.351:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.352:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Cpvfeed : Nettoyé.
:mozilla.382:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.383:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.52:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.46:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.836:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Etracker : Nettoyé.
:mozilla.552:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.553:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.554:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé.
:mozilla.839:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.20:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.21:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.22:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.637:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.638:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.649:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.820:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.61:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.25:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.760:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.229:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.779:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.780:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.781:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.302:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.356:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.357:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.358:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.359:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.360:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.361:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.362:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.363:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.364:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.365:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.366:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.367:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.368:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.369:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.370:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.371:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.372:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.373:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.374:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.375:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
:mozilla.514:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.515:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.516:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.15:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.16:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.17:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.792:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.38:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.39:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.40:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.41:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.80:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.81:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.82:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.83:C:\Documents and Settings\Esteves\Application Data\Mozilla\Firefox\Profiles\5e5n01du.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
Fin du rapport
Re,
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur ![]()
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, May 02, 2007 7:34:34 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 2/05/2007
Enregistrements dans la base antivirus Kaspersky : 289749
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
F:\
Statistiques de l'analyse:
Total d'objets analysés: 223960
Nombre de virus trouvés: 1
Nombre d'objets infectés: 1 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:26:17
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010002.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows Live Contacts\esteves.d@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows Live Contacts\esteves.d@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Historique\History.IE5\MSHist012007050220070503\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFB3E4.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFB4F9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFDF9F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFFF9E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFFFAA.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\NTUSER.DAT.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\pedriver.txt L'objet est verrouillé ignoré
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-02.15-51-30.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00010015.ci L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{F9B5DB52-5D1A-4DC1-A180-12FF59258B95}\RP1\A0001214.exe Infecté : Trojan-Downloader.Win32.Agent.aii ignoré
C:\System Volume Information\_restore{F9B5DB52-5D1A-4DC1-A180-12FF59258B95}\RP1\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, May 02, 2007 7:34:34 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 2/05/2007
Enregistrements dans la base antivirus Kaspersky : 289749
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
F:\
Statistiques de l'analyse:
Total d'objets analysés: 223960
Nombre de virus trouvés: 1
Nombre d'objets infectés: 1 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 03:26:17
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010002.ci L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Messenger\esteves.d@hotmail.com\SharingMetadata\Working\database_2030_CBFA_30CB_D546\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows Live Contacts\esteves.d@hotmail.com\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Application Data\Microsoft\Windows Live Contacts\esteves.d@hotmail.com\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Historique\History.IE5\MSHist012007050220070503\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\hpodvd09.log L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFB3E4.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFB4F9.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFDF9F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFFF9E.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temp\~DFFFAA.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Esteves\NTUSER.DAT.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\pedriver.txt L'objet est verrouillé ignoré
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-05-02.15-51-30.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software - Avast\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00000002.ps2 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\00010015.ci L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.fid L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\cicat.hsh L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiCL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP10000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiP20000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiPT0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSL0001.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiSP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiST0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\CiVP0000.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\INDEX.000 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk1 L'objet est verrouillé ignoré
C:\System Volume Information\catalog.wci\propstor.bk2 L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{F9B5DB52-5D1A-4DC1-A180-12FF59258B95}\RP1\A0001214.exe Infecté : Trojan-Downloader.Win32.Agent.aii ignoré
C:\System Volume Information\_restore{F9B5DB52-5D1A-4DC1-A180-12FF59258B95}\RP1\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\vaxscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_7d8.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Analyse terminée.
Le voici:
Logfile of HijackThis v1.99.1
Scan saved at 20:07:37, on 02.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:07:37, on 02.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\RTProxy.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Esteves\Bureau\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.he-arc.ch:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*.*.*;*he-arc.ch;*eiaj.ch;*heaa-ne.ch;*hegne.ch;esma.cpaijb.ch;notes.cpaijb.ch;esmatest.cpaijb.ch;wwwin.*.be.ch;*a27*.be.ch;*sqlserver*.be.ch;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software - Avast\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software - Avast\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: MATLAB License Server - Macrovision Corporation - C:\Program Files\MATLAB\R2006b\flexlm\lmgrd.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nimcdldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nimcrpcsu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: niRTProxy - National Instruments - C:\WINDOWS\system32\RTProxy.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Comme j'ai écris avant je n'ai plus ces fichiers et les alertes avast, j'imagine que ça doit être tout bon alors ![:)]( ":)")
Merci beaucoup en tout cas! Tu m'as été d'une grande aide! C'est bien gentil.
Crois-tu que ça ait pu effacer des programmes ou quelque chose? J'ai l'impression qu'avec ces trojan mon disque dur à été liberé d'environ 1Go, mais je peux me tromper (surtout que je n'ai pas encore remarqué de fichiers manquants).
Merci beaucoup en tout cas! Tu m'as été d'une grande aide! C'est bien gentil.
Crois-tu que ça ait pu effacer des programmes ou quelque chose? J'ai l'impression qu'avec ces trojan mon disque dur à été liberé d'environ 1Go, mais je peux me tromper (surtout que je n'ai pas encore remarqué de fichiers manquants).
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumInfection par win32 bho kd trj
- ForumInfection par win32 tratbho trj
- ForumInfection par win32 beagle-aaw trj et hdlrr
- ForumInfection par win32 spyware-gen trj
- ForumInfection win32 vundo dll trj aide
- ForumDemande d'aide infection win32 tratbho trj
- ForumInfection par win32 ntrootkit-b trj
- ForumInfection par win32 small-jmh trj
- ForumInfection par win32 beagle-aaw trj
- ForumInfection win32 agent-rgo trj
- Voir plus
