Win32:BHO-KD
Dernière réponse : dans Sécurité
au secour les amis... bonsoir deja... mais heu... mon pc est infecté par le cheval de troi suivant... : Win32:BHO-KD
que faire???
aidez moi s'il vous plais... merci...
que faire???
aidez moi s'il vous plais... merci...
Autres pages sur : win32 bho
Lassé par la pub ? Créez un compte
bonsoir
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44:39, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and Settings\All Users\Application Data\grey ante kind mess\Plan Eq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 11006 bytes
Scan saved at 21:44:39, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp\Répertoire temporaire 3 pour hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: IntelligentAdvisor - {6548BF73-58FF-71D5-F97D-17C71E323709} - C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and Settings\All Users\Application Data\grey ante kind mess\Plan Eq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 11006 bytes
ok
Télécharge BTFix de Bibi26.
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Télécharge BTFix de Bibi26.
BTFix 1.079 (par bibi26) - 20/02/2008 22:03:55 - Analyse
Lancé depuis C:\Documents and Settings\pauline bocquet\Bureau\btfix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\WINDOWS\system32\adssite-remove.exe
- C:\WINDOWS\system32\rightonadz-uninst.exe
- C:\WINDOWS\system32\adssite_sidebar.dll
- C:\WINDOWS\system32\mysidesearch_sidebar.dll
- C:\Program Files\IntelligentAdvisor\
---> Analyse terminée
Lancé depuis C:\Documents and Settings\pauline bocquet\Bureau\btfix\BTFix\BTFix.exe
---> Fichiers/Dossiers trouvés
- C:\WINDOWS\system32\adssite-remove.exe
- C:\WINDOWS\system32\rightonadz-uninst.exe
- C:\WINDOWS\system32\adssite_sidebar.dll
- C:\WINDOWS\system32\mysidesearch_sidebar.dll
- C:\Program Files\IntelligentAdvisor\
---> Analyse terminée
BTFix 1.079 (par bibi26) - 20/02/2008 22:06:42 - Nettoyage - Mode normal
Lancé depuis C:\Documents and Settings\pauline bocquet\Bureau\btfix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\WINDOWS\system32\adssite-remove.exe
- C:\WINDOWS\system32\rightonadz-uninst.exe
- C:\WINDOWS\system32\adssite_sidebar.dll
- C:\WINDOWS\system32\mysidesearch_sidebar.dll
- C:\Program Files\IntelligentAdvisor\
---> Nettoyage terminé
Lancé depuis C:\Documents and Settings\pauline bocquet\Bureau\btfix\BTFix\BTFix.exe
---> Fichiers/dossiers supprimés (Première passe)
- Fichiers temporaires effacés
- C:\WINDOWS\system32\adssite-remove.exe
- C:\WINDOWS\system32\rightonadz-uninst.exe
- C:\WINDOWS\system32\adssite_sidebar.dll
- C:\WINDOWS\system32\mysidesearch_sidebar.dll
- C:\Program Files\IntelligentAdvisor\
---> Nettoyage terminé
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:28, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and Settings\All Users\Application Data\grey ante kind mess\Plan Eq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 10480 bytes
Scan saved at 22:10:28, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp\Répertoire temporaire 4 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
O4 - HKLM\..\Run: [Kind Mess Surf Settings] C:\Documents and Settings\All Users\Application Data\grey ante kind mess\Plan Eq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [road draw] C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\DVD OPTION START.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 10480 bytes
ok
Télécharge Lop S&D.exe sur ton bureau
Double-clique dessus pour lancer l'installation
Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
Séléctionne la langue souhaitée , puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
Télécharge Lop S&D.exe sur ton bureau
( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
-----------------------------[ Lop S&D 2.3.6 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : pauline bocquet ] [ "C:\Program Files\Lop SD" ]
[ 20/02/2008 | 22:19:30,94 ] [ PC : PAULINE ]
[ MAJ : 20-02-2008 | 21:11 ]
-------------[ Listing des dossiers dans Application Data ]------------
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[29/09/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/09/2007|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[02/08/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[09/09/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14/02/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess
[12/10/2007|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[02/08/2005|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[13/01/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[04/11/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/02/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/12/2007|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[02/08/2005|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/08/2005|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[09/09/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/12/2007|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[26/10/2007|19:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[02/08/2005|09:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[07/02/2008|21:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\.
[07/02/2008|21:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\..
[27/01/2008|20:45] C:\DOCUME~1\PAULIN~1\APPLIC~1\Adobe
[13/10/2007|19:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\AdobeUM
[22/09/2005|16:20] C:\DOCUME~1\PAULIN~1\APPLIC~1\ATI
[07/02/2008|21:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Azureus
[15/09/2007|11:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Creative
[02/08/2005|11:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\desktop.ini
[09/09/2007|11:04] C:\DOCUME~1\PAULIN~1\APPLIC~1\DivX
[14/02/2008|18:59] C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide
[29/09/2007|18:56] C:\DOCUME~1\PAULIN~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\PAULIN~1\APPLIC~1\Identities
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Leadertech
[14/02/2008|21:38] C:\DOCUME~1\PAULIN~1\APPLIC~1\LimeWire
[09/09/2007|08:03] C:\DOCUME~1\PAULIN~1\APPLIC~1\Macromedia
[02/12/2007|11:30] C:\DOCUME~1\PAULIN~1\APPLIC~1\Microsoft
[13/01/2008|12:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\Morpheus Software
[13/02/2008|18:54] C:\DOCUME~1\PAULIN~1\APPLIC~1\Protector Suite
[26/09/2007|14:39] C:\DOCUME~1\PAULIN~1\APPLIC~1\Samsung
[30/12/2007|23:00] C:\DOCUME~1\PAULIN~1\APPLIC~1\setup_fr[1].exe
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sonic
[30/11/2007|19:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sony Corporation
[09/09/2007|10:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sun
[26/07/2007|00:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Symantec
[12/10/2007|19:22] C:\DOCUME~1\PAULIN~1\APPLIC~1\Template
[17/12/2007|20:16] C:\DOCUME~1\PAULIN~1\APPLIC~1\Todae
[11/12/2007|18:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\wklnhst.dat
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[20/02/2008 22:00][--ah-----] C:\WINDOWS\tasks\A6E59072918A007A.job [--284--]
[20/02/2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions hp photosmart 7700 series.job [--370--]
[20/02/2008 19:00][--a------] C:\WINDOWS\tasks\HP Usg Daily.job [--362--]
[20/02/2008 18:57][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[20/02/2008|22:19] C:\Program Files\.
[20/02/2008|22:19] C:\Program Files\..
[11/12/2007|11:58] C:\Program Files\Adobe
[09/09/2007|08:10] C:\Program Files\Alwil Software
[02/09/2005|16:50] C:\Program Files\Apoint2K
[22/09/2005|16:17] C:\Program Files\ATI Technologies
[02/08/2005|09:54] C:\Program Files\CONEXANT
[15/09/2007|09:45] C:\Program Files\Creative
[14/12/2007|13:52] C:\Program Files\DivX
[03/01/2008|22:56] C:\Program Files\Fichiers communs
[14/02/2008|18:58] C:\Program Files\Ford Error Hide
[07/03/2006|09:05] C:\Program Files\GDS
[09/09/2007|12:25] C:\Program Files\Google
[05/11/2007|13:04] C:\Program Files\Guitar Pro 5
[12/10/2007|22:00] C:\Program Files\Hewlett-Packard
[12/10/2007|21:59] C:\Program Files\HP
[03/01/2008|23:04] C:\Program Files\Incomplete
[24/01/2008|18:52] C:\Program Files\InstallShield Installation Information
[02/08/2005|12:16] C:\Program Files\Intel
[14/02/2008|18:56] C:\Program Files\Internet Explorer
[02/08/2005|14:52] C:\Program Files\InterVideo
[09/09/2007|06:59] C:\Program Files\Inventel
[02/08/2005|14:51] C:\Program Files\Java
[03/01/2008|22:46] C:\Program Files\LimeWire
[20/02/2008|22:19] C:\Program Files\Lop SD
[01/12/2007|09:27] C:\Program Files\Maxis
[02/08/2005|10:00] C:\Program Files\Messenger
[23/12/2007|20:15] C:\Program Files\Messenger Plus! Live
[13/10/2007|09:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/08/2005|09:48] C:\Program Files\microsoft frontpage
[08/02/2008|21:53] C:\Program Files\Microsoft Office
[01/12/2007|20:51] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|09:05] C:\Program Files\Microsoft Works
[02/08/2005|09:46] C:\Program Files\Movie Maker
[17/08/2007|20:01] C:\Program Files\MP3 Player Utilities 3.75
[08/02/2008|21:52] C:\Program Files\MSECache
[02/08/2005|09:45] C:\Program Files\MSN
[02/08/2005|09:45] C:\Program Files\MSN Gaming Zone
[10/09/2007|02:01] C:\Program Files\MSXML 4.0
[02/08/2005|09:46] C:\Program Files\NetMeeting
[02/08/2005|09:45] C:\Program Files\Online Services
[10/09/2007|02:06] C:\Program Files\Outlook Express
[26/12/2007|23:53] C:\Program Files\PlayMP3z
[26/07/2007|00:10] C:\Program Files\Protector Suite QL
[02/09/2007|21:21] C:\Program Files\Raccourcis de programmes
[02/08/2005|10:28] C:\Program Files\Realtek
[26/09/2007|14:37] C:\Program Files\Samsung
[09/09/2007|07:20] C:\Program Files\Securitoo
[02/08/2005|09:47] C:\Program Files\Services en ligne
[26/07/2007|00:08] C:\Program Files\Sony
[29/09/2007|20:18] C:\Program Files\Steam
[09/09/2007|09:57] C:\Program Files\Symantec
[02/08/2005|09:51] C:\Program Files\Uninstall Information
[02/08/2005|14:53] C:\Program Files\Utimaco
[18/12/2007|19:51] C:\Program Files\Vista Start Menu
[20/02/2008|21:21] C:\Program Files\Wanadoo
[07/03/2006|08:57] C:\Program Files\Webex
[07/02/2008|21:09] C:\Program Files\Windows Live
[08/02/2008|11:12] C:\Program Files\Windows Live Toolbar
[26/10/2007|19:24] C:\Program Files\Windows Media Connect 2
[20/01/2008|16:07] C:\Program Files\Windows Media Player
[02/08/2005|09:45] C:\Program Files\Windows NT
[02/08/2005|09:47] C:\Program Files\WindowsUpdate
[02/08/2005|09:48] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[03/01/2008|22:56] C:\Program Files\Fichiers communs\.
[03/01/2008|22:56] C:\Program Files\Fichiers communs\..
[29/09/2007|21:16] C:\Program Files\Fichiers communs\Adobe
[07/10/2007|19:30] C:\Program Files\Fichiers communs\InstallShield
[02/08/2005|14:50] C:\Program Files\Fichiers communs\Java
[08/02/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
[02/08/2005|09:46] C:\Program Files\Fichiers communs\MSSoap
[02/08/2005|11:40] C:\Program Files\Fichiers communs\ODBC
[26/07/2007|00:10] C:\Program Files\Fichiers communs\Protector Suite QL
[02/08/2005|09:46] C:\Program Files\Fichiers communs\Services
[26/07/2007|00:11] C:\Program Files\Fichiers communs\Sonic Shared
[02/08/2005|14:51] C:\Program Files\Fichiers communs\Sony Shared
[02/08/2005|11:40] C:\Program Files\Fichiers communs\SpeechEngines
[09/09/2007|10:31] C:\Program Files\Fichiers communs\Symantec Shared
[01/12/2007|09:02] C:\Program Files\Fichiers communs\System
[01/12/2007|20:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\32locksmfcd.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\dmyyiupy.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\DVD OPTION START.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\ibnchqrh.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\nhrratsn.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\nxccaegv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\recttypemapiooze.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\sfpbvodv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\tphffwdq.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\ysbcdyhu.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\32locksmfcd.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\dmyyiupy.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ibnchqrh.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nhrratsn.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nxccaegv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\recttypemapiooze.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\sfpbvodv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\tphffwdq.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ysbcdyhu.exe
C:\Program Files\Ford Error Hide
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\grid hole.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\Plan Eq.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\window hold.exe
C:\WINDOWS\Tasks\A6E59072918A007A.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\fork live bait]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\PAULIN~1\\APPLIC~1\\FORDER~1\\DVD OPTION START.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"road draw"="C:\\DOCUME~1\\PAULIN~1\\APPLIC~1\\FORDER~1\\DVD OPTION START.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kind Mess Surf Settings"="C:\\Documents and Settings\\All Users\\Application Data\\grey ante kind mess\\Plan Eq.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 72 ( 70 ## added by CiD )
/!\ 1 Not 127.0.0.1 !!
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 22:20:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:26][Doss:35] C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp
/!\ [Fich:461][Doss:0] C:\DOCUME~1\PAULIN~1\Cookies
/!\ [Fich:5530][Doss:26] C:\DOCUME~1\PAULIN~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 22:21:02,58 ]----------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : pauline bocquet ] [ "C:\Program Files\Lop SD" ]
[ 20/02/2008 | 22:19:30,94 ] [ PC : PAULINE ]
[ MAJ : 20-02-2008 | 21:11 ]
-------------[ Listing des dossiers dans Application Data ]------------
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[29/09/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/09/2007|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[02/08/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[09/09/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[14/02/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess
[12/10/2007|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[02/08/2005|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[13/01/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[04/11/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/02/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/12/2007|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[02/08/2005|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/08/2005|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[09/09/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/12/2007|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[26/10/2007|19:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[02/08/2005|09:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[07/02/2008|21:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\.
[07/02/2008|21:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\..
[27/01/2008|20:45] C:\DOCUME~1\PAULIN~1\APPLIC~1\Adobe
[13/10/2007|19:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\AdobeUM
[22/09/2005|16:20] C:\DOCUME~1\PAULIN~1\APPLIC~1\ATI
[07/02/2008|21:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Azureus
[15/09/2007|11:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Creative
[02/08/2005|11:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\desktop.ini
[09/09/2007|11:04] C:\DOCUME~1\PAULIN~1\APPLIC~1\DivX
[14/02/2008|18:59] C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide
[29/09/2007|18:56] C:\DOCUME~1\PAULIN~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\PAULIN~1\APPLIC~1\Identities
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Leadertech
[14/02/2008|21:38] C:\DOCUME~1\PAULIN~1\APPLIC~1\LimeWire
[09/09/2007|08:03] C:\DOCUME~1\PAULIN~1\APPLIC~1\Macromedia
[02/12/2007|11:30] C:\DOCUME~1\PAULIN~1\APPLIC~1\Microsoft
[13/01/2008|12:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\Morpheus Software
[13/02/2008|18:54] C:\DOCUME~1\PAULIN~1\APPLIC~1\Protector Suite
[26/09/2007|14:39] C:\DOCUME~1\PAULIN~1\APPLIC~1\Samsung
[30/12/2007|23:00] C:\DOCUME~1\PAULIN~1\APPLIC~1\setup_fr[1].exe
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sonic
[30/11/2007|19:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sony Corporation
[09/09/2007|10:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sun
[26/07/2007|00:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Symantec
[12/10/2007|19:22] C:\DOCUME~1\PAULIN~1\APPLIC~1\Template
[17/12/2007|20:16] C:\DOCUME~1\PAULIN~1\APPLIC~1\Todae
[11/12/2007|18:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\wklnhst.dat
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[20/02/2008 22:00][--ah-----] C:\WINDOWS\tasks\A6E59072918A007A.job [--284--]
[20/02/2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions hp photosmart 7700 series.job [--370--]
[20/02/2008 19:00][--a------] C:\WINDOWS\tasks\HP Usg Daily.job [--362--]
[20/02/2008 18:57][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[20/02/2008|22:19] C:\Program Files\.
[20/02/2008|22:19] C:\Program Files\..
[11/12/2007|11:58] C:\Program Files\Adobe
[09/09/2007|08:10] C:\Program Files\Alwil Software
[02/09/2005|16:50] C:\Program Files\Apoint2K
[22/09/2005|16:17] C:\Program Files\ATI Technologies
[02/08/2005|09:54] C:\Program Files\CONEXANT
[15/09/2007|09:45] C:\Program Files\Creative
[14/12/2007|13:52] C:\Program Files\DivX
[03/01/2008|22:56] C:\Program Files\Fichiers communs
[14/02/2008|18:58] C:\Program Files\Ford Error Hide
[07/03/2006|09:05] C:\Program Files\GDS
[09/09/2007|12:25] C:\Program Files\Google
[05/11/2007|13:04] C:\Program Files\Guitar Pro 5
[12/10/2007|22:00] C:\Program Files\Hewlett-Packard
[12/10/2007|21:59] C:\Program Files\HP
[03/01/2008|23:04] C:\Program Files\Incomplete
[24/01/2008|18:52] C:\Program Files\InstallShield Installation Information
[02/08/2005|12:16] C:\Program Files\Intel
[14/02/2008|18:56] C:\Program Files\Internet Explorer
[02/08/2005|14:52] C:\Program Files\InterVideo
[09/09/2007|06:59] C:\Program Files\Inventel
[02/08/2005|14:51] C:\Program Files\Java
[03/01/2008|22:46] C:\Program Files\LimeWire
[20/02/2008|22:19] C:\Program Files\Lop SD
[01/12/2007|09:27] C:\Program Files\Maxis
[02/08/2005|10:00] C:\Program Files\Messenger
[23/12/2007|20:15] C:\Program Files\Messenger Plus! Live
[13/10/2007|09:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/08/2005|09:48] C:\Program Files\microsoft frontpage
[08/02/2008|21:53] C:\Program Files\Microsoft Office
[01/12/2007|20:51] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|09:05] C:\Program Files\Microsoft Works
[02/08/2005|09:46] C:\Program Files\Movie Maker
[17/08/2007|20:01] C:\Program Files\MP3 Player Utilities 3.75
[08/02/2008|21:52] C:\Program Files\MSECache
[02/08/2005|09:45] C:\Program Files\MSN
[02/08/2005|09:45] C:\Program Files\MSN Gaming Zone
[10/09/2007|02:01] C:\Program Files\MSXML 4.0
[02/08/2005|09:46] C:\Program Files\NetMeeting
[02/08/2005|09:45] C:\Program Files\Online Services
[10/09/2007|02:06] C:\Program Files\Outlook Express
[26/12/2007|23:53] C:\Program Files\PlayMP3z
[26/07/2007|00:10] C:\Program Files\Protector Suite QL
[02/09/2007|21:21] C:\Program Files\Raccourcis de programmes
[02/08/2005|10:28] C:\Program Files\Realtek
[26/09/2007|14:37] C:\Program Files\Samsung
[09/09/2007|07:20] C:\Program Files\Securitoo
[02/08/2005|09:47] C:\Program Files\Services en ligne
[26/07/2007|00:08] C:\Program Files\Sony
[29/09/2007|20:18] C:\Program Files\Steam
[09/09/2007|09:57] C:\Program Files\Symantec
[02/08/2005|09:51] C:\Program Files\Uninstall Information
[02/08/2005|14:53] C:\Program Files\Utimaco
[18/12/2007|19:51] C:\Program Files\Vista Start Menu
[20/02/2008|21:21] C:\Program Files\Wanadoo
[07/03/2006|08:57] C:\Program Files\Webex
[07/02/2008|21:09] C:\Program Files\Windows Live
[08/02/2008|11:12] C:\Program Files\Windows Live Toolbar
[26/10/2007|19:24] C:\Program Files\Windows Media Connect 2
[20/01/2008|16:07] C:\Program Files\Windows Media Player
[02/08/2005|09:45] C:\Program Files\Windows NT
[02/08/2005|09:47] C:\Program Files\WindowsUpdate
[02/08/2005|09:48] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[03/01/2008|22:56] C:\Program Files\Fichiers communs\.
[03/01/2008|22:56] C:\Program Files\Fichiers communs\..
[29/09/2007|21:16] C:\Program Files\Fichiers communs\Adobe
[07/10/2007|19:30] C:\Program Files\Fichiers communs\InstallShield
[02/08/2005|14:50] C:\Program Files\Fichiers communs\Java
[08/02/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
[02/08/2005|09:46] C:\Program Files\Fichiers communs\MSSoap
[02/08/2005|11:40] C:\Program Files\Fichiers communs\ODBC
[26/07/2007|00:10] C:\Program Files\Fichiers communs\Protector Suite QL
[02/08/2005|09:46] C:\Program Files\Fichiers communs\Services
[26/07/2007|00:11] C:\Program Files\Fichiers communs\Sonic Shared
[02/08/2005|14:51] C:\Program Files\Fichiers communs\Sony Shared
[02/08/2005|11:40] C:\Program Files\Fichiers communs\SpeechEngines
[09/09/2007|10:31] C:\Program Files\Fichiers communs\Symantec Shared
[01/12/2007|09:02] C:\Program Files\Fichiers communs\System
[01/12/2007|20:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
----------------------[ Recherche avec S_Lop ]---------------------
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\32locksmfcd.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\dmyyiupy.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\DVD OPTION START.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\ibnchqrh.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\nhrratsn.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\nxccaegv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\recttypemapiooze.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\sfpbvodv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\tphffwdq.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\FORDER~1\ysbcdyhu.exe
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\32locksmfcd.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\dmyyiupy.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ibnchqrh.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nhrratsn.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nxccaegv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\recttypemapiooze.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\sfpbvodv.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\tphffwdq.exe
C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ysbcdyhu.exe
C:\Program Files\Ford Error Hide
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\grid hole.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\Plan Eq.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\window hold.exe
C:\WINDOWS\Tasks\A6E59072918A007A.job
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\uninstall\fork live bait]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\PAULIN~1\\APPLIC~1\\FORDER~1\\DVD OPTION START.exe -uninstall"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"road draw"="C:\\DOCUME~1\\PAULIN~1\\APPLIC~1\\FORDER~1\\DVD OPTION START.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kind Mess Surf Settings"="C:\\Documents and Settings\\All Users\\Application Data\\grey ante kind mess\\Plan Eq.exe"
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 72 ( 70 ## added by CiD )
/!\ 1 Not 127.0.0.1 !!
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 22:20:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:26][Doss:35] C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp
/!\ [Fich:461][Doss:0] C:\DOCUME~1\PAULIN~1\Cookies
/!\ [Fich:5530][Doss:26] C:\DOCUME~1\PAULIN~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 22:21:02,58 ]----------------------
ok
on continue![:)]( ":)")
1
Relance Lop S&D
Choisis cette fois ci l'Option 2 ( Suppression )
Ne ferme pas la fenêtre lors de la suppression !
Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
2
ajoute un nouveau log hijackthis
on continue
1
Relance Lop S&D
( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
2
ajoute un nouveau log hijackthis
-----------------------------[ Lop S&D 2.3.6 ]---------------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : pauline bocquet ] [ "C:\Program Files\Lop SD" ]
[ 20/02/2008 | 22:27:42,76 ] [ PC : PAULINE ]
[ MAJ : 20-02-2008 | 21:11 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\32locksmfcd.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\dmyyiupy.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ibnchqrh.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nhrratsn.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nxccaegv.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\recttypemapiooze.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\sfpbvodv.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\tphffwdq.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ysbcdyhu.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\grid hole.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\Plan Eq.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\window hold.exe
Supprimé! - C:\WINDOWS\Tasks\A6E59072918A007A.job
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide
Supprimé! - C:\Program Files\Ford Error Hide
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[20/02/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[20/02/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[29/09/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/09/2007|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[02/08/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[09/09/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/10/2007|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[02/08/2005|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[13/01/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[04/11/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/02/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/12/2007|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[02/08/2005|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/08/2005|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[09/09/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/12/2007|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[26/10/2007|19:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[02/08/2005|09:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[20/02/2008|22:27] C:\DOCUME~1\PAULIN~1\APPLIC~1\.
[20/02/2008|22:27] C:\DOCUME~1\PAULIN~1\APPLIC~1\..
[27/01/2008|20:45] C:\DOCUME~1\PAULIN~1\APPLIC~1\Adobe
[13/10/2007|19:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\AdobeUM
[22/09/2005|16:20] C:\DOCUME~1\PAULIN~1\APPLIC~1\ATI
[07/02/2008|21:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Azureus
[15/09/2007|11:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Creative
[02/08/2005|11:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\desktop.ini
[09/09/2007|11:04] C:\DOCUME~1\PAULIN~1\APPLIC~1\DivX
[29/09/2007|18:56] C:\DOCUME~1\PAULIN~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\PAULIN~1\APPLIC~1\Identities
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Leadertech
[14/02/2008|21:38] C:\DOCUME~1\PAULIN~1\APPLIC~1\LimeWire
[09/09/2007|08:03] C:\DOCUME~1\PAULIN~1\APPLIC~1\Macromedia
[02/12/2007|11:30] C:\DOCUME~1\PAULIN~1\APPLIC~1\Microsoft
[13/01/2008|12:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\Morpheus Software
[13/02/2008|18:54] C:\DOCUME~1\PAULIN~1\APPLIC~1\Protector Suite
[26/09/2007|14:39] C:\DOCUME~1\PAULIN~1\APPLIC~1\Samsung
[30/12/2007|23:00] C:\DOCUME~1\PAULIN~1\APPLIC~1\setup_fr[1].exe
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sonic
[30/11/2007|19:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sony Corporation
[09/09/2007|10:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sun
[26/07/2007|00:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Symantec
[12/10/2007|19:22] C:\DOCUME~1\PAULIN~1\APPLIC~1\Template
[17/12/2007|20:16] C:\DOCUME~1\PAULIN~1\APPLIC~1\Todae
[11/12/2007|18:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\wklnhst.dat
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[20/02/2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions hp photosmart 7700 series.job [--370--]
[20/02/2008 19:00][--a------] C:\WINDOWS\tasks\HP Usg Daily.job [--362--]
[20/02/2008 18:57][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[20/02/2008|22:27] C:\Program Files\.
[20/02/2008|22:27] C:\Program Files\..
[11/12/2007|11:58] C:\Program Files\Adobe
[09/09/2007|08:10] C:\Program Files\Alwil Software
[02/09/2005|16:50] C:\Program Files\Apoint2K
[22/09/2005|16:17] C:\Program Files\ATI Technologies
[02/08/2005|09:54] C:\Program Files\CONEXANT
[15/09/2007|09:45] C:\Program Files\Creative
[14/12/2007|13:52] C:\Program Files\DivX
[03/01/2008|22:56] C:\Program Files\Fichiers communs
[07/03/2006|09:05] C:\Program Files\GDS
[09/09/2007|12:25] C:\Program Files\Google
[05/11/2007|13:04] C:\Program Files\Guitar Pro 5
[12/10/2007|22:00] C:\Program Files\Hewlett-Packard
[12/10/2007|21:59] C:\Program Files\HP
[03/01/2008|23:04] C:\Program Files\Incomplete
[24/01/2008|18:52] C:\Program Files\InstallShield Installation Information
[02/08/2005|12:16] C:\Program Files\Intel
[14/02/2008|18:56] C:\Program Files\Internet Explorer
[02/08/2005|14:52] C:\Program Files\InterVideo
[09/09/2007|06:59] C:\Program Files\Inventel
[02/08/2005|14:51] C:\Program Files\Java
[03/01/2008|22:46] C:\Program Files\LimeWire
[20/02/2008|22:27] C:\Program Files\Lop SD
[01/12/2007|09:27] C:\Program Files\Maxis
[02/08/2005|10:00] C:\Program Files\Messenger
[23/12/2007|20:15] C:\Program Files\Messenger Plus! Live
[13/10/2007|09:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/08/2005|09:48] C:\Program Files\microsoft frontpage
[08/02/2008|21:53] C:\Program Files\Microsoft Office
[01/12/2007|20:51] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|09:05] C:\Program Files\Microsoft Works
[02/08/2005|09:46] C:\Program Files\Movie Maker
[17/08/2007|20:01] C:\Program Files\MP3 Player Utilities 3.75
[08/02/2008|21:52] C:\Program Files\MSECache
[02/08/2005|09:45] C:\Program Files\MSN
[02/08/2005|09:45] C:\Program Files\MSN Gaming Zone
[10/09/2007|02:01] C:\Program Files\MSXML 4.0
[02/08/2005|09:46] C:\Program Files\NetMeeting
[02/08/2005|09:45] C:\Program Files\Online Services
[10/09/2007|02:06] C:\Program Files\Outlook Express
[26/12/2007|23:53] C:\Program Files\PlayMP3z
[26/07/2007|00:10] C:\Program Files\Protector Suite QL
[02/09/2007|21:21] C:\Program Files\Raccourcis de programmes
[02/08/2005|10:28] C:\Program Files\Realtek
[26/09/2007|14:37] C:\Program Files\Samsung
[09/09/2007|07:20] C:\Program Files\Securitoo
[02/08/2005|09:47] C:\Program Files\Services en ligne
[26/07/2007|00:08] C:\Program Files\Sony
[29/09/2007|20:18] C:\Program Files\Steam
[09/09/2007|09:57] C:\Program Files\Symantec
[02/08/2005|09:51] C:\Program Files\Uninstall Information
[02/08/2005|14:53] C:\Program Files\Utimaco
[18/12/2007|19:51] C:\Program Files\Vista Start Menu
[20/02/2008|21:21] C:\Program Files\Wanadoo
[07/03/2006|08:57] C:\Program Files\Webex
[07/02/2008|21:09] C:\Program Files\Windows Live
[08/02/2008|11:12] C:\Program Files\Windows Live Toolbar
[26/10/2007|19:24] C:\Program Files\Windows Media Connect 2
[20/01/2008|16:07] C:\Program Files\Windows Media Player
[02/08/2005|09:45] C:\Program Files\Windows NT
[02/08/2005|09:47] C:\Program Files\WindowsUpdate
[02/08/2005|09:48] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[03/01/2008|22:56] C:\Program Files\Fichiers communs\.
[03/01/2008|22:56] C:\Program Files\Fichiers communs\..
[29/09/2007|21:16] C:\Program Files\Fichiers communs\Adobe
[07/10/2007|19:30] C:\Program Files\Fichiers communs\InstallShield
[02/08/2005|14:50] C:\Program Files\Fichiers communs\Java
[08/02/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
[02/08/2005|09:46] C:\Program Files\Fichiers communs\MSSoap
[02/08/2005|11:40] C:\Program Files\Fichiers communs\ODBC
[26/07/2007|00:10] C:\Program Files\Fichiers communs\Protector Suite QL
[02/08/2005|09:46] C:\Program Files\Fichiers communs\Services
[26/07/2007|00:11] C:\Program Files\Fichiers communs\Sonic Shared
[02/08/2005|14:51] C:\Program Files\Fichiers communs\Sony Shared
[02/08/2005|11:40] C:\Program Files\Fichiers communs\SpeechEngines
[09/09/2007|10:31] C:\Program Files\Fichiers communs\Symantec Shared
[01/12/2007|09:02] C:\Program Files\Fichiers communs\System
[01/12/2007|20:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 22:28:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:27][Doss:36] C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp
/!\ [Fich:461][Doss:0] C:\DOCUME~1\PAULIN~1\Cookies
/!\ [Fich:5717][Doss:26] C:\DOCUME~1\PAULIN~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 22:28:54,41 ]----------------------
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : pauline bocquet ] [ "C:\Program Files\Lop SD" ]
[ 20/02/2008 | 22:27:42,76 ] [ PC : PAULINE ]
[ MAJ : 20-02-2008 | 21:11 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\32locksmfcd.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\dmyyiupy.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\DVD OPTION START.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ibnchqrh.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nhrratsn.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\nxccaegv.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\recttypemapiooze.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\sfpbvodv.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\tphffwdq.exe
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide\ysbcdyhu.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\grid hole.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\Plan Eq.exe
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess\window hold.exe
Supprimé! - C:\WINDOWS\Tasks\A6E59072918A007A.job
Supprimé! - C:\DOCUME~1\PAULIN~1\APPLIC~1\Ford Error Hide
Supprimé! - C:\Program Files\Ford Error Hide
Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\grey ante kind mess
Restauré! - Fichier Hosts
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[20/02/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
[20/02/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
[29/09/2007|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[07/02/2008|20:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[29/09/2007|21:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[02/08/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[09/09/2007|10:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[12/10/2007|22:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[02/08/2005|12:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Intel
[13/01/2008|18:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
[04/11/2007|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/02/2008|21:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[01/12/2007|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[02/08/2005|14:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/08/2005|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[09/09/2007|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[26/10/2007|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[01/12/2007|20:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
[02/08/2005|14:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
[22/09/2005|16:20] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
[02/08/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[07/03/2006|09:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[02/08/2005|15:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[02/08/2005|14:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sony Corporation
[02/08/2005|14:56] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
[26/10/2007|19:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
[02/08/2005|09:51] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
[02/08/2005|09:48] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[20/02/2008|22:27] C:\DOCUME~1\PAULIN~1\APPLIC~1\.
[20/02/2008|22:27] C:\DOCUME~1\PAULIN~1\APPLIC~1\..
[27/01/2008|20:45] C:\DOCUME~1\PAULIN~1\APPLIC~1\Adobe
[13/10/2007|19:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\AdobeUM
[22/09/2005|16:20] C:\DOCUME~1\PAULIN~1\APPLIC~1\ATI
[07/02/2008|21:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Azureus
[15/09/2007|11:07] C:\DOCUME~1\PAULIN~1\APPLIC~1\Creative
[02/08/2005|11:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\desktop.ini
[09/09/2007|11:04] C:\DOCUME~1\PAULIN~1\APPLIC~1\DivX
[29/09/2007|18:56] C:\DOCUME~1\PAULIN~1\APPLIC~1\Google
[02/08/2005|09:48] C:\DOCUME~1\PAULIN~1\APPLIC~1\Identities
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Leadertech
[14/02/2008|21:38] C:\DOCUME~1\PAULIN~1\APPLIC~1\LimeWire
[09/09/2007|08:03] C:\DOCUME~1\PAULIN~1\APPLIC~1\Macromedia
[02/12/2007|11:30] C:\DOCUME~1\PAULIN~1\APPLIC~1\Microsoft
[13/01/2008|12:40] C:\DOCUME~1\PAULIN~1\APPLIC~1\Morpheus Software
[13/02/2008|18:54] C:\DOCUME~1\PAULIN~1\APPLIC~1\Protector Suite
[26/09/2007|14:39] C:\DOCUME~1\PAULIN~1\APPLIC~1\Samsung
[30/12/2007|23:00] C:\DOCUME~1\PAULIN~1\APPLIC~1\setup_fr[1].exe
[09/09/2007|22:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sonic
[30/11/2007|19:08] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sony Corporation
[09/09/2007|10:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\Sun
[26/07/2007|00:24] C:\DOCUME~1\PAULIN~1\APPLIC~1\Symantec
[12/10/2007|19:22] C:\DOCUME~1\PAULIN~1\APPLIC~1\Template
[17/12/2007|20:16] C:\DOCUME~1\PAULIN~1\APPLIC~1\Todae
[11/12/2007|18:02] C:\DOCUME~1\PAULIN~1\APPLIC~1\wklnhst.dat
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
[20/02/2008 20:00][--a------] C:\WINDOWS\tasks\HPpromotions hp photosmart 7700 series.job [--370--]
[20/02/2008 19:00][--a------] C:\WINDOWS\tasks\HP Usg Daily.job [--362--]
[20/02/2008 18:57][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini [--65--]
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[20/02/2008|22:27] C:\Program Files\.
[20/02/2008|22:27] C:\Program Files\..
[11/12/2007|11:58] C:\Program Files\Adobe
[09/09/2007|08:10] C:\Program Files\Alwil Software
[02/09/2005|16:50] C:\Program Files\Apoint2K
[22/09/2005|16:17] C:\Program Files\ATI Technologies
[02/08/2005|09:54] C:\Program Files\CONEXANT
[15/09/2007|09:45] C:\Program Files\Creative
[14/12/2007|13:52] C:\Program Files\DivX
[03/01/2008|22:56] C:\Program Files\Fichiers communs
[07/03/2006|09:05] C:\Program Files\GDS
[09/09/2007|12:25] C:\Program Files\Google
[05/11/2007|13:04] C:\Program Files\Guitar Pro 5
[12/10/2007|22:00] C:\Program Files\Hewlett-Packard
[12/10/2007|21:59] C:\Program Files\HP
[03/01/2008|23:04] C:\Program Files\Incomplete
[24/01/2008|18:52] C:\Program Files\InstallShield Installation Information
[02/08/2005|12:16] C:\Program Files\Intel
[14/02/2008|18:56] C:\Program Files\Internet Explorer
[02/08/2005|14:52] C:\Program Files\InterVideo
[09/09/2007|06:59] C:\Program Files\Inventel
[02/08/2005|14:51] C:\Program Files\Java
[03/01/2008|22:46] C:\Program Files\LimeWire
[20/02/2008|22:27] C:\Program Files\Lop SD
[01/12/2007|09:27] C:\Program Files\Maxis
[02/08/2005|10:00] C:\Program Files\Messenger
[23/12/2007|20:15] C:\Program Files\Messenger Plus! Live
[13/10/2007|09:24] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/08/2005|09:48] C:\Program Files\microsoft frontpage
[08/02/2008|21:53] C:\Program Files\Microsoft Office
[01/12/2007|20:51] C:\Program Files\Microsoft SQL Server Compact Edition
[01/12/2007|09:05] C:\Program Files\Microsoft Works
[02/08/2005|09:46] C:\Program Files\Movie Maker
[17/08/2007|20:01] C:\Program Files\MP3 Player Utilities 3.75
[08/02/2008|21:52] C:\Program Files\MSECache
[02/08/2005|09:45] C:\Program Files\MSN
[02/08/2005|09:45] C:\Program Files\MSN Gaming Zone
[10/09/2007|02:01] C:\Program Files\MSXML 4.0
[02/08/2005|09:46] C:\Program Files\NetMeeting
[02/08/2005|09:45] C:\Program Files\Online Services
[10/09/2007|02:06] C:\Program Files\Outlook Express
[26/12/2007|23:53] C:\Program Files\PlayMP3z
[26/07/2007|00:10] C:\Program Files\Protector Suite QL
[02/09/2007|21:21] C:\Program Files\Raccourcis de programmes
[02/08/2005|10:28] C:\Program Files\Realtek
[26/09/2007|14:37] C:\Program Files\Samsung
[09/09/2007|07:20] C:\Program Files\Securitoo
[02/08/2005|09:47] C:\Program Files\Services en ligne
[26/07/2007|00:08] C:\Program Files\Sony
[29/09/2007|20:18] C:\Program Files\Steam
[09/09/2007|09:57] C:\Program Files\Symantec
[02/08/2005|09:51] C:\Program Files\Uninstall Information
[02/08/2005|14:53] C:\Program Files\Utimaco
[18/12/2007|19:51] C:\Program Files\Vista Start Menu
[20/02/2008|21:21] C:\Program Files\Wanadoo
[07/03/2006|08:57] C:\Program Files\Webex
[07/02/2008|21:09] C:\Program Files\Windows Live
[08/02/2008|11:12] C:\Program Files\Windows Live Toolbar
[26/10/2007|19:24] C:\Program Files\Windows Media Connect 2
[20/01/2008|16:07] C:\Program Files\Windows Media Player
[02/08/2005|09:45] C:\Program Files\Windows NT
[02/08/2005|09:47] C:\Program Files\WindowsUpdate
[02/08/2005|09:48] C:\Program Files\xerox
------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------
[03/01/2008|22:56] C:\Program Files\Fichiers communs\.
[03/01/2008|22:56] C:\Program Files\Fichiers communs\..
[29/09/2007|21:16] C:\Program Files\Fichiers communs\Adobe
[07/10/2007|19:30] C:\Program Files\Fichiers communs\InstallShield
[02/08/2005|14:50] C:\Program Files\Fichiers communs\Java
[08/02/2008|21:53] C:\Program Files\Fichiers communs\Microsoft Shared
[02/08/2005|09:46] C:\Program Files\Fichiers communs\MSSoap
[02/08/2005|11:40] C:\Program Files\Fichiers communs\ODBC
[26/07/2007|00:10] C:\Program Files\Fichiers communs\Protector Suite QL
[02/08/2005|09:46] C:\Program Files\Fichiers communs\Services
[26/07/2007|00:11] C:\Program Files\Fichiers communs\Sonic Shared
[02/08/2005|14:51] C:\Program Files\Fichiers communs\Sony Shared
[02/08/2005|11:40] C:\Program Files\Fichiers communs\SpeechEngines
[09/09/2007|10:31] C:\Program Files\Fichiers communs\Symantec Shared
[01/12/2007|09:02] C:\Program Files\Fichiers communs\System
[01/12/2007|20:46] C:\Program Files\Fichiers communs\WindowsLiveInstaller
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 22:28:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:27][Doss:36] C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp
/!\ [Fich:461][Doss:0] C:\DOCUME~1\PAULIN~1\Cookies
/!\ [Fich:5717][Doss:26] C:\DOCUME~1\PAULIN~1\LOCALS~1\TEMPOR~1\content.IE5
--------------------[ Fin du rapport a 22:28:54,41 ]----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:36, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 10177 bytes
Scan saved at 22:29:36, on 20/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\PAULIN~1\LOCALS~1\Temp\Répertoire temporaire 5 pour hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.75\MediaManager\grab.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=https://smb-support.vaio-link.com/eSupport/PortalJSP/Po...
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
--
End of file - 10177 bytes
~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
Clique sur Fix checked (en bas à gauche)
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt![/#f]
[#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.
O2 - BHO: (no name) - {DAA91AB5-2C21-47B3-8C10-C326E04320EE} - C:\WINDOWS\system32\csseqch.dll (file missing)
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M2811] "C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6\setup_fr[1].exe"
Clique sur Fix checked (en bas à gauche)
Sélectionne TOUS les emplacements en gras ci-dessous :
C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\ZZX5PTL6
---> Clique-droit puis Copier (ou Ctrl+C)
Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur MoveIt![/#f]
[#ff0e00]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
->Informations sur le logiciel<-
ok
deux dernières petites choses:
1
~Télécharge CCleaner:
http://www.filehippo.com/download_ccleaner/
~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html
2
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/
~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.
~Sélectionne le poste de travail comme analyse.
~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.
Tuto du scan en ligne
deux dernières petites choses:
1
~Télécharge CCleaner:
http://www.filehippo.com/download_ccleaner/
~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"
Clique sur le bouton nettoyeur, tu fais " lancer le nettoyage "
Clique sur le bouton erreurs, tu fais "chercher les erreurs ", puis "réparer les erreurs".
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html
2
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/
~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.
~Sélectionne le poste de travail comme analyse.
~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.
Tuto du scan en ligne
Thursday, February 21, 2008 12:40:40 AM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 20/02/2008
Enregistrements dans la base antivirus Kaspersky : 531261
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
E:\
F:\
G:\
Statistiques de l'analyse
Total d'objets analysés 74751
Nombre de virus trouvés 8
Nombre d'objets infectés 22 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:58:46
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows Live Contacts\m3_74@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows Live Contacts\m3_74@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Historique\History.IE5\MSHist012008022020080221\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\ mon175.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF1F1F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF1F3B.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF4633.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF7614.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DFFE2.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DFFF3.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Mes documents\Mes Historiques de Conversation\février 2008\neantis@hotmail.fr.html L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré
C:\Program Files\Lop SD\Backup-Lop\F\sfpbvodv.exe Infecté : Trojan.Win32.Inject.rx ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\A0109679.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\A0109682.exe Infecté : Trojan-Downloader.Win32.Agent.hhc ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\A0109685.exe Infecté : Trojan.Win32.Inject.rx ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\change.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP83\A0072895.exe Infecté : Trojan.Win32.Inject.px ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0074023.exe Infecté : Trojan.Win32.Inject.py ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0074968.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0075968.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0075985.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0076985.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0076999.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0077047.exe Infecté : Trojan.Win32.Obfuscated.mt ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0077999.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0078999.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0079013.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0079024.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0079032.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0080032.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081032.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081038.exe Infecté : Trojan.Win32.Obfuscated.mw ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081039.exe Infecté : Trojan-Downloader.Win32.Agent.hhc ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081040.exe Infecté : Trojan-Downloader.Win32.Agent.hha ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{339767FE-4EE8-47E1-B02C-4E7B72AAB156}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\csseqch.dll L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\Logfiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\change.log L'objet est verrouillé ignoré
Analyse terminée.
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 20/02/2008
Enregistrements dans la base antivirus Kaspersky : 531261
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
E:\
F:\
G:\
Statistiques de l'analyse
Total d'objets analysés 74751
Nombre de virus trouvés 8
Nombre d'objets infectés 22 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:58:46
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\dfsr.db L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\fsr.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\fsrtmp.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Messenger\m3_74@hotmail.fr\SharingMetadata\Working\database_4C54_A5A2_54A5_8EF0\tmp.edb L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows Live Contacts\m3_74@hotmail.fr\real\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Application Data\Microsoft\Windows Live Contacts\m3_74@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Historique\History.IE5\MSHist012008022020080221\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\ mon175.log L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF1F1F.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF1F3B.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF4633.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DF7614.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DFFE2.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temp\~DFFF3.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\Mes documents\Mes Historiques de Conversation\février 2008\neantis@hotmail.fr.html L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\pauline bocquet\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
C:\Program Files\HP\hpcoretech\hpcmerr.log L'objet est verrouillé ignoré
C:\Program Files\Lop SD\Backup-Lop\F\sfpbvodv.exe Infecté : Trojan.Win32.Inject.rx ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\A0109679.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\A0109682.exe Infecté : Trojan-Downloader.Win32.Agent.hhc ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\A0109685.exe Infecté : Trojan.Win32.Inject.rx ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\change.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP83\A0072895.exe Infecté : Trojan.Win32.Inject.px ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0074023.exe Infecté : Trojan.Win32.Inject.py ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0074968.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0075968.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0075985.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0076985.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0076999.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0077047.exe Infecté : Trojan.Win32.Obfuscated.mt ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0077999.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0078999.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP86\A0079013.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0079024.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0079032.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0080032.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081032.exe Infecté : Trojan.Win32.Inject.qu ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081038.exe Infecté : Trojan.Win32.Obfuscated.mw ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081039.exe Infecté : Trojan-Downloader.Win32.Agent.hhc ignoré
C:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP87\A0081040.exe Infecté : Trojan-Downloader.Win32.Agent.hha ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{339767FE-4EE8-47E1-B02C-4E7B72AAB156}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\csseqch.dll L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\Logfiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\Temp\Perflib_Perfdata_b0.dat L'objet est verrouillé ignoré
C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{E2CBC2E0-020C-472E-B4A3-BA187BBA0DED}\RP101\change.log L'objet est verrouillé ignoré
Analyse terminée.
bonsoir
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
Désactive ton antivirus et tout autre type de protection.
Télécharge ComboFix de sUBs :
ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur ComboFix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé.Poste le rapport:C:\Combofix.txt
clique dessus pour l'ouvrir, puis édition "sélectionner tout", édition "copier"
viens sur le forum et édition "coller"
ajoute un nouveau rapport Hijackthis.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVirus win32 bho-kd trj
- ForumSolution du virus win32 bho-kd
- ForumSos cheval de troie win32 bho-kd
- ForumWin32 bho-kd et win32 pakes-afm
- ForumCheval de troie win32 bho-kd trj
- ForumVirus win32 bho-kd trj a l'aide
- ForumTrojan win32 bho-kd
- ForumSos trojan win32 bho-kd trj
- ForumTrojan win 32 bho-kd
- ForumInfection par win32 bho kd trj
- Voir plus
