bonjour depuis peu je suis envahis de pub avec pour en tete CiD
pouvez vous m'aider
ci joint le rapport hijackthis
merçi
Logfile of HijackThis v1.99.1
Scan saved at 18:26:40, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BDOSCAN8\IEXPLORE.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Borland\InterBase\Bin\ibguard.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\InterBase\Bin\ibserver.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
D:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [USBToolTip] "D:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\body axis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pense-bête.lnk = D:\PrintMaster\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presen [...] Ephoto.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo. [...] ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/conten [...] loader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectCohr) - Unknown owner - c:\windows\system32\directx.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibguard.exe
O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Bonjour,
Télécharge Lop S&D.exe sur ton Bureau.
- Double-clique dessus pour lancer l'installation
- Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
- Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
- Patiente jusqu'à la fin du scan
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
Merçi pour ta réponse rapide
voiçi donc le rapport
-----------------------------[ Lop S&D 2.0.2.b ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 08/01/2008 | 19:37:23,65 ] [ TONDUSSO-0MMCO3 ]
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini
C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\Bags Plus Online Chin
C:\Documents and Settings\All Users\APPLIC~1\Windows Live Toolbar
C:\Documents and Settings\All Users\APPLIC~1\VMware
C:\Documents and Settings\All Users\APPLIC~1\TechSmith
C:\Documents and Settings\All Users\APPLIC~1\ezsid.dat
C:\Documents and Settings\All Users\APPLIC~1\Skype
C:\Documents and Settings\All Users\APPLIC~1\nHancer
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\TEMP
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\Adobe
C:\Documents and Settings\All Users\APPLIC~1\Creative
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\WinAntiVirus Pro 2006
C:\Documents and Settings\All Users\APPLIC~1\Trymedia
C:\Documents and Settings\All Users\APPLIC~1\MSN6
C:\Documents and Settings\All Users\APPLIC~1\Emjysoft
C:\Documents and Settings\All Users\APPLIC~1\UDL
C:\Documents and Settings\All Users\APPLIC~1\Exetender
C:\Documents and Settings\All Users\APPLIC~1\DVD Shrink
C:\Documents and Settings\All Users\APPLIC~1\Ciel
C:\Documents and Settings\All Users\APPLIC~1\hpzinstall.log
C:\Documents and Settings\All Users\APPLIC~1\HP
C:\Documents and Settings\All Users\APPLIC~1\Hewlett-Packard
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Symantec
C:\Documents and Settings\All Users\APPLIC~1\Logitech
C:\Documents and Settings\All Users\APPLIC~1\SmartSound Software Inc
C:\Documents and Settings\All Users\APPLIC~1\Pinnacle
C:\Documents and Settings\All Users\APPLIC~1\Macrovision
C:\Documents and Settings\All Users\APPLIC~1\Ahead
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\CyberLink
C:\Documents and Settings\All Users\APPLIC~1\Knowledge Adventure
C:\Documents and Settings\All Users\APPLIC~1\QuickTime
C:\Documents and Settings\Christ\APPLIC~1\dog nurb debug
C:\Documents and Settings\Christ\APPLIC~1\Microsoft
C:\Documents and Settings\Christ\APPLIC~1\Skype
C:\Documents and Settings\Christ\APPLIC~1\skypePM
C:\Documents and Settings\Christ\APPLIC~1\AquaNox
C:\Documents and Settings\Christ\APPLIC~1\Sun
C:\Documents and Settings\Christ\APPLIC~1\Adobe
C:\Documents and Settings\Christ\APPLIC~1\fltk.org
C:\Documents and Settings\Christ\APPLIC~1\LimeWire
C:\Documents and Settings\Christ\APPLIC~1\Styler
C:\Documents and Settings\Christ\APPLIC~1\Stardock
C:\Documents and Settings\Christ\APPLIC~1\gtopala
C:\Documents and Settings\Christ\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\Christ\APPLIC~1\TaoUSign
C:\Documents and Settings\Christ\APPLIC~1\Creative
C:\Documents and Settings\Christ\APPLIC~1\AdobeUM
C:\Documents and Settings\Christ\APPLIC~1\DivX
C:\Documents and Settings\Christ\APPLIC~1\MSN6
C:\Documents and Settings\Christ\APPLIC~1\Emjysoft
C:\Documents and Settings\Christ\APPLIC~1\EPSON
C:\Documents and Settings\Christ\APPLIC~1\Ahead
C:\Documents and Settings\Christ\APPLIC~1\Leadertech
C:\Documents and Settings\Christ\APPLIC~1\HP
C:\Documents and Settings\Christ\APPLIC~1\Common Files
C:\Documents and Settings\Christ\APPLIC~1\Google
C:\Documents and Settings\Christ\APPLIC~1\Real
C:\Documents and Settings\Christ\APPLIC~1\Apple Computer
C:\Documents and Settings\Christ\APPLIC~1\Macromedia
C:\Documents and Settings\Christ\APPLIC~1\NeroVision
C:\Documents and Settings\Christ\APPLIC~1\CyberLink
C:\Documents and Settings\Christ\APPLIC~1\wklnhst.dat
C:\Documents and Settings\Christ\APPLIC~1\Help
C:\Documents and Settings\Christ\APPLIC~1\Logitech
C:\Documents and Settings\Christ\APPLIC~1\Lavasoft
C:\Documents and Settings\Christ\APPLIC~1\Identities
C:\Documents and Settings\Christ\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\Hugo\APPLIC~1\Microsoft
C:\Documents and Settings\Hugo\APPLIC~1\dog nurb debug
C:\Documents and Settings\Hugo\APPLIC~1\Lavasoft
C:\Documents and Settings\Hugo\APPLIC~1\Styler
C:\Documents and Settings\Hugo\APPLIC~1\Creative
C:\Documents and Settings\Hugo\APPLIC~1\DivX
C:\Documents and Settings\Hugo\APPLIC~1\Adobe
C:\Documents and Settings\Hugo\APPLIC~1\Real
C:\Documents and Settings\Hugo\APPLIC~1\Macromedia
C:\Documents and Settings\Hugo\APPLIC~1\Apple Computer
C:\Documents and Settings\Hugo\APPLIC~1\Logitech
C:\Documents and Settings\Hugo\APPLIC~1\Identities
C:\Documents and Settings\Hugo\APPLIC~1\desktop.ini
C:\Documents and Settings\LocalService\APPLIC~1\VMware
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\Webroot
C:\Documents and Settings\NetworkService\APPLIC~1\VMware
C:\Documents and Settings\NetworkService\APPLIC~1\Symantec
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\Th‚o\APPLIC~1\dog nurb debug
C:\Documents and Settings\Th‚o\APPLIC~1\SparkleXP
C:\Documents and Settings\Th‚o\APPLIC~1\Microsoft
C:\Documents and Settings\Th‚o\APPLIC~1\VMware
C:\Documents and Settings\Th‚o\APPLIC~1\Adobe
C:\Documents and Settings\Th‚o\APPLIC~1\fltk.org
C:\Documents and Settings\Th‚o\APPLIC~1\Styler
C:\Documents and Settings\Th‚o\APPLIC~1\CyberLink
C:\Documents and Settings\Th‚o\APPLIC~1\Logitech
C:\Documents and Settings\Th‚o\APPLIC~1\Help
C:\Documents and Settings\Th‚o\APPLIC~1\Creative
C:\Documents and Settings\Th‚o\APPLIC~1\Sierra
C:\Documents and Settings\Th‚o\APPLIC~1\DivX
C:\Documents and Settings\Th‚o\APPLIC~1\MSN6
C:\Documents and Settings\Th‚o\APPLIC~1\Ahead
C:\Documents and Settings\Th‚o\APPLIC~1\Google
C:\Documents and Settings\Th‚o\APPLIC~1\Emjysoft
C:\Documents and Settings\Th‚o\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\Th‚o\APPLIC~1\AdobeUM
C:\Documents and Settings\Th‚o\APPLIC~1\wklnhst.dat
C:\Documents and Settings\Th‚o\APPLIC~1\Webroot
C:\Documents and Settings\Th‚o\APPLIC~1\Apple Computer
C:\Documents and Settings\Th‚o\APPLIC~1\Symantec
C:\Documents and Settings\Th‚o\APPLIC~1\Real
C:\Documents and Settings\Th‚o\APPLIC~1\Macromedia
C:\Documents and Settings\Th‚o\APPLIC~1\The Labyrinth Plus! Edition
C:\Documents and Settings\Th‚o\APPLIC~1\Identities
C:\Documents and Settings\Th‚o\APPLIC~1\desktop.ini
C:\Documents and Settings\v‚ro_2\APPLIC~1\Skype
C:\Documents and Settings\v‚ro_2\APPLIC~1\skypePM
C:\Documents and Settings\v‚ro_2\APPLIC~1\dog nurb debug
C:\Documents and Settings\v‚ro_2\APPLIC~1\Microsoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\Lavasoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\Sun
C:\Documents and Settings\v‚ro_2\APPLIC~1\Ahead
C:\Documents and Settings\v‚ro_2\APPLIC~1\Styler
C:\Documents and Settings\v‚ro_2\APPLIC~1\Creative
C:\Documents and Settings\v‚ro_2\APPLIC~1\Adobe
C:\Documents and Settings\v‚ro_2\APPLIC~1\DivX
C:\Documents and Settings\v‚ro_2\APPLIC~1\MSN6
C:\Documents and Settings\v‚ro_2\APPLIC~1\Emjysoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\v‚ro_2\APPLIC~1\wklnhst.dat
C:\Documents and Settings\v‚ro_2\APPLIC~1\Help
C:\Documents and Settings\v‚ro_2\APPLIC~1\Apple Computer
C:\Documents and Settings\v‚ro_2\APPLIC~1\AdobeUM
C:\Documents and Settings\v‚ro_2\APPLIC~1\Macromedia
C:\Documents and Settings\v‚ro_2\APPLIC~1\Real
C:\Documents and Settings\v‚ro_2\APPLIC~1\Identities
C:\Documents and Settings\v‚ro_2\APPLIC~1\Logitech
C:\Documents and Settings\v‚ro_2\APPLIC~1\desktop.ini
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[08/01/2008 19:00][--ah-----]C:\WINDOWS\tasks\A9D28D9791853DAB.job
[08/01/2008 19:00][--ah-----]C:\WINDOWS\tasks\B463DCD691344EEE.job
[08/01/2008 19:00][--ah-----]C:\WINDOWS\tasks\A5782174919FDC34.job
[08/01/2008 18:22][--ah-----]C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\Audacity
C:\Program Files\Axis Communications
C:\Program Files\Borland
C:\Program Files\BurnInTest
C:\Program Files\CCleaner
C:\Program Files\C-Media 3D Audio
C:\Program Files\Common Files
C:\Program Files\Creative
C:\Program Files\CyberLink
C:\Program Files\CyberLink DVD Solution
C:\Program Files\DivX
C:\Program Files\DivXCodec
C:\Program Files\dog nurb debug
C:\Program Files\DOSBox-0.65
C:\Program Files\DOSBox-0.70
C:\Program Files\DVD Decrypter
C:\Program Files\DVD Shrink
C:\Program Files\EPSON
C:\Program Files\Fichiers communs
C:\Program Files\GALLIMARD
C:\Program Files\Hercules
C:\Program Files\HighMAT CD Writing Wizard
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\iColorFolder
C:\Program Files\IncrediMail
C:\Program Files\InterActual
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Lavalys
C:\Program Files\LightSurf
C:\Program Files\LiveUpdate
C:\Program Files\Logitech
C:\Program Files\Lop SD
C:\Program Files\Micro Application
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Money
C:\Program Files\Microsoft Money 2005
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Plus!
C:\Program Files\Microsoft Virtual PC Trial
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works Suite 2004
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Multi_Media
C:\Program Files\MultiMedia Toolbar
C:\Program Files\MUSICMATCH
C:\Program Files\Navilog1
C:\Program Files\NetMeeting
C:\Program Files\Norton SystemWorks
C:\Program Files\OfficeUpdate11
C:\Program Files\OO Software
C:\Program Files\orange
C:\Program Files\Outlook Express
C:\Program Files\Overland
C:\Program Files\Pinnacle
C:\Program Files\Player Metaboli
C:\Program Files\PROMT5
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RegCleaner
C:\Program Files\SAGEM
C:\Program Files\Serif
C:\Program Files\Services en ligne
C:\Program Files\Shockwave.com
C:\Program Files\Sierra On-Line
C:\Program Files\SightSpeed
C:\Program Files\SiSLan
C:\Program Files\SkinMaker1.1
C:\Program Files\Skype
C:\Program Files\SmartSound Software
C:\Program Files\StofWare
C:\Program Files\Symantec
C:\Program Files\SystemRequirementsLab
C:\Program Files\TestLAB 2003 Express
C:\Program Files\TGTSoft
C:\Program Files\TryMedia
C:\Program Files\Ubisoft
C:\Program Files\UNWISE.EXE
C:\Program Files\Wanadoo
C:\Program Files\Wanadoo Messager
C:\Program Files\Wanadoo Photo
C:\Program Files\WinASPI
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\DESIGNER
C:\Program Files\Fichiers communs\DirectX
C:\Program Files\Fichiers communs\Hewlett-Packard
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Macrovision Shared
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Skype
C:\Program Files\Fichiers communs\Softwin
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\Symantec Shared
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
C:\Documents and Settings\Hugo\APPLIC~1\dog nurb debug\boob spam cast fork.exe
C:\Documents and Settings\v‚ro_2\APPLIC~1\dog nurb debug\boob spam cast fork.exe
C:\Documents and Settings\Hugo\APPLIC~1\DOGNUR~1
C:\Program Files\DOGNUR~1
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\Program Files\Multi_Media
C:\WINDOWS\Tasks\A5782174919FDC34.job
C:\WINDOWS\Tasks\A9D28D9791853DAB.job
C:\WINDOWS\Tasks\B463DCD691344EEE.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 19:39:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\xdjfjszc_navps.dat
! EGDACCESS !
--------------------[ Fin du rapport a 19:39:34,53 ]----------------------
Re,
Relance Lop S&D
- Choisis cette fois ci l'Option 2 (Suppression)
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt)
(Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
Répondre à Angeldark
Search Navipromo version 3.3.9 commencé le 08/01/2008 à 19:26:15,40
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 06.01.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans C:\WINDOWS ***
*** Recherche dossiers dans C:\Program Files ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***
*** Recherche dossiers dans "C:\Documents and Settings\Christ\application data" ***
*** Recherche dossiers dans "C:\Documents and Settings\Christ\MENUDM~1\PROGRA~1" ***
*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans C:\WINDOWS\system32 *
* Recherche dans "C:\Documents and Settings\Christ\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans C:\WINDOWS\system32 :
* Dans "C:\Documents and Settings\Christ\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
4)Recherche fichiers connus :
*** Analyse terminée le 08/01/2008 à 19:34:15,73 ***
Euh...c'est pas ce que j'ai demandé...
Répondre à Angeldark
excuse moi je me suis trompé de rapport, voici le bon
-----------------------------[ Lop S&D 2.0.2.b ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 08/01/2008 | 19:52:29,95 ] [ TONDUSSO-0MMCO3 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\WINDOWS\Tasks\A5782174919FDC34.job
Supprimé! - C:\WINDOWS\Tasks\A9D28D9791853DAB.job
Supprimé! - C:\WINDOWS\Tasks\B463DCD691344EEE.job
Supprimé! - C:\Program Files\Multi_Media
Supprimé! - C:\Documents and Settings\Hugo\APPLIC~1\dog nurb debug\boob spam cast fork.exe
Supprimé! - C:\Documents and Settings\v‚ro_2\APPLIC~1\dog nurb debug\boob spam cast fork.exe
Supprimé! - C:\Documents and Settings\Hugo\APPLIC~1\DOGNUR~1
Supprimé! - C:\Program Files\DOGNUR~1
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini
C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\Bags Plus Online Chin
C:\Documents and Settings\All Users\APPLIC~1\Windows Live Toolbar
C:\Documents and Settings\All Users\APPLIC~1\VMware
C:\Documents and Settings\All Users\APPLIC~1\TechSmith
C:\Documents and Settings\All Users\APPLIC~1\ezsid.dat
C:\Documents and Settings\All Users\APPLIC~1\Skype
C:\Documents and Settings\All Users\APPLIC~1\nHancer
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\TEMP
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\Adobe
C:\Documents and Settings\All Users\APPLIC~1\Creative
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\WinAntiVirus Pro 2006
C:\Documents and Settings\All Users\APPLIC~1\Trymedia
C:\Documents and Settings\All Users\APPLIC~1\MSN6
C:\Documents and Settings\All Users\APPLIC~1\Emjysoft
C:\Documents and Settings\All Users\APPLIC~1\UDL
C:\Documents and Settings\All Users\APPLIC~1\Exetender
C:\Documents and Settings\All Users\APPLIC~1\DVD Shrink
C:\Documents and Settings\All Users\APPLIC~1\Ciel
C:\Documents and Settings\All Users\APPLIC~1\hpzinstall.log
C:\Documents and Settings\All Users\APPLIC~1\HP
C:\Documents and Settings\All Users\APPLIC~1\Hewlett-Packard
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Symantec
C:\Documents and Settings\All Users\APPLIC~1\Logitech
C:\Documents and Settings\All Users\APPLIC~1\SmartSound Software Inc
C:\Documents and Settings\All Users\APPLIC~1\Pinnacle
C:\Documents and Settings\All Users\APPLIC~1\Macrovision
C:\Documents and Settings\All Users\APPLIC~1\Ahead
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\CyberLink
C:\Documents and Settings\All Users\APPLIC~1\Knowledge Adventure
C:\Documents and Settings\All Users\APPLIC~1\QuickTime
C:\Documents and Settings\Christ\APPLIC~1\dog nurb debug
C:\Documents and Settings\Christ\APPLIC~1\Microsoft
C:\Documents and Settings\Christ\APPLIC~1\Skype
C:\Documents and Settings\Christ\APPLIC~1\skypePM
C:\Documents and Settings\Christ\APPLIC~1\AquaNox
C:\Documents and Settings\Christ\APPLIC~1\Sun
C:\Documents and Settings\Christ\APPLIC~1\Adobe
C:\Documents and Settings\Christ\APPLIC~1\fltk.org
C:\Documents and Settings\Christ\APPLIC~1\LimeWire
C:\Documents and Settings\Christ\APPLIC~1\Styler
C:\Documents and Settings\Christ\APPLIC~1\Stardock
C:\Documents and Settings\Christ\APPLIC~1\gtopala
C:\Documents and Settings\Christ\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\Christ\APPLIC~1\TaoUSign
C:\Documents and Settings\Christ\APPLIC~1\Creative
C:\Documents and Settings\Christ\APPLIC~1\AdobeUM
C:\Documents and Settings\Christ\APPLIC~1\DivX
C:\Documents and Settings\Christ\APPLIC~1\MSN6
C:\Documents and Settings\Christ\APPLIC~1\Emjysoft
C:\Documents and Settings\Christ\APPLIC~1\EPSON
C:\Documents and Settings\Christ\APPLIC~1\Ahead
C:\Documents and Settings\Christ\APPLIC~1\Leadertech
C:\Documents and Settings\Christ\APPLIC~1\HP
C:\Documents and Settings\Christ\APPLIC~1\Common Files
C:\Documents and Settings\Christ\APPLIC~1\Google
C:\Documents and Settings\Christ\APPLIC~1\Real
C:\Documents and Settings\Christ\APPLIC~1\Apple Computer
C:\Documents and Settings\Christ\APPLIC~1\Macromedia
C:\Documents and Settings\Christ\APPLIC~1\NeroVision
C:\Documents and Settings\Christ\APPLIC~1\CyberLink
C:\Documents and Settings\Christ\APPLIC~1\wklnhst.dat
C:\Documents and Settings\Christ\APPLIC~1\Help
C:\Documents and Settings\Christ\APPLIC~1\Logitech
C:\Documents and Settings\Christ\APPLIC~1\Lavasoft
C:\Documents and Settings\Christ\APPLIC~1\Identities
C:\Documents and Settings\Christ\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\Hugo\APPLIC~1\Microsoft
C:\Documents and Settings\Hugo\APPLIC~1\Lavasoft
C:\Documents and Settings\Hugo\APPLIC~1\Styler
C:\Documents and Settings\Hugo\APPLIC~1\Creative
C:\Documents and Settings\Hugo\APPLIC~1\DivX
C:\Documents and Settings\Hugo\APPLIC~1\Adobe
C:\Documents and Settings\Hugo\APPLIC~1\Real
C:\Documents and Settings\Hugo\APPLIC~1\Macromedia
C:\Documents and Settings\Hugo\APPLIC~1\Apple Computer
C:\Documents and Settings\Hugo\APPLIC~1\Logitech
C:\Documents and Settings\Hugo\APPLIC~1\Identities
C:\Documents and Settings\Hugo\APPLIC~1\desktop.ini
C:\Documents and Settings\LocalService\APPLIC~1\VMware
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\Webroot
C:\Documents and Settings\NetworkService\APPLIC~1\VMware
C:\Documents and Settings\NetworkService\APPLIC~1\Symantec
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\Th‚o\APPLIC~1\dog nurb debug
C:\Documents and Settings\Th‚o\APPLIC~1\SparkleXP
C:\Documents and Settings\Th‚o\APPLIC~1\Microsoft
C:\Documents and Settings\Th‚o\APPLIC~1\VMware
C:\Documents and Settings\Th‚o\APPLIC~1\Adobe
C:\Documents and Settings\Th‚o\APPLIC~1\fltk.org
C:\Documents and Settings\Th‚o\APPLIC~1\Styler
C:\Documents and Settings\Th‚o\APPLIC~1\CyberLink
C:\Documents and Settings\Th‚o\APPLIC~1\Logitech
C:\Documents and Settings\Th‚o\APPLIC~1\Help
C:\Documents and Settings\Th‚o\APPLIC~1\Creative
C:\Documents and Settings\Th‚o\APPLIC~1\Sierra
C:\Documents and Settings\Th‚o\APPLIC~1\DivX
C:\Documents and Settings\Th‚o\APPLIC~1\MSN6
C:\Documents and Settings\Th‚o\APPLIC~1\Ahead
C:\Documents and Settings\Th‚o\APPLIC~1\Google
C:\Documents and Settings\Th‚o\APPLIC~1\Emjysoft
C:\Documents and Settings\Th‚o\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\Th‚o\APPLIC~1\AdobeUM
C:\Documents and Settings\Th‚o\APPLIC~1\wklnhst.dat
C:\Documents and Settings\Th‚o\APPLIC~1\Webroot
C:\Documents and Settings\Th‚o\APPLIC~1\Apple Computer
C:\Documents and Settings\Th‚o\APPLIC~1\Symantec
C:\Documents and Settings\Th‚o\APPLIC~1\Real
C:\Documents and Settings\Th‚o\APPLIC~1\Macromedia
C:\Documents and Settings\Th‚o\APPLIC~1\The Labyrinth Plus! Edition
C:\Documents and Settings\Th‚o\APPLIC~1\Identities
C:\Documents and Settings\Th‚o\APPLIC~1\desktop.ini
C:\Documents and Settings\v‚ro_2\APPLIC~1\dog nurb debug
C:\Documents and Settings\v‚ro_2\APPLIC~1\Skype
C:\Documents and Settings\v‚ro_2\APPLIC~1\skypePM
C:\Documents and Settings\v‚ro_2\APPLIC~1\Microsoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\Lavasoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\Sun
C:\Documents and Settings\v‚ro_2\APPLIC~1\Ahead
C:\Documents and Settings\v‚ro_2\APPLIC~1\Styler
C:\Documents and Settings\v‚ro_2\APPLIC~1\Creative
C:\Documents and Settings\v‚ro_2\APPLIC~1\Adobe
C:\Documents and Settings\v‚ro_2\APPLIC~1\DivX
C:\Documents and Settings\v‚ro_2\APPLIC~1\MSN6
C:\Documents and Settings\v‚ro_2\APPLIC~1\Emjysoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\v‚ro_2\APPLIC~1\wklnhst.dat
C:\Documents and Settings\v‚ro_2\APPLIC~1\Help
C:\Documents and Settings\v‚ro_2\APPLIC~1\Apple Computer
C:\Documents and Settings\v‚ro_2\APPLIC~1\AdobeUM
C:\Documents and Settings\v‚ro_2\APPLIC~1\Macromedia
C:\Documents and Settings\v‚ro_2\APPLIC~1\Real
C:\Documents and Settings\v‚ro_2\APPLIC~1\Identities
C:\Documents and Settings\v‚ro_2\APPLIC~1\Logitech
C:\Documents and Settings\v‚ro_2\APPLIC~1\desktop.ini
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[08/01/2008 18:22][--ah-----]C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\Audacity
C:\Program Files\Axis Communications
C:\Program Files\Borland
C:\Program Files\BurnInTest
C:\Program Files\CCleaner
C:\Program Files\C-Media 3D Audio
C:\Program Files\Common Files
C:\Program Files\Creative
C:\Program Files\CyberLink
C:\Program Files\CyberLink DVD Solution
C:\Program Files\DivX
C:\Program Files\DivXCodec
C:\Program Files\DOSBox-0.65
C:\Program Files\DOSBox-0.70
C:\Program Files\DVD Decrypter
C:\Program Files\DVD Shrink
C:\Program Files\EPSON
C:\Program Files\Fichiers communs
C:\Program Files\GALLIMARD
C:\Program Files\Hercules
C:\Program Files\HighMAT CD Writing Wizard
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\iColorFolder
C:\Program Files\IncrediMail
C:\Program Files\InterActual
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Lavalys
C:\Program Files\LightSurf
C:\Program Files\LiveUpdate
C:\Program Files\Logitech
C:\Program Files\Lop SD
C:\Program Files\Micro Application
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Money
C:\Program Files\Microsoft Money 2005
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Plus!
C:\Program Files\Microsoft Virtual PC Trial
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works Suite 2004
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\MultiMedia Toolbar
C:\Program Files\MUSICMATCH
C:\Program Files\Navilog1
C:\Program Files\NetMeeting
C:\Program Files\Norton SystemWorks
C:\Program Files\OfficeUpdate11
C:\Program Files\OO Software
C:\Program Files\orange
C:\Program Files\Outlook Express
C:\Program Files\Overland
C:\Program Files\Pinnacle
C:\Program Files\Player Metaboli
C:\Program Files\PROMT5
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RegCleaner
C:\Program Files\SAGEM
C:\Program Files\Serif
C:\Program Files\Services en ligne
C:\Program Files\Shockwave.com
C:\Program Files\Sierra On-Line
C:\Program Files\SightSpeed
C:\Program Files\SiSLan
C:\Program Files\SkinMaker1.1
C:\Program Files\Skype
C:\Program Files\SmartSound Software
C:\Program Files\StofWare
C:\Program Files\Symantec
C:\Program Files\SystemRequirementsLab
C:\Program Files\TestLAB 2003 Express
C:\Program Files\TGTSoft
C:\Program Files\TryMedia
C:\Program Files\Ubisoft
C:\Program Files\UNWISE.EXE
C:\Program Files\Wanadoo
C:\Program Files\Wanadoo Messager
C:\Program Files\Wanadoo Photo
C:\Program Files\WinASPI
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\DESIGNER
C:\Program Files\Fichiers communs\DirectX
C:\Program Files\Fichiers communs\Hewlett-Packard
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Macrovision Shared
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Skype
C:\Program Files\Fichiers communs\Softwin
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\Symantec Shared
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-08 19:54:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\xdjfjszc_navps.dat
! EGDACCESS !
--------------------[ Fin du rapport a 19:54:31,82 ]----------------------
Re,
Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.
L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)
Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"
Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.
Répondre à Angeldark
j'ai effectué l'option 2 de navilog 1 et je n'ai pas eu le mesage suivant:
"*** Nettoyage Termine le ..... ***" et le bloc note n'est pas apparu.
voici le nouveau rapport Hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 20:36:15, on 08/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
D:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\$NtUninstallMSCompPackV1$\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Borland\InterBase\Bin\ibguard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Borland\InterBase\Bin\ibserver.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [USBToolTip] "D:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\body axis.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pense-bête.lnk = D:\PrintMaster\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presen [...] Ephoto.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo. [...] ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/conten [...] loader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectCohr) - Unknown owner - c:\windows\system32\directx.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibguard.exe
O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Mieux non ?
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
voici le rapport d'antivir
AntiVir PersonalEdition Classic
Report file date: mardi 8 janvier 2008 21:32
Scanning for 1017413 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TONDUSSO-0MMCO3
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 20:27:17
ANTIVIR2.VDF : 7.0.1.205 620544 Bytes 08/01/2008 20:27:17
ANTIVIR3.VDF : 7.0.1.208 9728 Bytes 08/01/2008 20:27:17
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 08/01/2008 20:27:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 08/01/2008 20:27:18
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 8 janvier 2008 21:32
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'YzShadow.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'TICIcon.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'hgcctl95.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'IconMgr.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'V0220Mon.exe' - '1' Module(s) have been scanned
Scan process 'StartFX.exe' - '1' Module(s) have been scanned
Scan process 'pinmenu.exe' - '1' Module(s) have been scanned
Scan process 'CnxMon.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'USBTip.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAEE.EXE' - '1' Module(s) have been scanned
Scan process 'WkUFind.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'mixer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ibserver.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SAgent4.exe' - '1' Module(s) have been scanned
Scan process 'NOPDB.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'NPROTECT.EXE' - '1' Module(s) have been scanned
Scan process 'ibguard.exe' - '1' Module(s) have been scanned
Scan process 'E_S00RP1.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
62 processes with 62 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '52' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Théo\Application Data\dog nurb debug\boob spam cast fork.exe
[DETECTION] Is the Trojan horse TR/Inject.PV
[INFO] The file was moved to '47f2e08d.qua'!
C:\Documents and Settings\Théo\Application Data\dog nurb debug\mnbgoyir.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5352
[INFO] The file was moved to '47e5e08f.qua'!
C:\Documents and Settings\Théo\Application Data\dog nurb debug\online tool.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[INFO] The file was moved to '47efe092.qua'!
C:\Program Files\Lop SD\Backup-Lop\S-D\mhycdmtz.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47fce500.qua'!
C:\Program Files\Lop SD\Backup-Lop\S-D\online tool.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.MW
[INFO] The file was moved to '47efe50a.qua'!
C:\Program Files\MultiMedia Toolbar\MultiMedia - Installer.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.8
[INFO] The file was moved to '47efe5bd.qua'!
C:\RECYCLER\NPROTECT\00001324.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5436
[INFO] The file was moved to '47b3e5e4.qua'!
C:\RECYCLER\NPROTECT\00001328.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47b3e5e8.qua'!
C:\RECYCLER\NPROTECT\00001329.EXE
[DETECTION] Is the Trojan horse TR/Obfuscated.MW
[INFO] The file was moved to '47b3e5ec.qua'!
C:\RECYCLER\NPROTECT\00002572.EXE
[DETECTION] Is the Trojan horse TR/Inject.PV
[INFO] The file was moved to '47b3e602.qua'!
C:\RECYCLER\NPROTECT\00002575.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5352
[INFO] The file was moved to '47b3e604.qua'!
C:\RECYCLER\NPROTECT\00002578.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[INFO] The file was moved to '47b3e605.qua'!
C:\RECYCLER\NPROTECT\00002581.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47b3e606.qua'!
C:\RECYCLER\NPROTECT\00002584.EXE
[DETECTION] Is the Trojan horse TR/Obfuscated.MW
[INFO] The file was moved to '47b3e609.qua'!
C:\RECYCLER\NPROTECT\00002587.EXE
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.8
[INFO] The file was moved to '47b3e60b.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP59\A0019514.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e60e.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP59\A0020516.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e616.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP63\A0022762.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e622.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP64\A0022872.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e628.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP64\A0022873.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e62a.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP64\A0022914.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e62d.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP66\A0023096.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[INFO] The file was moved to '47b3e638.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP66\A0023247.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5368
[INFO] The file was moved to '47b3e63e.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP66\A0023424.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e642.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP67\A0023832.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[INFO] The file was moved to '47b3e64c.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP68\A0023844.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e651.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP75\A0023954.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5436
[INFO] The file was moved to '47b3e65c.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP75\A0023955.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47b3e65f.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP75\A0024098.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5436
[INFO] The file was moved to '47b3e667.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP75\A0024099.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5424
[INFO] The file was moved to '47b3e668.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP75\A0024101.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5368
[INFO] The file was moved to '47b3e66a.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP80\A0024587.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e67e.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP80\A0024626.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[INFO] The file was moved to '47b3e682.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP81\A0024640.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5436
[INFO] The file was moved to '47b3e685.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP85\A0025414.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e69d.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP86\A0025443.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e6a2.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP86\A0025502.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47b3e6a8.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025565.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5436
[INFO] The file was moved to '47b3e6ad.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025566.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47b3e6af.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025567.EXE
[DETECTION] Is the Trojan horse TR/Obfuscated.MW
[INFO] The file was moved to '47b3e6b1.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025568.EXE
[DETECTION] Is the Trojan horse TR/Inject.PV
[INFO] The file was moved to '47b3e6b3.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025569.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5352
[INFO] The file was moved to '47b3e6b5.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025570.EXE
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5402
[INFO] The file was moved to '47b3e6b7.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025571.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5437
[INFO] The file was moved to '47b3e6b9.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025572.EXE
[DETECTION] Is the Trojan horse TR/Obfuscated.MW
[INFO] The file was moved to '47b3e6bb.qua'!
C:\System Volume Information\_restore{8F06E46F-2C7B-453E-AD26-878B6D91DE6E}\RP87\A0025573.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.8
[INFO] The file was moved to '47b3e6bc.qua'!
C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\IEXPLORE.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47dbe747.qua'!
C:\WINDOWS\$NtUninstallMSCompPackV1$\IEXPLORE.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47dbe74b.qua'!
C:\WINDOWS\system32\directx.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Rukap.BS.3 Backdoor server programs
[INFO] The file was moved to '47f5eabe.qua'!
C:\WINDOWS\system32\ksdaneximh.exe.ren
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e7eadf.qua'!
C:\WINDOWS\system32\xdjfjszc.exe.ren
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47edeb06.qua'!
C:\WINDOWS\system32\zsegczsw.exe.ren
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47e8eb19.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7005.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\'
Begin scan in 'H:\'
Begin scan in 'I:\'
End of the scan: mardi 8 janvier 2008 23:18
Used time: 1:46:30 min
The scan has been done completely.
12062 Scanning directories
553180 Files were scanned
52 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
52 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
553128 Files not concerned
3624 Archives were scanned
9 Warnings
11 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
Bonjour Angeldark
voiçi le rapport Hijackthis et merçi encore pour ton aide
Logfile of HijackThis v1.99.1
Scan saved at 19:37:13, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Borland\InterBase\Bin\ibguard.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Borland\InterBase\Bin\ibserver.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
D:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PROMT5\INTEGRAL\pinmenu.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\System32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [USBToolTip] "D:\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Online chin internet bolt] C:\Documents and Settings\All Users\Application Data\Bags Plus Online Chin\body axis.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] C:\Program Files\Fichiers communs\Symantec Shared\CfgWiz.exe /GUID {DA9935BA-22F7-44ee-BD12-BD8B87700BEA}
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Pense-bête.lnk = D:\PrintMaster\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/r [...] se4009.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] eqlab2.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://jeuxvideo.wanadoo.fr/components/Metaboli.ocx
O16 - DPF: {7DA181BB-EF8D-4A7E-8C53-7BFC718EF71D} (Upload Class) - http://photos.wanadoo.fr/al/presen [...] Ephoto.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://www.securitoo.com/fra/pages/navol/fscax.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://tours.trafic.ville.wanadoo. [...] ontrol.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/conten [...] loader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DirectX Service (DirectCohr) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibguard.exe
O23 - Service: InterBaseServer - Inprise Corporation - C:\Program Files\Borland\InterBase\Bin\ibserver.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
Refais un scan LopS&D option 1 
Répondre à Angeldark
-----------------------------[ Lop S&D 2.0.2.b ]---------------------------
Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
"C:\Program Files\Lop SD"
[ 09/01/2008 | 20:29:27,68 ] [ TONDUSSO-0MMCO3 ]
-------------[ Listing des dossiers dans Application Data ]------------
C:\Documents and Settings\Administrateur\APPLIC~1\desktop.ini
C:\Documents and Settings\Administrateur\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\addr_file.html
C:\Documents and Settings\All Users\APPLIC~1\Avira
C:\Documents and Settings\All Users\APPLIC~1\Bags Plus Online Chin
C:\Documents and Settings\All Users\APPLIC~1\Windows Live Toolbar
C:\Documents and Settings\All Users\APPLIC~1\VMware
C:\Documents and Settings\All Users\APPLIC~1\TechSmith
C:\Documents and Settings\All Users\APPLIC~1\ezsid.dat
C:\Documents and Settings\All Users\APPLIC~1\Skype
C:\Documents and Settings\All Users\APPLIC~1\nHancer
C:\Documents and Settings\All Users\APPLIC~1\NVIDIA
C:\Documents and Settings\All Users\APPLIC~1\TEMP
C:\Documents and Settings\All Users\APPLIC~1\nView_Profiles
C:\Documents and Settings\All Users\APPLIC~1\Adobe
C:\Documents and Settings\All Users\APPLIC~1\Creative
C:\Documents and Settings\All Users\APPLIC~1\Microsoft
C:\Documents and Settings\All Users\APPLIC~1\Apple Computer
C:\Documents and Settings\All Users\APPLIC~1\WinAntiVirus Pro 2006
C:\Documents and Settings\All Users\APPLIC~1\Trymedia
C:\Documents and Settings\All Users\APPLIC~1\MSN6
C:\Documents and Settings\All Users\APPLIC~1\Emjysoft
C:\Documents and Settings\All Users\APPLIC~1\UDL
C:\Documents and Settings\All Users\APPLIC~1\Exetender
C:\Documents and Settings\All Users\APPLIC~1\DVD Shrink
C:\Documents and Settings\All Users\APPLIC~1\Ciel
C:\Documents and Settings\All Users\APPLIC~1\hpzinstall.log
C:\Documents and Settings\All Users\APPLIC~1\HP
C:\Documents and Settings\All Users\APPLIC~1\Hewlett-Packard
C:\Documents and Settings\All Users\APPLIC~1\QTSBandwidthCache
C:\Documents and Settings\All Users\APPLIC~1\Windows Genuine Advantage
C:\Documents and Settings\All Users\APPLIC~1\Symantec
C:\Documents and Settings\All Users\APPLIC~1\Logitech
C:\Documents and Settings\All Users\APPLIC~1\SmartSound Software Inc
C:\Documents and Settings\All Users\APPLIC~1\Pinnacle
C:\Documents and Settings\All Users\APPLIC~1\Macrovision
C:\Documents and Settings\All Users\APPLIC~1\Ahead
C:\Documents and Settings\All Users\APPLIC~1\desktop.ini
C:\Documents and Settings\All Users\APPLIC~1\CyberLink
C:\Documents and Settings\All Users\APPLIC~1\Knowledge Adventure
C:\Documents and Settings\All Users\APPLIC~1\QuickTime
C:\Documents and Settings\Christ\APPLIC~1\dog nurb debug
C:\Documents and Settings\Christ\APPLIC~1\Microsoft
C:\Documents and Settings\Christ\APPLIC~1\Skype
C:\Documents and Settings\Christ\APPLIC~1\skypePM
C:\Documents and Settings\Christ\APPLIC~1\AquaNox
C:\Documents and Settings\Christ\APPLIC~1\Sun
C:\Documents and Settings\Christ\APPLIC~1\Adobe
C:\Documents and Settings\Christ\APPLIC~1\fltk.org
C:\Documents and Settings\Christ\APPLIC~1\LimeWire
C:\Documents and Settings\Christ\APPLIC~1\Styler
C:\Documents and Settings\Christ\APPLIC~1\Stardock
C:\Documents and Settings\Christ\APPLIC~1\gtopala
C:\Documents and Settings\Christ\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\Christ\APPLIC~1\TaoUSign
C:\Documents and Settings\Christ\APPLIC~1\Creative
C:\Documents and Settings\Christ\APPLIC~1\AdobeUM
C:\Documents and Settings\Christ\APPLIC~1\DivX
C:\Documents and Settings\Christ\APPLIC~1\MSN6
C:\Documents and Settings\Christ\APPLIC~1\Emjysoft
C:\Documents and Settings\Christ\APPLIC~1\EPSON
C:\Documents and Settings\Christ\APPLIC~1\Ahead
C:\Documents and Settings\Christ\APPLIC~1\Leadertech
C:\Documents and Settings\Christ\APPLIC~1\HP
C:\Documents and Settings\Christ\APPLIC~1\Common Files
C:\Documents and Settings\Christ\APPLIC~1\Google
C:\Documents and Settings\Christ\APPLIC~1\Real
C:\Documents and Settings\Christ\APPLIC~1\Apple Computer
C:\Documents and Settings\Christ\APPLIC~1\Macromedia
C:\Documents and Settings\Christ\APPLIC~1\NeroVision
C:\Documents and Settings\Christ\APPLIC~1\CyberLink
C:\Documents and Settings\Christ\APPLIC~1\wklnhst.dat
C:\Documents and Settings\Christ\APPLIC~1\Help
C:\Documents and Settings\Christ\APPLIC~1\Logitech
C:\Documents and Settings\Christ\APPLIC~1\Lavasoft
C:\Documents and Settings\Christ\APPLIC~1\Identities
C:\Documents and Settings\Christ\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\desktop.ini
C:\Documents and Settings\Default User\APPLIC~1\Microsoft
C:\Documents and Settings\Hugo\APPLIC~1\Microsoft
C:\Documents and Settings\Hugo\APPLIC~1\Lavasoft
C:\Documents and Settings\Hugo\APPLIC~1\Styler
C:\Documents and Settings\Hugo\APPLIC~1\Creative
C:\Documents and Settings\Hugo\APPLIC~1\DivX
C:\Documents and Settings\Hugo\APPLIC~1\Adobe
C:\Documents and Settings\Hugo\APPLIC~1\Real
C:\Documents and Settings\Hugo\APPLIC~1\Macromedia
C:\Documents and Settings\Hugo\APPLIC~1\Apple Computer
C:\Documents and Settings\Hugo\APPLIC~1\Logitech
C:\Documents and Settings\Hugo\APPLIC~1\Identities
C:\Documents and Settings\Hugo\APPLIC~1\desktop.ini
C:\Documents and Settings\LocalService\APPLIC~1\VMware
C:\Documents and Settings\LocalService\APPLIC~1\Microsoft
C:\Documents and Settings\LocalService\APPLIC~1\Webroot
C:\Documents and Settings\NetworkService\APPLIC~1\VMware
C:\Documents and Settings\NetworkService\APPLIC~1\Symantec
C:\Documents and Settings\NetworkService\APPLIC~1\Microsoft
C:\Documents and Settings\Th‚o\APPLIC~1\dog nurb debug
C:\Documents and Settings\Th‚o\APPLIC~1\SparkleXP
C:\Documents and Settings\Th‚o\APPLIC~1\Microsoft
C:\Documents and Settings\Th‚o\APPLIC~1\VMware
C:\Documents and Settings\Th‚o\APPLIC~1\Adobe
C:\Documents and Settings\Th‚o\APPLIC~1\fltk.org
C:\Documents and Settings\Th‚o\APPLIC~1\Styler
C:\Documents and Settings\Th‚o\APPLIC~1\CyberLink
C:\Documents and Settings\Th‚o\APPLIC~1\Logitech
C:\Documents and Settings\Th‚o\APPLIC~1\Help
C:\Documents and Settings\Th‚o\APPLIC~1\Creative
C:\Documents and Settings\Th‚o\APPLIC~1\Sierra
C:\Documents and Settings\Th‚o\APPLIC~1\DivX
C:\Documents and Settings\Th‚o\APPLIC~1\MSN6
C:\Documents and Settings\Th‚o\APPLIC~1\Ahead
C:\Documents and Settings\Th‚o\APPLIC~1\Google
C:\Documents and Settings\Th‚o\APPLIC~1\Emjysoft
C:\Documents and Settings\Th‚o\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\Th‚o\APPLIC~1\AdobeUM
C:\Documents and Settings\Th‚o\APPLIC~1\wklnhst.dat
C:\Documents and Settings\Th‚o\APPLIC~1\Webroot
C:\Documents and Settings\Th‚o\APPLIC~1\Apple Computer
C:\Documents and Settings\Th‚o\APPLIC~1\Symantec
C:\Documents and Settings\Th‚o\APPLIC~1\Real
C:\Documents and Settings\Th‚o\APPLIC~1\Macromedia
C:\Documents and Settings\Th‚o\APPLIC~1\The Labyrinth Plus! Edition
C:\Documents and Settings\Th‚o\APPLIC~1\Identities
C:\Documents and Settings\Th‚o\APPLIC~1\desktop.ini
C:\Documents and Settings\v‚ro_2\APPLIC~1\Skype
C:\Documents and Settings\v‚ro_2\APPLIC~1\skypePM
C:\Documents and Settings\v‚ro_2\APPLIC~1\dog nurb debug
C:\Documents and Settings\v‚ro_2\APPLIC~1\Microsoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\Lavasoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\Sun
C:\Documents and Settings\v‚ro_2\APPLIC~1\Ahead
C:\Documents and Settings\v‚ro_2\APPLIC~1\Styler
C:\Documents and Settings\v‚ro_2\APPLIC~1\Creative
C:\Documents and Settings\v‚ro_2\APPLIC~1\Adobe
C:\Documents and Settings\v‚ro_2\APPLIC~1\DivX
C:\Documents and Settings\v‚ro_2\APPLIC~1\MSN6
C:\Documents and Settings\v‚ro_2\APPLIC~1\Emjysoft
C:\Documents and Settings\v‚ro_2\APPLIC~1\IDS_COMPANY
C:\Documents and Settings\v‚ro_2\APPLIC~1\wklnhst.dat
C:\Documents and Settings\v‚ro_2\APPLIC~1\Help
C:\Documents and Settings\v‚ro_2\APPLIC~1\Apple Computer
C:\Documents and Settings\v‚ro_2\APPLIC~1\AdobeUM
C:\Documents and Settings\v‚ro_2\APPLIC~1\Macromedia
C:\Documents and Settings\v‚ro_2\APPLIC~1\Real
C:\Documents and Settings\v‚ro_2\APPLIC~1\Identities
C:\Documents and Settings\v‚ro_2\APPLIC~1\Logitech
C:\Documents and Settings\v‚ro_2\APPLIC~1\desktop.ini
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[09/01/2008 18:07][--ah-----]C:\WINDOWS\tasks\SA.DAT
[24/04/2003 13:00][-r-h-----]C:\WINDOWS\tasks\desktop.ini
---------------[ Listing des dossiers dans C:\Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\Audacity
C:\Program Files\Avira
C:\Program Files\Axis Communications
C:\Program Files\Borland
C:\Program Files\BurnInTest
C:\Program Files\CCleaner
C:\Program Files\C-Media 3D Audio
C:\Program Files\Common Files
C:\Program Files\Creative
C:\Program Files\CyberLink
C:\Program Files\CyberLink DVD Solution
C:\Program Files\DivX
C:\Program Files\DivXCodec
C:\Program Files\DOSBox-0.65
C:\Program Files\DOSBox-0.70
C:\Program Files\DVD Decrypter
C:\Program Files\DVD Shrink
C:\Program Files\EPSON
C:\Program Files\Fichiers communs
C:\Program Files\GALLIMARD
C:\Program Files\Hercules
C:\Program Files\HighMAT CD Writing Wizard
C:\Program Files\Hijackthis Version Fran‡aise
C:\Program Files\iColorFolder
C:\Program Files\IncrediMail
C:\Program Files\InterActual
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\Lavalys
C:\Program Files\LightSurf
C:\Program Files\LiveUpdate
C:\Program Files\Logitech
C:\Program Files\Lop SD
C:\Program Files\Micro Application
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Money
C:\Program Files\Microsoft Money 2005
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Plus!
C:\Program Files\Microsoft Virtual PC Trial
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft Works Suite 2004
C:\Program Files\Microsoft.NET
C:\Program Files\Movie Maker
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\MultiMedia Toolbar
C:\Program Files\MUSICMATCH
C:\Program Files\Navilog1
C:\Program Files\NetMeeting
C:\Program Files\Norton SystemWorks
C:\Program Files\OfficeUpdate11
C:\Program Files\OO Software
C:\Program Files\orange
C:\Program Files\Outlook Express
C:\Program Files\Overland
C:\Program Files\Pinnacle
C:\Program Files\Player Metaboli
C:\Program Files\PROMT5
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RegCleaner
C:\Program Files\SAGEM
C:\Program Files\Serif
C:\Program Files\Services en ligne
C:\Program Files\Shockwave.com
C:\Program Files\Sierra On-Line
C:\Program Files\SightSpeed
C:\Program Files\SiSLan
C:\Program Files\SkinMaker1.1
C:\Program Files\Skype
C:\Program Files\SmartSound Software
C:\Program Files\StofWare
C:\Program Files\Symantec
C:\Program Files\SystemRequirementsLab
C:\Program Files\TestLAB 2003 Express
C:\Program Files\TGTSoft
C:\Program Files\TryMedia
C:\Program Files\Ubisoft
C:\Program Files\UNWISE.EXE
C:\Program Files\Wanadoo
C:\Program Files\Wanadoo Messager
C:\Program Files\Wanadoo Photo
C:\Program Files\WinASPI
C:\Program Files\Windows Live Safety Center
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
C:\Program Files\Fichiers communs\Adobe
C:\Program Files\Fichiers communs\Ahead
C:\Program Files\Fichiers communs\DESIGNER
C:\Program Files\Fichiers communs\DirectX
C:\Program Files\Fichiers communs\Hewlett-Packard
C:\Program Files\Fichiers communs\InstallShield
C:\Program Files\Fichiers communs\Java
C:\Program Files\Fichiers communs\Logitech
C:\Program Files\Fichiers communs\Macrovision Shared
C:\Program Files\Fichiers communs\Microsoft Shared
C:\Program Files\Fichiers communs\MSSoap
C:\Program Files\Fichiers communs\ODBC
C:\Program Files\Fichiers communs\Real
C:\Program Files\Fichiers communs\Services
C:\Program Files\Fichiers communs\Skype
C:\Program Files\Fichiers communs\Softwin
C:\Program Files\Fichiers communs\SpeechEngines
C:\Program Files\Fichiers communs\Symantec Shared
C:\Program Files\Fichiers communs\System
C:\Program Files\Fichiers communs\Wise Installation Wizard
C:\Program Files\Fichiers communs\xing shared
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 20:31:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
C:\WINDOWS\system32\xdjfjszc_navps.dat
! EGDACCESS !
--------------------[ Fin du rapport a 20:31:35,71 ]----------------------
Re,
Tu sais zipper un dossier ?
Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES
R3 - URLSearchHook: (no name) - {CE000994-A58C-4441-8938-744CD72AB27F} - (no file)
|
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Sélectionne tous les emplacements dans le cadre ci-dessous :
C:\Documents and Settings\All Users\APPLIC~1\Bags Plus Online Chin
|
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
Répondre à Angeldark
oui je sais zipper un dossier avec winrar
voiçi le rapport
Folder cleanup failed. C:\Documents and Settings\All Users\APPLIC~1\Bags Plus Online Chin scheduled to be deleted on reboot.
C:\Documents and Settings\All Users\APPLIC~1\WinAntiVirus Pro 2006 moved successfully.
C:\Documents and Settings\Christ\APPLIC~1\dog nurb debug moved successfully.
C:\Documents and Settings\Théo\APPLIC~1\dog nurb debug moved successfully.
C:\Documents and Settings\véro_2\APPLIC~1\dog nurb debug moved successfully.
C:\WINDOWS\system32\xdjfjszc_navps.dat moved successfully.
Created on 01/09/2008 21:04:40
Tu peux zipper le dossier suivant et l'uploader sur sendspace ?
C:\_OTMoveIt\MovedFiles
Répondre à Angeldark
que veut tu dire par :" l'uploader sur sendspace "
Tu vas sur sur le site Sendspace et tu crées un lien de ton fichier .zip
Répondre à Angeldark
Je viens de faire ce que tu m'as demandé, pas de problème et maintenant quel va etre la suite, cela fait presque 2 heures que je suit sur le net et pas une seule pub n'est apparue.
Le lien du zip sendspace ?
Répondre à Angeldark
Tu as d'autres soucis ?
Répondre à Angeldark
non merçi pour ton aide précieuse, mais pourquoi avoir envoyé le fichier OTMoveIt\MovedFiles sur sendspace qui est un site US.
Re,
Ce dossier va nous permettre de développer LopS&D 
Répondre à Angeldark
Il y a 1777 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
