un virus sûr, mais comment l'enlever [Resolu ]
Dernière réponse : dans Sécurité
Salut voila je suis en plein réparation d'un pc viruser seulement je ne vois pas quoi y faire car je suis que novice dans cette discipline voilà un rapport hijackthis qui pourras certainement vous aider ( j'ai passer un coup de CCcleaner avant le rappor) .
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:20, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\lphcjcnj0e1e7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Documents and Settings\BARRIE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [lphcjcnj0e1e7] C:\WINDOWS\system32\lphcjcnj0e1e7.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9931 bytes
_____________________________________________________
S'il vous plait aidez moi merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:20, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\lphcjcnj0e1e7.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Documents and Settings\BARRIE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [lphcjcnj0e1e7] C:\WINDOWS\system32\lphcjcnj0e1e7.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9931 bytes
_____________________________________________________
S'il vous plait aidez moi merci
Autres pages sur : virus enlever resolu
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
ComboFix 08-10-28.01 - BARRIE 2008-10-28 19:43:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.475 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\BARRIE\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\blphcjcnj0e1e7.scr
C:\WINDOWS\system32\lphcjcnj0e1e7.exe
C:\WINDOWS\system32\phcjcnj0e1e7.bmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-28 ))))))))))))))))))))))))))))))))))))
.
2008-10-28 19:04 . 2008-10-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-28 19:01 . 2008-10-28 19:01 <REP> d-------- C:\Program Files\Yahoo!
2008-10-28 19:01 . 2008-10-28 19:01 <REP> d-------- C:\Program Files\CCleaner
2008-10-28 18:46 . 2008-10-28 18:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-10-28 18:46 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-10-28 18:46 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-10-28 18:46 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-10-28 18:46 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-10-28 18:46 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-10-28 18:45 . 2008-10-28 18:50 <REP> d-------- C:\Program Files\Wanadoo
2008-10-28 18:43 . 2008-10-28 18:43 <REP> d-------- C:\Program Files\Securitoo
2008-10-28 18:43 . 2008-10-28 18:43 <REP> d-------- C:\Program Files\Inventel
2008-10-25 12:09 . 2008-10-28 09:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-25 12:09 . 2008-10-25 12:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-28 15:20 . 2004-08-03 22:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-28 15:20 . 2004-08-03 22:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-28 14:34 . 2008-09-28 14:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-28 14:34 . 2008-09-28 14:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 17:08 --------- d-----w C:\Documents and Settings\BARRIE\Application Data\cashuploadpoll
2008-10-08 16:00 --------- d-----w C:\Documents and Settings\BARRIE\Application Data\U3
2008-09-14 12:07 --------- d-----w C:\Program Files\eMule
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 68856]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OFFICEKB"="C:\Labtec\Keyboard\V5.1\kbdap32a.exe" [2008-02-11 387584]
"RemoteControl"="C:\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Frag Ooze Cash Scr"="C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe" [2008-10-28 9882112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 421888]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18aa8764-ea97-11dc-9e47-001a9272adb0}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18aa8765-ea97-11dc-9e47-001a9272adb0}]
\Shell\AutoRun\command - I:\start.exe
\Shell\FramaKey\command - I:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61525d4a-8245-11dd-9f0e-001a9272adb0}]
\Shell\AutoRun\command - I:\start.exe
\Shell\FramaKey\command - I:\start.exe
*Newly Created Service* - PROCEXP90
*Newly Created Service* - RASAUTO
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {AF4B5161-1572-D354-812F-9B3D64DA203F} /qb
.
Contenu du dossier 'Tâches planifiées'
2008-10-28 C:\WINDOWS\Tasks\A7F69587919909B7.job
- c:\docume~1\barrie\applic~1\cashup~1\bendthirdbat.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-lphcjcnj0e1e7 - C:\WINDOWS\system32\lphcjcnj0e1e7.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\BARRIE\Application Data\Mozilla\Firefox\Profiles\8n4kr8tt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:44:05
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-28 19:44:45
ComboFix-quarantined-files.txt 2008-10-28 18:44:42
Avant-CF: 50,047,467,520 octets libres
Après-CF: 50,176,815,104 octets libres
120
Je suis rassurer il n'y a plus le probleme que sa leur faisais (un fond d'écran izard) a toi de me dire si c'est fini![:)]( ":)")
merci pour les réponses aussi rapide c'est super cool
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.475 [GMT 1:00]
Lancé depuis: C:\Documents and Settings\BARRIE\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\blphcjcnj0e1e7.scr
C:\WINDOWS\system32\lphcjcnj0e1e7.exe
C:\WINDOWS\system32\phcjcnj0e1e7.bmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-28 ))))))))))))))))))))))))))))))))))))
.
2008-10-28 19:04 . 2008-10-28 19:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-10-28 19:01 . 2008-10-28 19:01 <REP> d-------- C:\Program Files\Yahoo!
2008-10-28 19:01 . 2008-10-28 19:01 <REP> d-------- C:\Program Files\CCleaner
2008-10-28 18:46 . 2008-10-28 18:46 <REP> d-------- C:\WINDOWS\system32\AlertModule
2008-10-28 18:46 . 2003-08-04 14:22 94,208 --a------ C:\WINDOWS\system32\W32n50.dll
2008-10-28 18:46 . 2004-08-23 14:49 40,960 --a------ C:\WINDOWS\system32\FTRTSVC.exe
2008-10-28 18:46 . 2005-10-06 14:55 36,864 --a------ C:\WINDOWS\system32\IfHelper.dll
2008-10-28 18:46 . 2004-08-23 14:50 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2008-10-28 18:46 . 2003-08-04 14:22 16,128 --------- C:\WINDOWS\system32\PCANDIS5.SYS
2008-10-28 18:45 . 2008-10-28 18:50 <REP> d-------- C:\Program Files\Wanadoo
2008-10-28 18:43 . 2008-10-28 18:43 <REP> d-------- C:\Program Files\Securitoo
2008-10-28 18:43 . 2008-10-28 18:43 <REP> d-------- C:\Program Files\Inventel
2008-10-25 12:09 . 2008-10-28 09:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-25 12:09 . 2008-10-25 12:09 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-28 15:20 . 2004-08-03 22:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-28 15:20 . 2004-08-03 22:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-28 14:34 . 2008-09-28 14:34 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-28 14:34 . 2008-09-28 14:34 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-14 17:08 --------- d-----w C:\Documents and Settings\BARRIE\Application Data\cashuploadpoll
2008-10-08 16:00 --------- d-----w C:\Documents and Settings\BARRIE\Application Data\U3
2008-09-14 12:07 --------- d-----w C:\Program Files\eMule
2001-03-28 11:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-16 68856]
"OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 95800]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 122880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OFFICEKB"="C:\Labtec\Keyboard\V5.1\kbdap32a.exe" [2008-02-11 387584]
"RemoteControl"="C:\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="C:\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"Frag Ooze Cash Scr"="C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe" [2008-10-28 9882112]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 266497]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2006-04-20 421888]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 32768]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Microsoft Office.lnk - C:\Microsoft Office\Office\OSA9.EXE [2000-01-21 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18aa8764-ea97-11dc-9e47-001a9272adb0}]
\shell\Setup\command - setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18aa8765-ea97-11dc-9e47-001a9272adb0}]
\Shell\AutoRun\command - I:\start.exe
\Shell\FramaKey\command - I:\start.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{61525d4a-8245-11dd-9f0e-001a9272adb0}]
\Shell\AutoRun\command - I:\start.exe
\Shell\FramaKey\command - I:\start.exe
*Newly Created Service* - PROCEXP90
*Newly Created Service* - RASAUTO
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {AF4B5161-1572-D354-812F-9B3D64DA203F} /qb
.
Contenu du dossier 'Tâches planifiées'
2008-10-28 C:\WINDOWS\Tasks\A7F69587919909B7.job
- c:\docume~1\barrie\applic~1\cashup~1\bendthirdbat.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-lphcjcnj0e1e7 - C:\WINDOWS\system32\lphcjcnj0e1e7.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\BARRIE\Application Data\Mozilla\Firefox\Profiles\8n4kr8tt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.orange.fr
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-28 19:44:05
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-28 19:44:45
ComboFix-quarantined-files.txt 2008-10-28 18:44:42
Avant-CF: 50,047,467,520 octets libres
Après-CF: 50,176,815,104 octets libres
120
Je suis rassurer il n'y a plus le probleme que sa leur faisais (un fond d'écran izard) a toi de me dire si c'est fini
merci pour les réponses aussi rapide c'est super cool
yeah j'aime bien ça en principe c'est que sa sent la fin je te fait sa sur le pc qui déconne et je te l'envoie merci encore
*****************************************************
Voilà le raport :
********************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:23, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\BARRIE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9728 bytes
*****************************************************
Voilà le raport :
********************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:18:23, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\BARRIE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9728 bytes
tu veux un autre rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:52, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BARRIE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9698 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:52, on 29/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Labtec\Keyboard\V5.1\kbdap32a.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\BARRIE\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [OFFICEKB] C:\Labtec\Keyboard\V5.1\kbdap32a.exe
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Frag Ooze Cash Scr] C:\Documents and Settings\All Users\Application Data\close poke frag ooze\play drive.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{2AE70E15-B988-42D5-8AE1-898E8C4B3B8D}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
--
End of file - 9698 bytes
ok je l'ai pas grarde mais pas grave sa le fait plus par contre ma cousqine son pc rame voila un rapport hijack si tu peu m'aider
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:59, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11821 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:59, on 29/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11821 bytes
Re,
Télécharge Lop S&D.exe ([#ff0000]Eric_71[/#f]) sur ton Bureau.
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de LopS&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré (C:\lopR.txt*)
Télécharge Lop S&D.exe ([#ff0000]Eric_71[/#f]) sur ton Bureau.
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.7.1098 [VPS 081031-1] 4.7.1098 (Not Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 24/11/2008|18:22 )
--------------------\\ Listing des dossiers dans APPLIC~1
[28/10/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/01/2004|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/08/2006|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[20/07/2008|13:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
[23/11/2008|10:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[01/01/2004|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[01/01/2004|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[29/03/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[25/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[08/08/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/02/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/12/2004|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/05/2005|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/02/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[08/08/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/06/2005|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[21/03/2007|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
[09/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2004|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2004|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[05/12/2004|16:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[09/02/2005|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[07/05/2007|14:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/12/2004|17:53] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[20/02/2005|15:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Intervideo
[16/12/2004|18:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[28/11/2004|10:56] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[30/07/2006|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[27/02/2005|18:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft Web Folders
[05/12/2004|19:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Motive
[01/01/2004|18:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[16/12/2004|18:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
[17/01/2005|18:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[18/06/2005|13:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
[06/09/2008|16:50] C:\DOCUME~1\journal\APPLIC~1\Adobe
[25/12/2006|01:36] C:\DOCUME~1\journal\APPLIC~1\AdobeUM
[09/11/2005|12:47] C:\DOCUME~1\journal\APPLIC~1\Alive! Jigsaw
[25/02/2007|14:18] C:\DOCUME~1\journal\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\journal\APPLIC~1\Apple Computer
[21/03/2008|21:05] C:\DOCUME~1\journal\APPLIC~1\Google
[24/08/2005|09:44] C:\DOCUME~1\journal\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\journal\APPLIC~1\Identities
[06/11/2005|10:36] C:\DOCUME~1\journal\APPLIC~1\InstallShield
[20/08/2005|11:19] C:\DOCUME~1\journal\APPLIC~1\Intervideo
[11/10/2006|20:48] C:\DOCUME~1\journal\APPLIC~1\Leadertech
[15/11/2008|12:22] C:\DOCUME~1\journal\APPLIC~1\LimeWire
[14/01/2007|11:55] C:\DOCUME~1\journal\APPLIC~1\Macromedia
[08/08/2007|13:01] C:\DOCUME~1\journal\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\journal\APPLIC~1\Motive
[30/08/2008|10:50] C:\DOCUME~1\journal\APPLIC~1\Mozilla
[23/11/2008|14:50] C:\DOCUME~1\journal\APPLIC~1\OpenOffice.org2
[18/11/2007|19:19] C:\DOCUME~1\journal\APPLIC~1\Real
[01/01/2004|18:12] C:\DOCUME~1\journal\APPLIC~1\SampleView
[18/09/2005|18:39] C:\DOCUME~1\journal\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\journal\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\journal\APPLIC~1\Symantec
[20/07/2008|21:30] C:\DOCUME~1\journal\APPLIC~1\the send type
[07/11/2006|18:41] C:\DOCUME~1\journal\APPLIC~1\Ulead Systems
[17/02/2008|15:39] C:\DOCUME~1\journal\APPLIC~1\vlc
[21/03/2007|14:47] C:\DOCUME~1\journal\APPLIC~1\You've Got Pictures Screensaver
[09/08/2007|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2004|14:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[31/08/2008|15:51] C:\DOCUME~1\SANDRI~1\APPLIC~1\Adobe
[01/04/2007|09:40] C:\DOCUME~1\SANDRI~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\SANDRI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\SANDRI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\SANDRI~1\APPLIC~1\Intervideo
[13/08/2007|11:33] C:\DOCUME~1\SANDRI~1\APPLIC~1\Macromedia
[17/04/2008|11:27] C:\DOCUME~1\SANDRI~1\APPLIC~1\Microsoft
[17/06/2008|15:54] C:\DOCUME~1\SANDRI~1\APPLIC~1\Motive
[13/08/2007|11:28] C:\DOCUME~1\SANDRI~1\APPLIC~1\Mozilla
[01/01/2004|18:12] C:\DOCUME~1\SANDRI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\SANDRI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\SANDRI~1\APPLIC~1\Symantec
[31/08/2008|15:00] C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[23/11/2008 18:44][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102268630.job
[05/08/2004 11:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[01/01/2004 21:08][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[24/11/2008 17:56][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[06/11/2005|11:55] C:\Program Files\123 Free Puzzle
[28/10/2008|19:08] C:\Program Files\Adobe
[18/11/2007|19:20] C:\Program Files\AirStrike3D DEMO
[09/11/2005|12:48] C:\Program Files\All Ages Software
[08/08/2007|13:50] C:\Program Files\Alwil Software
[29/01/2006|18:10] C:\Program Files\Anuman Interactive
[18/11/2007|19:18] C:\Program Files\AOL 9.0
[18/11/2007|19:18] C:\Program Files\Blastorama Demo
[18/11/2007|11:16] C:\Program Files\BoundAround_Demo
[09/07/2007|20:19] C:\Program Files\Boxen 2 DEMO
[18/11/2007|11:16] C:\Program Files\BrickShooter Jr
[18/11/2007|19:19] C:\Program Files\Brossard
[26/11/2006|15:52] C:\Program Files\Bubble Frenzy
[25/12/2004|13:50] C:\Program Files\Canon
[18/11/2007|19:18] C:\Program Files\Car Thief
[18/11/2007|19:20] C:\Program Files\Controle Parental
[18/11/2007|19:16] C:\Program Files\Controle Parental(3)
[18/11/2007|19:03] C:\Program Files\Controle Parental(4)
[18/11/2007|11:16] C:\Program Files\cw3d
[28/11/2006|19:35] C:\Program Files\DigiFUN
[25/08/2008|11:35] C:\Program Files\directx
[18/11/2007|19:18] C:\Program Files\DreamQuest
[06/11/2005|19:08] C:\Program Files\EA GAMES
[08/08/2007|15:55] C:\Program Files\Easy Internet signup
[09/07/2007|20:11] C:\Program Files\EduProfix
[18/11/2007|19:18] C:\Program Files\ElastoMania111
[18/11/2007|19:17] C:\Program Files\Fashion Cents
[31/08/2006|12:56] C:\Program Files\FaxTools
[25/08/2008|11:37] C:\Program Files\Fichiers communs
[31/01/2006|19:20] C:\Program Files\Firaxis Games
[18/11/2007|19:20] C:\Program Files\GALLIMARD
[28/10/2008|19:11] C:\Program Files\Google
[11/11/2007|11:30] C:\Program Files\GrayMatter Innovations
[01/01/2004|17:57] C:\Program Files\Help and Support Additions
[01/01/2004|15:51] C:\Program Files\Hewlett-Packard
[25/01/2006|14:12] C:\Program Files\Homebrew Software
[01/01/2004|17:25] C:\Program Files\HP
[21/02/2008|15:11] C:\Program Files\id Software
[23/03/2008|12:37] C:\Program Files\IncrediMail
[18/11/2007|19:21] C:\Program Files\InetGet2
[19/01/2008|11:33] C:\Program Files\Insider
[28/10/2008|19:15] C:\Program Files\InstallShield Installation Information
[28/10/2008|19:14] C:\Program Files\InterActual
[02/09/2008|11:28] C:\Program Files\Internet Explorer
[07/08/2007|19:50] C:\Program Files\Inventel
[02/09/2008|11:07] C:\Program Files\Java
[23/03/2008|12:35] C:\Program Files\Jeune Styliste
[23/03/2008|12:36] C:\Program Files\Jeune Styliste 2
[18/11/2007|19:18] C:\Program Files\Jollyware
[18/11/2007|19:19] C:\Program Files\JrVetDemo
[23/03/2008|12:36] C:\Program Files\JS FashionMaker
[25/11/2006|14:55] C:\Program Files\Leeds Learning Color and Shapes
[22/11/2008|11:06] C:\Program Files\Lexmark X1100 Series
[19/09/2008|19:03] C:\Program Files\LimeWire
[29/03/2008|13:56] C:\Program Files\Logitech
[19/08/2007|20:40] C:\Program Files\Macrogaming
[06/11/2005|13:36] C:\Program Files\Maxis
[02/09/2008|11:35] C:\Program Files\Messenger
[22/12/2007|11:57] C:\Program Files\Messenger Plus! Live
[06/11/2005|19:28] C:\Program Files\Micro Application
[31/12/2004|15:23] C:\Program Files\Microsoft AutoRoute
[28/02/2008|13:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/11/2007|19:16] C:\Program Files\Microsoft Encarta
[01/01/2004|14:06] C:\Program Files\microsoft frontpage
[31/12/2004|15:22] C:\Program Files\Microsoft Money
[27/02/2005|18:41] C:\Program Files\Microsoft Office
[23/08/2007|22:03] C:\Program Files\Microsoft Picture It! 9
[31/12/2004|15:18] C:\Program Files\Microsoft Works
[28/12/2004|20:20] C:\Program Files\Microsoft Works Suite 2004
[02/09/2008|11:28] C:\Program Files\Movie Maker
[24/11/2008|18:16] C:\Program Files\Mozilla Firefox
[30/07/2006|12:54] C:\Program Files\MP3 Player Utilities
[25/11/2006|18:41] C:\Program Files\mpegable AVI
[26/08/2005|17:52] C:\Program Files\MSN
[01/01/2004|14:03] C:\Program Files\MSN Gaming Zone
[27/02/2008|11:15] C:\Program Files\MSN Messenger
[18/11/2007|19:19] C:\Program Files\MSXML 4.0
[23/03/2008|12:32] C:\Program Files\Musicmatch
[28/11/2006|19:32] C:\Program Files\MyABCD
[02/09/2008|11:24] C:\Program Files\NetMeeting
[01/01/2004|14:03] C:\Program Files\Online Services
[25/08/2007|13:40] C:\Program Files\OpenOffice.org 2.0
[22/04/2008|17:35] C:\Program Files\Orange
[22/04/2008|17:29] C:\Program Files\OrangeHSS
[03/09/2008|10:24] C:\Program Files\Outlook Express
[01/01/2004|17:58] C:\Program Files\PC-Doctor for Windows
[10/02/2007|17:31] C:\Program Files\Personal Strip Poker
[18/11/2007|19:16] C:\Program Files\QuickTime
[18/11/2007|19:19] C:\Program Files\Quiz
[21/03/2007|14:44] C:\Program Files\Real
[25/01/2006|14:15] C:\Program Files\Realore
[18/11/2007|19:18] C:\Program Files\Save
[18/11/2007|20:30] C:\Program Files\Securitoo
[01/01/2004|18:06] C:\Program Files\Services en ligne
[02/01/2004|06:00] C:\Program Files\SiS VGA Utilities V3.59e
[27/02/2005|18:41] C:\Program Files\Snapshot Viewer
[18/11/2007|19:15] C:\Program Files\Solsoft
[08/08/2007|13:29] C:\Program Files\Symantec
[18/11/2007|19:21] C:\Program Files\Temporary
[29/06/2008|20:38] C:\Program Files\the send type
[25/12/2006|01:33] C:\Program Files\Thomson
[18/11/2007|19:18] C:\Program Files\TikGames
[26/03/2005|19:16] C:\Program Files\TLC-Edusoft
[04/01/2007|19:52] C:\Program Files\TLKGAMES
[18/11/2007|11:16] C:\Program Files\Tomato Catcher
[04/01/2007|19:57] C:\Program Files\Trymedia
[18/11/2007|19:20] C:\Program Files\Ulead Systems
[17/02/2008|15:27] C:\Program Files\VideoLAN
[21/03/2007|14:47] C:\Program Files\Viewpoint
[24/11/2008|18:16] C:\Program Files\Wanadoo
[23/07/2008|13:40] C:\Program Files\WhenUSearch
[18/11/2007|19:21] C:\Program Files\WinAble
[27/02/2008|11:11] C:\Program Files\Windows Live
[08/08/2007|20:58] C:\Program Files\Windows Media Connect 2
[02/09/2008|11:23] C:\Program Files\Windows Media Player
[02/09/2008|11:23] C:\Program Files\Windows NT
[01/01/2004|14:06] C:\Program Files\xerox
[28/11/2006|19:37] C:\Program Files\zippy
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[28/10/2008|19:08] C:\Program Files\Fichiers communs\Adobe
[08/08/2007|09:52] C:\Program Files\Fichiers communs\AOL
[21/03/2007|14:52] C:\Program Files\Fichiers communs\aolback
[10/11/2007|19:01] C:\Program Files\Fichiers communs\Carlson
[31/12/2004|15:17] C:\Program Files\Fichiers communs\Designer
[25/08/2008|11:37] C:\Program Files\Fichiers communs\DirectX
[22/04/2008|17:25] C:\Program Files\Fichiers communs\France Telecom
[01/01/2004|15:41] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/01/2004|05:59] C:\Program Files\Fichiers communs\InstallShield
[24/03/2008|13:42] C:\Program Files\Fichiers communs\Java
[29/03/2008|14:11] C:\Program Files\Fichiers communs\LogiShrd
[27/02/2008|11:13] C:\Program Files\Fichiers communs\Microsoft Shared
[22/04/2008|17:34] C:\Program Files\Fichiers communs\Motive
[01/01/2004|14:04] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|14:45] C:\Program Files\Fichiers communs\Nullsoft
[18/11/2007|19:19] C:\Program Files\Fichiers communs\Real
[31/12/2004|19:32] C:\Program Files\Fichiers communs\Services
[01/01/2004|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[02/09/2008|11:23] C:\Program Files\Fichiers communs\System
[18/06/2005|13:30] C:\Program Files\Fichiers communs\Ulead Systems
[27/02/2008|11:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 58 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
C:\DOCUME~1\journal\LOCALS~1\Temp\bis3E5.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Boob Byte.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\For Cake.exe
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Ooze slow.exe
C:\DOCUME~1\journal\LOCALS~1\Temp\nsd314.tmp
C:\DOCUME~1\journal\LOCALS~1\Temp\nse40E.tmp
C:\DOCUME~1\journal\LOCALS~1\Temp\nsf31D.tmp
C:\DOCUME~1\journal\LOCALS~1\Temp\nsi53E.tmp
C:\DOCUME~1\journal\LOCALS~1\Temp\nsp320.tmp
C:\DOCUME~1\journal\LOCALS~1\Temp\nss32E.tmp
C:\DOCUME~1\journal\Cookies\journal@advertstream[1].txt
C:\DOCUME~1\journal\Cookies\journal@www.adserver5[2].txt
C:\DOCUME~1\journal\Cookies\journal@adultfriendfinder[1].txt
C:\DOCUME~1\journal\Cookies\journal@advertising[2].txt
C:\DOCUME~1\journal\Cookies\journal@adin.bigpoint[2].txt
C:\DOCUME~1\journal\Cookies\journal@bigpoint[1].txt
C:\DOCUME~1\journal\Cookies\journal@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\journal\Cookies\journal@banner.casinoking[2].txt
C:\DOCUME~1\journal\Cookies\journal@casinoking[1].txt
C:\DOCUME~1\journal\Cookies\journal@cotedazurpalace[1].txt
C:\DOCUME~1\journal\Cookies\journal@adopt.euroclick[2].txt
C:\DOCUME~1\journal\Cookies\journal@pacificpoker[2].txt
C:\DOCUME~1\journal\Cookies\journal@partygaming.122.2o7[1].txt
C:\DOCUME~1\journal\Cookies\journal@partypoker[1].txt
C:\DOCUME~1\journal\Cookies\journal@fr1.seafight.bigpoint[1].txt
C:\DOCUME~1\journal\Cookies\journal@vegas-millions[1].txt
C:\DOCUME~1\journal\Cookies\journal@www.lop[2].txt
C:\DOCUME~1\journal\Cookies\journal@www.2xmoinscher[1].txt
C:\DOCUME~1\journal\Cookies\journal@888[1].txt
C:\DOCUME~1\journal\Cookies\journal@888[3].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 18:23:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 525
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9388][D:1833]-> C:\DOCUME~1\journal\LOCALS~1\Temp
[F:351][D:0]-> C:\DOCUME~1\journal\Cookies
[F:627][D:4]-> C:\DOCUME~1\journal\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 24/11/2008|18:27 - Option : [1]
--------------------\\ Fin du rapport a 18:27:34
voila dsl du retard
OUI ENFIN NON EN FAI C'EST LE PC DE MA COUSINE
************************************************************
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 24/11/2008|20:07 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Boob Byte.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\For Cake.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Ooze slow.exe
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsd314.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nse40E.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsf31D.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsi53E.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsp320.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nss32E.tmp
Supprime! - C:\DOCUME~1\journal\Cookies\journal@advertstream[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@www.adserver5[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@adultfriendfinder[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@advertising[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@bigpoint[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@fr1.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@casinoking[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@pacificpoker[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@partygaming.122.2o7[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@partypoker[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@vegas-millions[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@www.lop[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@888[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@888[3].txt
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\bis3E5.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[28/10/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/01/2004|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/08/2006|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[24/11/2008|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[01/01/2004|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[01/01/2004|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[29/03/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[25/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[08/08/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/02/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/12/2004|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/05/2005|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/02/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[08/08/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/06/2005|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2004|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2004|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[05/12/2004|16:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[09/02/2005|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[07/05/2007|14:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/12/2004|17:53] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[20/02/2005|15:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Intervideo
[16/12/2004|18:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[28/11/2004|10:56] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[30/07/2006|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[27/02/2005|18:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft Web Folders
[05/12/2004|19:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Motive
[01/01/2004|18:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[16/12/2004|18:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
[17/01/2005|18:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[18/06/2005|13:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
[06/09/2008|16:50] C:\DOCUME~1\journal\APPLIC~1\Adobe
[25/12/2006|01:36] C:\DOCUME~1\journal\APPLIC~1\AdobeUM
[09/11/2005|12:47] C:\DOCUME~1\journal\APPLIC~1\Alive! Jigsaw
[25/02/2007|14:18] C:\DOCUME~1\journal\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\journal\APPLIC~1\Apple Computer
[21/03/2008|21:05] C:\DOCUME~1\journal\APPLIC~1\Google
[24/08/2005|09:44] C:\DOCUME~1\journal\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\journal\APPLIC~1\Identities
[06/11/2005|10:36] C:\DOCUME~1\journal\APPLIC~1\InstallShield
[20/08/2005|11:19] C:\DOCUME~1\journal\APPLIC~1\Intervideo
[11/10/2006|20:48] C:\DOCUME~1\journal\APPLIC~1\Leadertech
[15/11/2008|12:22] C:\DOCUME~1\journal\APPLIC~1\LimeWire
[14/01/2007|11:55] C:\DOCUME~1\journal\APPLIC~1\Macromedia
[08/08/2007|13:01] C:\DOCUME~1\journal\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\journal\APPLIC~1\Motive
[30/08/2008|10:50] C:\DOCUME~1\journal\APPLIC~1\Mozilla
[23/11/2008|15:13] C:\DOCUME~1\journal\APPLIC~1\OpenOffice.org2
[18/11/2007|19:19] C:\DOCUME~1\journal\APPLIC~1\Real
[01/01/2004|18:12] C:\DOCUME~1\journal\APPLIC~1\SampleView
[18/09/2005|18:39] C:\DOCUME~1\journal\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\journal\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\journal\APPLIC~1\Symantec
[20/07/2008|21:30] C:\DOCUME~1\journal\APPLIC~1\the send type
[07/11/2006|18:41] C:\DOCUME~1\journal\APPLIC~1\Ulead Systems
[17/02/2008|15:39] C:\DOCUME~1\journal\APPLIC~1\vlc
[21/03/2007|14:47] C:\DOCUME~1\journal\APPLIC~1\You've Got Pictures Screensaver
[09/08/2007|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2004|14:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[31/08/2008|15:51] C:\DOCUME~1\SANDRI~1\APPLIC~1\Adobe
[01/04/2007|09:40] C:\DOCUME~1\SANDRI~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\SANDRI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\SANDRI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\SANDRI~1\APPLIC~1\Intervideo
[13/08/2007|11:33] C:\DOCUME~1\SANDRI~1\APPLIC~1\Macromedia
[17/04/2008|11:27] C:\DOCUME~1\SANDRI~1\APPLIC~1\Microsoft
[17/06/2008|15:54] C:\DOCUME~1\SANDRI~1\APPLIC~1\Motive
[13/08/2007|11:28] C:\DOCUME~1\SANDRI~1\APPLIC~1\Mozilla
[01/01/2004|18:12] C:\DOCUME~1\SANDRI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\SANDRI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\SANDRI~1\APPLIC~1\Symantec
[31/08/2008|15:00] C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[24/11/2008 18:44][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102268630.job
[05/08/2004 11:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[01/01/2004 21:08][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[24/11/2008 18:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[06/11/2005|11:55] C:\Program Files\123 Free Puzzle
[28/10/2008|19:08] C:\Program Files\Adobe
[18/11/2007|19:20] C:\Program Files\AirStrike3D DEMO
[09/11/2005|12:48] C:\Program Files\All Ages Software
[08/08/2007|13:50] C:\Program Files\Alwil Software
[29/01/2006|18:10] C:\Program Files\Anuman Interactive
[18/11/2007|19:18] C:\Program Files\AOL 9.0
[18/11/2007|19:18] C:\Program Files\Blastorama Demo
[18/11/2007|11:16] C:\Program Files\BoundAround_Demo
[09/07/2007|20:19] C:\Program Files\Boxen 2 DEMO
[18/11/2007|11:16] C:\Program Files\BrickShooter Jr
[18/11/2007|19:19] C:\Program Files\Brossard
[26/11/2006|15:52] C:\Program Files\Bubble Frenzy
[25/12/2004|13:50] C:\Program Files\Canon
[18/11/2007|19:18] C:\Program Files\Car Thief
[18/11/2007|19:20] C:\Program Files\Controle Parental
[18/11/2007|19:16] C:\Program Files\Controle Parental(3)
[18/11/2007|19:03] C:\Program Files\Controle Parental(4)
[18/11/2007|11:16] C:\Program Files\cw3d
[28/11/2006|19:35] C:\Program Files\DigiFUN
[25/08/2008|11:35] C:\Program Files\directx
[18/11/2007|19:18] C:\Program Files\DreamQuest
[06/11/2005|19:08] C:\Program Files\EA GAMES
[08/08/2007|15:55] C:\Program Files\Easy Internet signup
[09/07/2007|20:11] C:\Program Files\EduProfix
[18/11/2007|19:18] C:\Program Files\ElastoMania111
[18/11/2007|19:17] C:\Program Files\Fashion Cents
[31/08/2006|12:56] C:\Program Files\FaxTools
[25/08/2008|11:37] C:\Program Files\Fichiers communs
[31/01/2006|19:20] C:\Program Files\Firaxis Games
[18/11/2007|19:20] C:\Program Files\GALLIMARD
[28/10/2008|19:11] C:\Program Files\Google
[11/11/2007|11:30] C:\Program Files\GrayMatter Innovations
[01/01/2004|17:57] C:\Program Files\Help and Support Additions
[01/01/2004|15:51] C:\Program Files\Hewlett-Packard
[25/01/2006|14:12] C:\Program Files\Homebrew Software
[01/01/2004|17:25] C:\Program Files\HP
[21/02/2008|15:11] C:\Program Files\id Software
[23/03/2008|12:37] C:\Program Files\IncrediMail
[18/11/2007|19:21] C:\Program Files\InetGet2
[19/01/2008|11:33] C:\Program Files\Insider
[28/10/2008|19:15] C:\Program Files\InstallShield Installation Information
[28/10/2008|19:14] C:\Program Files\InterActual
[02/09/2008|11:28] C:\Program Files\Internet Explorer
[07/08/2007|19:50] C:\Program Files\Inventel
[02/09/2008|11:07] C:\Program Files\Java
[23/03/2008|12:35] C:\Program Files\Jeune Styliste
[23/03/2008|12:36] C:\Program Files\Jeune Styliste 2
[18/11/2007|19:18] C:\Program Files\Jollyware
[18/11/2007|19:19] C:\Program Files\JrVetDemo
[23/03/2008|12:36] C:\Program Files\JS FashionMaker
[25/11/2006|14:55] C:\Program Files\Leeds Learning Color and Shapes
[22/11/2008|11:06] C:\Program Files\Lexmark X1100 Series
[19/09/2008|19:03] C:\Program Files\LimeWire
[29/03/2008|13:56] C:\Program Files\Logitech
[19/08/2007|20:40] C:\Program Files\Macrogaming
[06/11/2005|13:36] C:\Program Files\Maxis
[02/09/2008|11:35] C:\Program Files\Messenger
[22/12/2007|11:57] C:\Program Files\Messenger Plus! Live
[06/11/2005|19:28] C:\Program Files\Micro Application
[31/12/2004|15:23] C:\Program Files\Microsoft AutoRoute
[28/02/2008|13:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/11/2007|19:16] C:\Program Files\Microsoft Encarta
[01/01/2004|14:06] C:\Program Files\microsoft frontpage
[31/12/2004|15:22] C:\Program Files\Microsoft Money
[27/02/2005|18:41] C:\Program Files\Microsoft Office
[23/08/2007|22:03] C:\Program Files\Microsoft Picture It! 9
[31/12/2004|15:18] C:\Program Files\Microsoft Works
[28/12/2004|20:20] C:\Program Files\Microsoft Works Suite 2004
[02/09/2008|11:28] C:\Program Files\Movie Maker
[24/11/2008|18:39] C:\Program Files\Mozilla Firefox
[30/07/2006|12:54] C:\Program Files\MP3 Player Utilities
[25/11/2006|18:41] C:\Program Files\mpegable AVI
[26/08/2005|17:52] C:\Program Files\MSN
[01/01/2004|14:03] C:\Program Files\MSN Gaming Zone
[27/02/2008|11:15] C:\Program Files\MSN Messenger
[18/11/2007|19:19] C:\Program Files\MSXML 4.0
[23/03/2008|12:32] C:\Program Files\Musicmatch
[28/11/2006|19:32] C:\Program Files\MyABCD
[02/09/2008|11:24] C:\Program Files\NetMeeting
[01/01/2004|14:03] C:\Program Files\Online Services
[25/08/2007|13:40] C:\Program Files\OpenOffice.org 2.0
[22/04/2008|17:35] C:\Program Files\Orange
[22/04/2008|17:29] C:\Program Files\OrangeHSS
[03/09/2008|10:24] C:\Program Files\Outlook Express
[01/01/2004|17:58] C:\Program Files\PC-Doctor for Windows
[10/02/2007|17:31] C:\Program Files\Personal Strip Poker
[18/11/2007|19:16] C:\Program Files\QuickTime
[18/11/2007|19:19] C:\Program Files\Quiz
[21/03/2007|14:44] C:\Program Files\Real
[25/01/2006|14:15] C:\Program Files\Realore
[18/11/2007|19:18] C:\Program Files\Save
[18/11/2007|20:30] C:\Program Files\Securitoo
[01/01/2004|18:06] C:\Program Files\Services en ligne
[02/01/2004|06:00] C:\Program Files\SiS VGA Utilities V3.59e
[27/02/2005|18:41] C:\Program Files\Snapshot Viewer
[18/11/2007|19:15] C:\Program Files\Solsoft
[08/08/2007|13:29] C:\Program Files\Symantec
[18/11/2007|19:21] C:\Program Files\Temporary
[29/06/2008|20:38] C:\Program Files\the send type
[25/12/2006|01:33] C:\Program Files\Thomson
[18/11/2007|19:18] C:\Program Files\TikGames
[26/03/2005|19:16] C:\Program Files\TLC-Edusoft
[04/01/2007|19:52] C:\Program Files\TLKGAMES
[18/11/2007|11:16] C:\Program Files\Tomato Catcher
[04/01/2007|19:57] C:\Program Files\Trymedia
[18/11/2007|19:20] C:\Program Files\Ulead Systems
[17/02/2008|15:27] C:\Program Files\VideoLAN
[24/11/2008|18:16] C:\Program Files\Wanadoo
[23/07/2008|13:40] C:\Program Files\WhenUSearch
[18/11/2007|19:21] C:\Program Files\WinAble
[27/02/2008|11:11] C:\Program Files\Windows Live
[08/08/2007|20:58] C:\Program Files\Windows Media Connect 2
[02/09/2008|11:23] C:\Program Files\Windows Media Player
[02/09/2008|11:23] C:\Program Files\Windows NT
[01/01/2004|14:06] C:\Program Files\xerox
[28/11/2006|19:37] C:\Program Files\zippy
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[28/10/2008|19:08] C:\Program Files\Fichiers communs\Adobe
[08/08/2007|09:52] C:\Program Files\Fichiers communs\AOL
[21/03/2007|14:52] C:\Program Files\Fichiers communs\aolback
[10/11/2007|19:01] C:\Program Files\Fichiers communs\Carlson
[31/12/2004|15:17] C:\Program Files\Fichiers communs\Designer
[25/08/2008|11:37] C:\Program Files\Fichiers communs\DirectX
[22/04/2008|17:25] C:\Program Files\Fichiers communs\France Telecom
[01/01/2004|15:41] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/01/2004|05:59] C:\Program Files\Fichiers communs\InstallShield
[24/03/2008|13:42] C:\Program Files\Fichiers communs\Java
[29/03/2008|14:11] C:\Program Files\Fichiers communs\LogiShrd
[27/02/2008|11:13] C:\Program Files\Fichiers communs\Microsoft Shared
[22/04/2008|17:34] C:\Program Files\Fichiers communs\Motive
[01/01/2004|14:04] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|14:45] C:\Program Files\Fichiers communs\Nullsoft
[18/11/2007|19:19] C:\Program Files\Fichiers communs\Real
[31/12/2004|19:32] C:\Program Files\Fichiers communs\Services
[01/01/2004|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[02/09/2008|11:23] C:\Program Files\Fichiers communs\System
[18/06/2005|13:30] C:\Program Files\Fichiers communs\Ulead Systems
[27/02/2008|11:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 54 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:09:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 525
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9383][D:1828]-> C:\DOCUME~1\journal\LOCALS~1\Temp
[F:332][D:0]-> C:\DOCUME~1\journal\Cookies
[F:627][D:4]-> C:\DOCUME~1\journal\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 24/11/2008|18:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24/11/2008|20:11 - Option : [2]
--------------------\\ Fin du rapport a 20:11:38
Citation :
"ok je l'ai pas grarde mais pas grave sa le fait plus par contre ma cousqine son pc rame voila un rapport hijack si tu peu m'aider"************************************************************
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 24/11/2008|20:07 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Boob Byte.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\For Cake.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Ooze slow.exe
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsd314.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nse40E.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsf31D.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsi53E.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nsp320.tmp
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\nss32E.tmp
Supprime! - C:\DOCUME~1\journal\Cookies\journal@advertstream[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@www.adserver5[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@adultfriendfinder[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@advertising[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@adin.bigpoint[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@bigpoint[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@fr1.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@banner.casinoking[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@casinoking[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@pacificpoker[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@partygaming.122.2o7[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@partypoker[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@vegas-millions[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@www.lop[2].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@www.2xmoinscher[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@888[1].txt
Supprime! - C:\DOCUME~1\journal\Cookies\journal@888[3].txt
Supprime! - C:\DOCUME~1\journal\LOCALS~1\Temp\bis3E5.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Supprime! - C:\Program Files\Viewpoint
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[28/10/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/01/2004|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[31/08/2006|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[24/11/2008|18:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[01/01/2004|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[01/01/2004|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[29/03/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[25/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[08/08/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/02/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/12/2004|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/05/2005|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/02/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[08/08/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/06/2005|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2004|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2004|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[05/12/2004|16:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[09/02/2005|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[07/05/2007|14:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/12/2004|17:53] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[20/02/2005|15:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Intervideo
[16/12/2004|18:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[28/11/2004|10:56] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[30/07/2006|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[27/02/2005|18:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft Web Folders
[05/12/2004|19:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Motive
[01/01/2004|18:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[16/12/2004|18:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
[17/01/2005|18:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[18/06/2005|13:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
[06/09/2008|16:50] C:\DOCUME~1\journal\APPLIC~1\Adobe
[25/12/2006|01:36] C:\DOCUME~1\journal\APPLIC~1\AdobeUM
[09/11/2005|12:47] C:\DOCUME~1\journal\APPLIC~1\Alive! Jigsaw
[25/02/2007|14:18] C:\DOCUME~1\journal\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\journal\APPLIC~1\Apple Computer
[21/03/2008|21:05] C:\DOCUME~1\journal\APPLIC~1\Google
[24/08/2005|09:44] C:\DOCUME~1\journal\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\journal\APPLIC~1\Identities
[06/11/2005|10:36] C:\DOCUME~1\journal\APPLIC~1\InstallShield
[20/08/2005|11:19] C:\DOCUME~1\journal\APPLIC~1\Intervideo
[11/10/2006|20:48] C:\DOCUME~1\journal\APPLIC~1\Leadertech
[15/11/2008|12:22] C:\DOCUME~1\journal\APPLIC~1\LimeWire
[14/01/2007|11:55] C:\DOCUME~1\journal\APPLIC~1\Macromedia
[08/08/2007|13:01] C:\DOCUME~1\journal\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\journal\APPLIC~1\Motive
[30/08/2008|10:50] C:\DOCUME~1\journal\APPLIC~1\Mozilla
[23/11/2008|15:13] C:\DOCUME~1\journal\APPLIC~1\OpenOffice.org2
[18/11/2007|19:19] C:\DOCUME~1\journal\APPLIC~1\Real
[01/01/2004|18:12] C:\DOCUME~1\journal\APPLIC~1\SampleView
[18/09/2005|18:39] C:\DOCUME~1\journal\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\journal\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\journal\APPLIC~1\Symantec
[20/07/2008|21:30] C:\DOCUME~1\journal\APPLIC~1\the send type
[07/11/2006|18:41] C:\DOCUME~1\journal\APPLIC~1\Ulead Systems
[17/02/2008|15:39] C:\DOCUME~1\journal\APPLIC~1\vlc
[21/03/2007|14:47] C:\DOCUME~1\journal\APPLIC~1\You've Got Pictures Screensaver
[09/08/2007|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2004|14:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[31/08/2008|15:51] C:\DOCUME~1\SANDRI~1\APPLIC~1\Adobe
[01/04/2007|09:40] C:\DOCUME~1\SANDRI~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\SANDRI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\SANDRI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\SANDRI~1\APPLIC~1\Intervideo
[13/08/2007|11:33] C:\DOCUME~1\SANDRI~1\APPLIC~1\Macromedia
[17/04/2008|11:27] C:\DOCUME~1\SANDRI~1\APPLIC~1\Microsoft
[17/06/2008|15:54] C:\DOCUME~1\SANDRI~1\APPLIC~1\Motive
[13/08/2007|11:28] C:\DOCUME~1\SANDRI~1\APPLIC~1\Mozilla
[01/01/2004|18:12] C:\DOCUME~1\SANDRI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\SANDRI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\SANDRI~1\APPLIC~1\Symantec
[31/08/2008|15:00] C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[24/11/2008 18:44][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102268630.job
[05/08/2004 11:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[01/01/2004 21:08][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[24/11/2008 18:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[06/11/2005|11:55] C:\Program Files\123 Free Puzzle
[28/10/2008|19:08] C:\Program Files\Adobe
[18/11/2007|19:20] C:\Program Files\AirStrike3D DEMO
[09/11/2005|12:48] C:\Program Files\All Ages Software
[08/08/2007|13:50] C:\Program Files\Alwil Software
[29/01/2006|18:10] C:\Program Files\Anuman Interactive
[18/11/2007|19:18] C:\Program Files\AOL 9.0
[18/11/2007|19:18] C:\Program Files\Blastorama Demo
[18/11/2007|11:16] C:\Program Files\BoundAround_Demo
[09/07/2007|20:19] C:\Program Files\Boxen 2 DEMO
[18/11/2007|11:16] C:\Program Files\BrickShooter Jr
[18/11/2007|19:19] C:\Program Files\Brossard
[26/11/2006|15:52] C:\Program Files\Bubble Frenzy
[25/12/2004|13:50] C:\Program Files\Canon
[18/11/2007|19:18] C:\Program Files\Car Thief
[18/11/2007|19:20] C:\Program Files\Controle Parental
[18/11/2007|19:16] C:\Program Files\Controle Parental(3)
[18/11/2007|19:03] C:\Program Files\Controle Parental(4)
[18/11/2007|11:16] C:\Program Files\cw3d
[28/11/2006|19:35] C:\Program Files\DigiFUN
[25/08/2008|11:35] C:\Program Files\directx
[18/11/2007|19:18] C:\Program Files\DreamQuest
[06/11/2005|19:08] C:\Program Files\EA GAMES
[08/08/2007|15:55] C:\Program Files\Easy Internet signup
[09/07/2007|20:11] C:\Program Files\EduProfix
[18/11/2007|19:18] C:\Program Files\ElastoMania111
[18/11/2007|19:17] C:\Program Files\Fashion Cents
[31/08/2006|12:56] C:\Program Files\FaxTools
[25/08/2008|11:37] C:\Program Files\Fichiers communs
[31/01/2006|19:20] C:\Program Files\Firaxis Games
[18/11/2007|19:20] C:\Program Files\GALLIMARD
[28/10/2008|19:11] C:\Program Files\Google
[11/11/2007|11:30] C:\Program Files\GrayMatter Innovations
[01/01/2004|17:57] C:\Program Files\Help and Support Additions
[01/01/2004|15:51] C:\Program Files\Hewlett-Packard
[25/01/2006|14:12] C:\Program Files\Homebrew Software
[01/01/2004|17:25] C:\Program Files\HP
[21/02/2008|15:11] C:\Program Files\id Software
[23/03/2008|12:37] C:\Program Files\IncrediMail
[18/11/2007|19:21] C:\Program Files\InetGet2
[19/01/2008|11:33] C:\Program Files\Insider
[28/10/2008|19:15] C:\Program Files\InstallShield Installation Information
[28/10/2008|19:14] C:\Program Files\InterActual
[02/09/2008|11:28] C:\Program Files\Internet Explorer
[07/08/2007|19:50] C:\Program Files\Inventel
[02/09/2008|11:07] C:\Program Files\Java
[23/03/2008|12:35] C:\Program Files\Jeune Styliste
[23/03/2008|12:36] C:\Program Files\Jeune Styliste 2
[18/11/2007|19:18] C:\Program Files\Jollyware
[18/11/2007|19:19] C:\Program Files\JrVetDemo
[23/03/2008|12:36] C:\Program Files\JS FashionMaker
[25/11/2006|14:55] C:\Program Files\Leeds Learning Color and Shapes
[22/11/2008|11:06] C:\Program Files\Lexmark X1100 Series
[19/09/2008|19:03] C:\Program Files\LimeWire
[29/03/2008|13:56] C:\Program Files\Logitech
[19/08/2007|20:40] C:\Program Files\Macrogaming
[06/11/2005|13:36] C:\Program Files\Maxis
[02/09/2008|11:35] C:\Program Files\Messenger
[22/12/2007|11:57] C:\Program Files\Messenger Plus! Live
[06/11/2005|19:28] C:\Program Files\Micro Application
[31/12/2004|15:23] C:\Program Files\Microsoft AutoRoute
[28/02/2008|13:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/11/2007|19:16] C:\Program Files\Microsoft Encarta
[01/01/2004|14:06] C:\Program Files\microsoft frontpage
[31/12/2004|15:22] C:\Program Files\Microsoft Money
[27/02/2005|18:41] C:\Program Files\Microsoft Office
[23/08/2007|22:03] C:\Program Files\Microsoft Picture It! 9
[31/12/2004|15:18] C:\Program Files\Microsoft Works
[28/12/2004|20:20] C:\Program Files\Microsoft Works Suite 2004
[02/09/2008|11:28] C:\Program Files\Movie Maker
[24/11/2008|18:39] C:\Program Files\Mozilla Firefox
[30/07/2006|12:54] C:\Program Files\MP3 Player Utilities
[25/11/2006|18:41] C:\Program Files\mpegable AVI
[26/08/2005|17:52] C:\Program Files\MSN
[01/01/2004|14:03] C:\Program Files\MSN Gaming Zone
[27/02/2008|11:15] C:\Program Files\MSN Messenger
[18/11/2007|19:19] C:\Program Files\MSXML 4.0
[23/03/2008|12:32] C:\Program Files\Musicmatch
[28/11/2006|19:32] C:\Program Files\MyABCD
[02/09/2008|11:24] C:\Program Files\NetMeeting
[01/01/2004|14:03] C:\Program Files\Online Services
[25/08/2007|13:40] C:\Program Files\OpenOffice.org 2.0
[22/04/2008|17:35] C:\Program Files\Orange
[22/04/2008|17:29] C:\Program Files\OrangeHSS
[03/09/2008|10:24] C:\Program Files\Outlook Express
[01/01/2004|17:58] C:\Program Files\PC-Doctor for Windows
[10/02/2007|17:31] C:\Program Files\Personal Strip Poker
[18/11/2007|19:16] C:\Program Files\QuickTime
[18/11/2007|19:19] C:\Program Files\Quiz
[21/03/2007|14:44] C:\Program Files\Real
[25/01/2006|14:15] C:\Program Files\Realore
[18/11/2007|19:18] C:\Program Files\Save
[18/11/2007|20:30] C:\Program Files\Securitoo
[01/01/2004|18:06] C:\Program Files\Services en ligne
[02/01/2004|06:00] C:\Program Files\SiS VGA Utilities V3.59e
[27/02/2005|18:41] C:\Program Files\Snapshot Viewer
[18/11/2007|19:15] C:\Program Files\Solsoft
[08/08/2007|13:29] C:\Program Files\Symantec
[18/11/2007|19:21] C:\Program Files\Temporary
[29/06/2008|20:38] C:\Program Files\the send type
[25/12/2006|01:33] C:\Program Files\Thomson
[18/11/2007|19:18] C:\Program Files\TikGames
[26/03/2005|19:16] C:\Program Files\TLC-Edusoft
[04/01/2007|19:52] C:\Program Files\TLKGAMES
[18/11/2007|11:16] C:\Program Files\Tomato Catcher
[04/01/2007|19:57] C:\Program Files\Trymedia
[18/11/2007|19:20] C:\Program Files\Ulead Systems
[17/02/2008|15:27] C:\Program Files\VideoLAN
[24/11/2008|18:16] C:\Program Files\Wanadoo
[23/07/2008|13:40] C:\Program Files\WhenUSearch
[18/11/2007|19:21] C:\Program Files\WinAble
[27/02/2008|11:11] C:\Program Files\Windows Live
[08/08/2007|20:58] C:\Program Files\Windows Media Connect 2
[02/09/2008|11:23] C:\Program Files\Windows Media Player
[02/09/2008|11:23] C:\Program Files\Windows NT
[01/01/2004|14:06] C:\Program Files\xerox
[28/11/2006|19:37] C:\Program Files\zippy
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[28/10/2008|19:08] C:\Program Files\Fichiers communs\Adobe
[08/08/2007|09:52] C:\Program Files\Fichiers communs\AOL
[21/03/2007|14:52] C:\Program Files\Fichiers communs\aolback
[10/11/2007|19:01] C:\Program Files\Fichiers communs\Carlson
[31/12/2004|15:17] C:\Program Files\Fichiers communs\Designer
[25/08/2008|11:37] C:\Program Files\Fichiers communs\DirectX
[22/04/2008|17:25] C:\Program Files\Fichiers communs\France Telecom
[01/01/2004|15:41] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/01/2004|05:59] C:\Program Files\Fichiers communs\InstallShield
[24/03/2008|13:42] C:\Program Files\Fichiers communs\Java
[29/03/2008|14:11] C:\Program Files\Fichiers communs\LogiShrd
[27/02/2008|11:13] C:\Program Files\Fichiers communs\Microsoft Shared
[22/04/2008|17:34] C:\Program Files\Fichiers communs\Motive
[01/01/2004|14:04] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|14:45] C:\Program Files\Fichiers communs\Nullsoft
[18/11/2007|19:19] C:\Program Files\Fichiers communs\Real
[31/12/2004|19:32] C:\Program Files\Fichiers communs\Services
[01/01/2004|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[02/09/2008|11:23] C:\Program Files\Fichiers communs\System
[18/06/2005|13:30] C:\Program Files\Fichiers communs\Ulead Systems
[27/02/2008|11:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 54 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:09:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 525
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9383][D:1828]-> C:\DOCUME~1\journal\LOCALS~1\Temp
[F:332][D:0]-> C:\DOCUME~1\journal\Cookies
[F:627][D:4]-> C:\DOCUME~1\journal\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 24/11/2008|18:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24/11/2008|20:11 - Option : [2]
--------------------\\ Fin du rapport a 20:11:38
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:01:18, on 25/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10779 bytes
Scan saved at 13:01:18, on 25/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10779 bytes
Re,
Télécharge Toolbar-S&D ([#ff0000]Team IDN[/#ff]) sur ton Bureau.
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré. (C:\TB.txt)
Télécharge Toolbar-S&D ([#ff0000]Team IDN[/#ff]) sur ton Bureau.
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [1] ( 25/11/2008|18:54 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\WinAble
C:\WINDOWS\iun6002.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
"Start Page"="http://home.sweetim.com"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 25/11/2008|19:00 - Option : [1]
-----------\\ Fin du rapport a 19:00:18,14
Citation :
-----------\\ Recherche de Fichiers / Dossiers ...C:\Program Files\WinAble
C:\WINDOWS\iun6002.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
"Start Page"="http://home.sweetim.com"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
tous sa c'est des infections?
-----------\\ ToolBar S&D 1.2.5 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
Option : [2] ( 26/11/2008|21:40 )
-----------\\ SUPPRESSION
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\WinAble
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&..."
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca..."
"Default_Search_URL"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
"Search Page"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo..."
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 25/11/2008|19:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 26/11/2008|21:44 - Option : [2]
-----------\\ Fin du rapport a 21:44:11,14
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:46, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10844 bytes
Scan saved at 19:06:46, on 27/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\WINDOWS\system32\lexpps.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10844 bytes
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Malwarebytes' Anti-Malware 1.30
Database version: 1430
Windows 5.1.2600 Service Pack 3
27/11/2008 22:26:56
mbam-log-2008-11-27 (22-26-56).txt
Scan type: Full Scan (C:\|)
Objects scanned: 181449
Time elapsed: 2 hour(s), 9 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\journal\Local Settings\Temp\camg-77798.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\journal\Local Settings\Temp\MBDownloader_876923.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\b147.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1148.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2\emg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Save\ReadMe.txt (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson\carlton (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary\wininstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\b111.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ossproxy.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
je l'ai fait via l'administrateur c'est pas grave? en tout cas il a trouver 27 objet infecté enfin a toi de me dire merci encore
Database version: 1430
Windows 5.1.2600 Service Pack 3
27/11/2008 22:26:56
mbam-log-2008-11-27 (22-26-56).txt
Scan type: Full Scan (C:\|)
Objects scanned: 181449
Time elapsed: 2 hour(s), 9 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 5
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Carlson (Dialer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Insider (Adware.DnsInsider) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\journal\Local Settings\Temp\camg-77798.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\journal\Local Settings\Temp\MBDownloader_876923.exe (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\WINDOWS\b147.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\mrofinu1148.exe.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2\emg.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Save\ReadMe.txt (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Carlson\carlton (Dialer) -> Quarantined and deleted successfully.
C:\Program Files\Temporary\wininstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe (Adware.PurityScan) -> Quarantined and deleted successfully.
C:\WINDOWS\b111.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b122.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\b128.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ossproxy.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
je l'ai fait via l'administrateur c'est pas grave? en tout cas il a trouver 27 objet infecté enfin a toi de me dire merci encore
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:49:45, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11108 bytes
Scan saved at 17:49:45, on 01/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11108 bytes
euh on va terminer? mais il est toujours aussi lent bon je t'envoie sa merci beaucoup
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 02/12/2008|13:10 )
--------------------\\ Listing des dossiers dans APPLIC~1
[01/01/2004|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[27/11/2008|20:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[01/01/2004|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[28/10/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/01/2004|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/11/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[31/08/2006|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[30/11/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[01/01/2004|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[01/01/2004|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[29/03/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[25/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[27/11/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/08/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/02/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/12/2004|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/05/2005|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/02/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[08/08/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/06/2005|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2004|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2004|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[05/12/2004|16:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[09/02/2005|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[07/05/2007|14:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/12/2004|17:53] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[20/02/2005|15:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Intervideo
[16/12/2004|18:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[28/11/2004|10:56] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[30/07/2006|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[27/02/2005|18:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft Web Folders
[05/12/2004|19:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Motive
[01/01/2004|18:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[16/12/2004|18:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
[17/01/2005|18:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[18/06/2005|13:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
[06/09/2008|16:50] C:\DOCUME~1\journal\APPLIC~1\Adobe
[25/12/2006|01:36] C:\DOCUME~1\journal\APPLIC~1\AdobeUM
[09/11/2005|12:47] C:\DOCUME~1\journal\APPLIC~1\Alive! Jigsaw
[25/02/2007|14:18] C:\DOCUME~1\journal\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\journal\APPLIC~1\Apple Computer
[21/03/2008|21:05] C:\DOCUME~1\journal\APPLIC~1\Google
[24/08/2005|09:44] C:\DOCUME~1\journal\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\journal\APPLIC~1\Identities
[06/11/2005|10:36] C:\DOCUME~1\journal\APPLIC~1\InstallShield
[20/08/2005|11:19] C:\DOCUME~1\journal\APPLIC~1\Intervideo
[11/10/2006|20:48] C:\DOCUME~1\journal\APPLIC~1\Leadertech
[15/11/2008|12:22] C:\DOCUME~1\journal\APPLIC~1\LimeWire
[14/01/2007|11:55] C:\DOCUME~1\journal\APPLIC~1\Macromedia
[27/11/2008|19:49] C:\DOCUME~1\journal\APPLIC~1\Malwarebytes
[08/08/2007|13:01] C:\DOCUME~1\journal\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\journal\APPLIC~1\Motive
[30/08/2008|10:50] C:\DOCUME~1\journal\APPLIC~1\Mozilla
[23/11/2008|15:13] C:\DOCUME~1\journal\APPLIC~1\OpenOffice.org2
[18/11/2007|19:19] C:\DOCUME~1\journal\APPLIC~1\Real
[01/01/2004|18:12] C:\DOCUME~1\journal\APPLIC~1\SampleView
[18/09/2005|18:39] C:\DOCUME~1\journal\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\journal\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\journal\APPLIC~1\Symantec
[20/07/2008|21:30] C:\DOCUME~1\journal\APPLIC~1\the send type
[07/11/2006|18:41] C:\DOCUME~1\journal\APPLIC~1\Ulead Systems
[17/02/2008|15:39] C:\DOCUME~1\journal\APPLIC~1\vlc
[21/03/2007|14:47] C:\DOCUME~1\journal\APPLIC~1\You've Got Pictures Screensaver
[09/08/2007|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2004|14:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[31/08/2008|15:51] C:\DOCUME~1\SANDRI~1\APPLIC~1\Adobe
[01/04/2007|09:40] C:\DOCUME~1\SANDRI~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\SANDRI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\SANDRI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\SANDRI~1\APPLIC~1\Intervideo
[13/08/2007|11:33] C:\DOCUME~1\SANDRI~1\APPLIC~1\Macromedia
[17/04/2008|11:27] C:\DOCUME~1\SANDRI~1\APPLIC~1\Microsoft
[17/06/2008|15:54] C:\DOCUME~1\SANDRI~1\APPLIC~1\Motive
[13/08/2007|11:28] C:\DOCUME~1\SANDRI~1\APPLIC~1\Mozilla
[01/01/2004|18:12] C:\DOCUME~1\SANDRI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\SANDRI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\SANDRI~1\APPLIC~1\Symantec
[31/08/2008|15:00] C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/12/2008 18:44][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102268630.job
[05/08/2004 11:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[01/01/2004 21:08][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[02/12/2008 10:53][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[06/11/2005|11:55] C:\Program Files\123 Free Puzzle
[28/10/2008|19:08] C:\Program Files\Adobe
[18/11/2007|19:20] C:\Program Files\AirStrike3D DEMO
[09/11/2005|12:48] C:\Program Files\All Ages Software
[08/08/2007|13:50] C:\Program Files\Alwil Software
[29/01/2006|18:10] C:\Program Files\Anuman Interactive
[18/11/2007|19:18] C:\Program Files\AOL 9.0
[27/11/2008|19:02] C:\Program Files\Avira
[18/11/2007|19:18] C:\Program Files\Blastorama Demo
[18/11/2007|11:16] C:\Program Files\BoundAround_Demo
[09/07/2007|20:19] C:\Program Files\Boxen 2 DEMO
[18/11/2007|11:16] C:\Program Files\BrickShooter Jr
[18/11/2007|19:19] C:\Program Files\Brossard
[26/11/2006|15:52] C:\Program Files\Bubble Frenzy
[25/12/2004|13:50] C:\Program Files\Canon
[18/11/2007|19:18] C:\Program Files\Car Thief
[18/11/2007|19:20] C:\Program Files\Controle Parental
[18/11/2007|19:16] C:\Program Files\Controle Parental(3)
[18/11/2007|19:03] C:\Program Files\Controle Parental(4)
[18/11/2007|11:16] C:\Program Files\cw3d
[28/11/2006|19:35] C:\Program Files\DigiFUN
[25/08/2008|11:35] C:\Program Files\directx
[18/11/2007|19:18] C:\Program Files\DreamQuest
[06/11/2005|19:08] C:\Program Files\EA GAMES
[08/08/2007|15:55] C:\Program Files\Easy Internet signup
[09/07/2007|20:11] C:\Program Files\EduProfix
[18/11/2007|19:18] C:\Program Files\ElastoMania111
[18/11/2007|19:17] C:\Program Files\Fashion Cents
[31/08/2006|12:56] C:\Program Files\FaxTools
[27/11/2008|22:26] C:\Program Files\Fichiers communs
[31/01/2006|19:20] C:\Program Files\Firaxis Games
[18/11/2007|19:20] C:\Program Files\GALLIMARD
[28/10/2008|19:11] C:\Program Files\Google
[11/11/2007|11:30] C:\Program Files\GrayMatter Innovations
[01/01/2004|17:57] C:\Program Files\Help and Support Additions
[01/01/2004|15:51] C:\Program Files\Hewlett-Packard
[25/01/2006|14:12] C:\Program Files\Homebrew Software
[01/01/2004|17:25] C:\Program Files\HP
[21/02/2008|15:11] C:\Program Files\id Software
[23/03/2008|12:37] C:\Program Files\IncrediMail
[28/10/2008|19:15] C:\Program Files\InstallShield Installation Information
[28/10/2008|19:14] C:\Program Files\InterActual
[02/09/2008|11:28] C:\Program Files\Internet Explorer
[07/08/2007|19:50] C:\Program Files\Inventel
[02/09/2008|11:07] C:\Program Files\Java
[23/03/2008|12:35] C:\Program Files\Jeune Styliste
[23/03/2008|12:36] C:\Program Files\Jeune Styliste 2
[18/11/2007|19:18] C:\Program Files\Jollyware
[18/11/2007|19:19] C:\Program Files\JrVetDemo
[23/03/2008|12:36] C:\Program Files\JS FashionMaker
[25/11/2006|14:55] C:\Program Files\Leeds Learning Color and Shapes
[22/11/2008|11:06] C:\Program Files\Lexmark X1100 Series
[19/09/2008|19:03] C:\Program Files\LimeWire
[29/03/2008|13:56] C:\Program Files\Logitech
[19/08/2007|20:40] C:\Program Files\Macrogaming
[27/11/2008|19:49] C:\Program Files\Malwarebytes' Anti-Malware
[06/11/2005|13:36] C:\Program Files\Maxis
[02/09/2008|11:35] C:\Program Files\Messenger
[22/12/2007|11:57] C:\Program Files\Messenger Plus! Live
[06/11/2005|19:28] C:\Program Files\Micro Application
[31/12/2004|15:23] C:\Program Files\Microsoft AutoRoute
[28/02/2008|13:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/11/2007|19:16] C:\Program Files\Microsoft Encarta
[01/01/2004|14:06] C:\Program Files\microsoft frontpage
[31/12/2004|15:22] C:\Program Files\Microsoft Money
[27/02/2005|18:41] C:\Program Files\Microsoft Office
[23/08/2007|22:03] C:\Program Files\Microsoft Picture It! 9
[31/12/2004|15:18] C:\Program Files\Microsoft Works
[28/12/2004|20:20] C:\Program Files\Microsoft Works Suite 2004
[02/09/2008|11:28] C:\Program Files\Movie Maker
[01/12/2008|17:50] C:\Program Files\Mozilla Firefox
[30/07/2006|12:54] C:\Program Files\MP3 Player Utilities
[25/11/2006|18:41] C:\Program Files\mpegable AVI
[26/08/2005|17:52] C:\Program Files\MSN
[01/01/2004|14:03] C:\Program Files\MSN Gaming Zone
[27/02/2008|11:15] C:\Program Files\MSN Messenger
[18/11/2007|19:19] C:\Program Files\MSXML 4.0
[23/03/2008|12:32] C:\Program Files\Musicmatch
[28/11/2006|19:32] C:\Program Files\MyABCD
[02/09/2008|11:24] C:\Program Files\NetMeeting
[01/01/2004|14:03] C:\Program Files\Online Services
[25/08/2007|13:40] C:\Program Files\OpenOffice.org 2.0
[27/11/2008|22:41] C:\Program Files\Orange
[22/04/2008|17:29] C:\Program Files\OrangeHSS
[03/09/2008|10:24] C:\Program Files\Outlook Express
[01/01/2004|17:58] C:\Program Files\PC-Doctor for Windows
[10/02/2007|17:31] C:\Program Files\Personal Strip Poker
[18/11/2007|19:16] C:\Program Files\QuickTime
[18/11/2007|19:19] C:\Program Files\Quiz
[21/03/2007|14:44] C:\Program Files\Real
[25/01/2006|14:15] C:\Program Files\Realore
[18/11/2007|20:30] C:\Program Files\Securitoo
[01/01/2004|18:06] C:\Program Files\Services en ligne
[02/01/2004|06:00] C:\Program Files\SiS VGA Utilities V3.59e
[27/02/2005|18:41] C:\Program Files\Snapshot Viewer
[18/11/2007|19:15] C:\Program Files\Solsoft
[08/08/2007|13:29] C:\Program Files\Symantec
[29/06/2008|20:38] C:\Program Files\the send type
[25/12/2006|01:33] C:\Program Files\Thomson
[18/11/2007|19:18] C:\Program Files\TikGames
[26/03/2005|19:16] C:\Program Files\TLC-Edusoft
[04/01/2007|19:52] C:\Program Files\TLKGAMES
[18/11/2007|11:16] C:\Program Files\Tomato Catcher
[04/01/2007|19:57] C:\Program Files\Trymedia
[18/11/2007|19:20] C:\Program Files\Ulead Systems
[17/02/2008|15:27] C:\Program Files\VideoLAN
[24/11/2008|18:16] C:\Program Files\Wanadoo
[23/07/2008|13:40] C:\Program Files\WhenUSearch
[27/02/2008|11:11] C:\Program Files\Windows Live
[08/08/2007|20:58] C:\Program Files\Windows Media Connect 2
[02/09/2008|11:23] C:\Program Files\Windows Media Player
[02/09/2008|11:23] C:\Program Files\Windows NT
[01/01/2004|14:06] C:\Program Files\xerox
[28/11/2006|19:37] C:\Program Files\zippy
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[28/10/2008|19:08] C:\Program Files\Fichiers communs\Adobe
[08/08/2007|09:52] C:\Program Files\Fichiers communs\AOL
[21/03/2007|14:52] C:\Program Files\Fichiers communs\aolback
[31/12/2004|15:17] C:\Program Files\Fichiers communs\Designer
[25/08/2008|11:37] C:\Program Files\Fichiers communs\DirectX
[22/04/2008|17:25] C:\Program Files\Fichiers communs\France Telecom
[01/01/2004|15:41] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/01/2004|05:59] C:\Program Files\Fichiers communs\InstallShield
[24/03/2008|13:42] C:\Program Files\Fichiers communs\Java
[29/03/2008|14:11] C:\Program Files\Fichiers communs\LogiShrd
[27/02/2008|11:13] C:\Program Files\Fichiers communs\Microsoft Shared
[22/04/2008|17:34] C:\Program Files\Fichiers communs\Motive
[01/01/2004|14:04] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|14:45] C:\Program Files\Fichiers communs\Nullsoft
[18/11/2007|19:19] C:\Program Files\Fichiers communs\Real
[31/12/2004|19:32] C:\Program Files\Fichiers communs\Services
[01/01/2004|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[02/09/2008|11:23] C:\Program Files\Fichiers communs\System
[18/06/2005|13:30] C:\Program Files\Fichiers communs\Ulead Systems
[27/02/2008|11:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 57 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\journal\Cookies\journal@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 13:12:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 525
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9429][D:1841]-> C:\DOCUME~1\journal\LOCALS~1\Temp
[F:334][D:0]-> C:\DOCUME~1\journal\Cookies
[F:713][D:4]-> C:\DOCUME~1\journal\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 24/11/2008|18:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24/11/2008|20:11 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 02/12/2008|13:15 - Option : [1]
--------------------\\ Fin du rapport a 13:15:22
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 02/12/2008|13:10 )
--------------------\\ Listing des dossiers dans APPLIC~1
[01/01/2004|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[27/11/2008|20:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[01/01/2004|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[28/10/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/01/2004|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/11/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[31/08/2006|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[30/11/2008|13:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[01/01/2004|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[01/01/2004|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[29/03/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[25/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[27/11/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/08/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/02/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/12/2004|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/05/2005|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/02/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[08/08/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/06/2005|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2004|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2004|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[05/12/2004|16:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[09/02/2005|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[07/05/2007|14:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/12/2004|17:53] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[20/02/2005|15:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Intervideo
[16/12/2004|18:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[28/11/2004|10:56] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[30/07/2006|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[27/02/2005|18:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft Web Folders
[05/12/2004|19:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Motive
[01/01/2004|18:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[16/12/2004|18:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
[17/01/2005|18:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[18/06/2005|13:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
[06/09/2008|16:50] C:\DOCUME~1\journal\APPLIC~1\Adobe
[25/12/2006|01:36] C:\DOCUME~1\journal\APPLIC~1\AdobeUM
[09/11/2005|12:47] C:\DOCUME~1\journal\APPLIC~1\Alive! Jigsaw
[25/02/2007|14:18] C:\DOCUME~1\journal\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\journal\APPLIC~1\Apple Computer
[21/03/2008|21:05] C:\DOCUME~1\journal\APPLIC~1\Google
[24/08/2005|09:44] C:\DOCUME~1\journal\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\journal\APPLIC~1\Identities
[06/11/2005|10:36] C:\DOCUME~1\journal\APPLIC~1\InstallShield
[20/08/2005|11:19] C:\DOCUME~1\journal\APPLIC~1\Intervideo
[11/10/2006|20:48] C:\DOCUME~1\journal\APPLIC~1\Leadertech
[15/11/2008|12:22] C:\DOCUME~1\journal\APPLIC~1\LimeWire
[14/01/2007|11:55] C:\DOCUME~1\journal\APPLIC~1\Macromedia
[27/11/2008|19:49] C:\DOCUME~1\journal\APPLIC~1\Malwarebytes
[08/08/2007|13:01] C:\DOCUME~1\journal\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\journal\APPLIC~1\Motive
[30/08/2008|10:50] C:\DOCUME~1\journal\APPLIC~1\Mozilla
[23/11/2008|15:13] C:\DOCUME~1\journal\APPLIC~1\OpenOffice.org2
[18/11/2007|19:19] C:\DOCUME~1\journal\APPLIC~1\Real
[01/01/2004|18:12] C:\DOCUME~1\journal\APPLIC~1\SampleView
[18/09/2005|18:39] C:\DOCUME~1\journal\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\journal\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\journal\APPLIC~1\Symantec
[20/07/2008|21:30] C:\DOCUME~1\journal\APPLIC~1\the send type
[07/11/2006|18:41] C:\DOCUME~1\journal\APPLIC~1\Ulead Systems
[17/02/2008|15:39] C:\DOCUME~1\journal\APPLIC~1\vlc
[21/03/2007|14:47] C:\DOCUME~1\journal\APPLIC~1\You've Got Pictures Screensaver
[09/08/2007|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2004|14:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[31/08/2008|15:51] C:\DOCUME~1\SANDRI~1\APPLIC~1\Adobe
[01/04/2007|09:40] C:\DOCUME~1\SANDRI~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\SANDRI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\SANDRI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\SANDRI~1\APPLIC~1\Intervideo
[13/08/2007|11:33] C:\DOCUME~1\SANDRI~1\APPLIC~1\Macromedia
[17/04/2008|11:27] C:\DOCUME~1\SANDRI~1\APPLIC~1\Microsoft
[17/06/2008|15:54] C:\DOCUME~1\SANDRI~1\APPLIC~1\Motive
[13/08/2007|11:28] C:\DOCUME~1\SANDRI~1\APPLIC~1\Mozilla
[01/01/2004|18:12] C:\DOCUME~1\SANDRI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\SANDRI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\SANDRI~1\APPLIC~1\Symantec
[31/08/2008|15:00] C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/12/2008 18:44][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102268630.job
[05/08/2004 11:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[01/01/2004 21:08][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[02/12/2008 10:53][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[06/11/2005|11:55] C:\Program Files\123 Free Puzzle
[28/10/2008|19:08] C:\Program Files\Adobe
[18/11/2007|19:20] C:\Program Files\AirStrike3D DEMO
[09/11/2005|12:48] C:\Program Files\All Ages Software
[08/08/2007|13:50] C:\Program Files\Alwil Software
[29/01/2006|18:10] C:\Program Files\Anuman Interactive
[18/11/2007|19:18] C:\Program Files\AOL 9.0
[27/11/2008|19:02] C:\Program Files\Avira
[18/11/2007|19:18] C:\Program Files\Blastorama Demo
[18/11/2007|11:16] C:\Program Files\BoundAround_Demo
[09/07/2007|20:19] C:\Program Files\Boxen 2 DEMO
[18/11/2007|11:16] C:\Program Files\BrickShooter Jr
[18/11/2007|19:19] C:\Program Files\Brossard
[26/11/2006|15:52] C:\Program Files\Bubble Frenzy
[25/12/2004|13:50] C:\Program Files\Canon
[18/11/2007|19:18] C:\Program Files\Car Thief
[18/11/2007|19:20] C:\Program Files\Controle Parental
[18/11/2007|19:16] C:\Program Files\Controle Parental(3)
[18/11/2007|19:03] C:\Program Files\Controle Parental(4)
[18/11/2007|11:16] C:\Program Files\cw3d
[28/11/2006|19:35] C:\Program Files\DigiFUN
[25/08/2008|11:35] C:\Program Files\directx
[18/11/2007|19:18] C:\Program Files\DreamQuest
[06/11/2005|19:08] C:\Program Files\EA GAMES
[08/08/2007|15:55] C:\Program Files\Easy Internet signup
[09/07/2007|20:11] C:\Program Files\EduProfix
[18/11/2007|19:18] C:\Program Files\ElastoMania111
[18/11/2007|19:17] C:\Program Files\Fashion Cents
[31/08/2006|12:56] C:\Program Files\FaxTools
[27/11/2008|22:26] C:\Program Files\Fichiers communs
[31/01/2006|19:20] C:\Program Files\Firaxis Games
[18/11/2007|19:20] C:\Program Files\GALLIMARD
[28/10/2008|19:11] C:\Program Files\Google
[11/11/2007|11:30] C:\Program Files\GrayMatter Innovations
[01/01/2004|17:57] C:\Program Files\Help and Support Additions
[01/01/2004|15:51] C:\Program Files\Hewlett-Packard
[25/01/2006|14:12] C:\Program Files\Homebrew Software
[01/01/2004|17:25] C:\Program Files\HP
[21/02/2008|15:11] C:\Program Files\id Software
[23/03/2008|12:37] C:\Program Files\IncrediMail
[28/10/2008|19:15] C:\Program Files\InstallShield Installation Information
[28/10/2008|19:14] C:\Program Files\InterActual
[02/09/2008|11:28] C:\Program Files\Internet Explorer
[07/08/2007|19:50] C:\Program Files\Inventel
[02/09/2008|11:07] C:\Program Files\Java
[23/03/2008|12:35] C:\Program Files\Jeune Styliste
[23/03/2008|12:36] C:\Program Files\Jeune Styliste 2
[18/11/2007|19:18] C:\Program Files\Jollyware
[18/11/2007|19:19] C:\Program Files\JrVetDemo
[23/03/2008|12:36] C:\Program Files\JS FashionMaker
[25/11/2006|14:55] C:\Program Files\Leeds Learning Color and Shapes
[22/11/2008|11:06] C:\Program Files\Lexmark X1100 Series
[19/09/2008|19:03] C:\Program Files\LimeWire
[29/03/2008|13:56] C:\Program Files\Logitech
[19/08/2007|20:40] C:\Program Files\Macrogaming
[27/11/2008|19:49] C:\Program Files\Malwarebytes' Anti-Malware
[06/11/2005|13:36] C:\Program Files\Maxis
[02/09/2008|11:35] C:\Program Files\Messenger
[22/12/2007|11:57] C:\Program Files\Messenger Plus! Live
[06/11/2005|19:28] C:\Program Files\Micro Application
[31/12/2004|15:23] C:\Program Files\Microsoft AutoRoute
[28/02/2008|13:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/11/2007|19:16] C:\Program Files\Microsoft Encarta
[01/01/2004|14:06] C:\Program Files\microsoft frontpage
[31/12/2004|15:22] C:\Program Files\Microsoft Money
[27/02/2005|18:41] C:\Program Files\Microsoft Office
[23/08/2007|22:03] C:\Program Files\Microsoft Picture It! 9
[31/12/2004|15:18] C:\Program Files\Microsoft Works
[28/12/2004|20:20] C:\Program Files\Microsoft Works Suite 2004
[02/09/2008|11:28] C:\Program Files\Movie Maker
[01/12/2008|17:50] C:\Program Files\Mozilla Firefox
[30/07/2006|12:54] C:\Program Files\MP3 Player Utilities
[25/11/2006|18:41] C:\Program Files\mpegable AVI
[26/08/2005|17:52] C:\Program Files\MSN
[01/01/2004|14:03] C:\Program Files\MSN Gaming Zone
[27/02/2008|11:15] C:\Program Files\MSN Messenger
[18/11/2007|19:19] C:\Program Files\MSXML 4.0
[23/03/2008|12:32] C:\Program Files\Musicmatch
[28/11/2006|19:32] C:\Program Files\MyABCD
[02/09/2008|11:24] C:\Program Files\NetMeeting
[01/01/2004|14:03] C:\Program Files\Online Services
[25/08/2007|13:40] C:\Program Files\OpenOffice.org 2.0
[27/11/2008|22:41] C:\Program Files\Orange
[22/04/2008|17:29] C:\Program Files\OrangeHSS
[03/09/2008|10:24] C:\Program Files\Outlook Express
[01/01/2004|17:58] C:\Program Files\PC-Doctor for Windows
[10/02/2007|17:31] C:\Program Files\Personal Strip Poker
[18/11/2007|19:16] C:\Program Files\QuickTime
[18/11/2007|19:19] C:\Program Files\Quiz
[21/03/2007|14:44] C:\Program Files\Real
[25/01/2006|14:15] C:\Program Files\Realore
[18/11/2007|20:30] C:\Program Files\Securitoo
[01/01/2004|18:06] C:\Program Files\Services en ligne
[02/01/2004|06:00] C:\Program Files\SiS VGA Utilities V3.59e
[27/02/2005|18:41] C:\Program Files\Snapshot Viewer
[18/11/2007|19:15] C:\Program Files\Solsoft
[08/08/2007|13:29] C:\Program Files\Symantec
[29/06/2008|20:38] C:\Program Files\the send type
[25/12/2006|01:33] C:\Program Files\Thomson
[18/11/2007|19:18] C:\Program Files\TikGames
[26/03/2005|19:16] C:\Program Files\TLC-Edusoft
[04/01/2007|19:52] C:\Program Files\TLKGAMES
[18/11/2007|11:16] C:\Program Files\Tomato Catcher
[04/01/2007|19:57] C:\Program Files\Trymedia
[18/11/2007|19:20] C:\Program Files\Ulead Systems
[17/02/2008|15:27] C:\Program Files\VideoLAN
[24/11/2008|18:16] C:\Program Files\Wanadoo
[23/07/2008|13:40] C:\Program Files\WhenUSearch
[27/02/2008|11:11] C:\Program Files\Windows Live
[08/08/2007|20:58] C:\Program Files\Windows Media Connect 2
[02/09/2008|11:23] C:\Program Files\Windows Media Player
[02/09/2008|11:23] C:\Program Files\Windows NT
[01/01/2004|14:06] C:\Program Files\xerox
[28/11/2006|19:37] C:\Program Files\zippy
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[28/10/2008|19:08] C:\Program Files\Fichiers communs\Adobe
[08/08/2007|09:52] C:\Program Files\Fichiers communs\AOL
[21/03/2007|14:52] C:\Program Files\Fichiers communs\aolback
[31/12/2004|15:17] C:\Program Files\Fichiers communs\Designer
[25/08/2008|11:37] C:\Program Files\Fichiers communs\DirectX
[22/04/2008|17:25] C:\Program Files\Fichiers communs\France Telecom
[01/01/2004|15:41] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/01/2004|05:59] C:\Program Files\Fichiers communs\InstallShield
[24/03/2008|13:42] C:\Program Files\Fichiers communs\Java
[29/03/2008|14:11] C:\Program Files\Fichiers communs\LogiShrd
[27/02/2008|11:13] C:\Program Files\Fichiers communs\Microsoft Shared
[22/04/2008|17:34] C:\Program Files\Fichiers communs\Motive
[01/01/2004|14:04] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|14:45] C:\Program Files\Fichiers communs\Nullsoft
[18/11/2007|19:19] C:\Program Files\Fichiers communs\Real
[31/12/2004|19:32] C:\Program Files\Fichiers communs\Services
[01/01/2004|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[02/09/2008|11:23] C:\Program Files\Fichiers communs\System
[18/06/2005|13:30] C:\Program Files\Fichiers communs\Ulead Systems
[27/02/2008|11:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 57 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\journal\Cookies\journal@advertising[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 13:12:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 525
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9429][D:1841]-> C:\DOCUME~1\journal\LOCALS~1\Temp
[F:334][D:0]-> C:\DOCUME~1\journal\Cookies
[F:713][D:4]-> C:\DOCUME~1\journal\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 24/11/2008|18:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24/11/2008|20:11 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 02/12/2008|13:15 - Option : [1]
--------------------\\ Fin du rapport a 13:15:22
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Relance Lop S&D.
Choisis cette fois-ci l'option 4 (LopScript). Une page blanche va s'ouvrir, colle (Ctrl+V) le texte précedemment copié.
Ferme cette page, il te sera demandé de l'enregistrer, accepte.
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ![/#f]
Poste le rapport généré (C:\lopR.txt*)
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
* le nom de la partition peut changer
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
C:\Program Files\the send type
C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
C:\DOCUME~1\journal\APPLIC~1\the send type
C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
C:\DOCUME~1\journal\APPLIC~1\the send type
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ![/#f]
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
* le nom de la partition peut changer
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) 3000+ )
BIOS : Rev. 3.11
USER : journal ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:143 Go (Free:109 Go)
D:\ (Local Disk) - FAT32 - Total:5 Go (Free:1 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [4] ( 03/12/2008| 9:51 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
C:\Program Files\the send type
C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
C:\DOCUME~1\journal\APPLIC~1\the send type
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Program Files\the send type
Supprime! - C:\DOCUME~1\SANDRI~1\APPLIC~1\the send type
Supprime! - C:\DOCUME~1\journal\APPLIC~1\the send type
Supprime! - C:\DOCUME~1\journal\Cookies\journal@advertising[2].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[01/01/2004|17:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[27/11/2008|20:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
[01/01/2004|14:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[28/10/2008|19:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[08/08/2007|09:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/01/2004|17:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[27/11/2008|19:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[31/08/2006|12:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[01/12/2008|14:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[01/01/2004|15:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard
[01/01/2004|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo
[29/03/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logishrd
[25/12/2007|15:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[27/11/2008|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[08/08/2007|20:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[27/02/2008|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Motive
[12/12/2004|15:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[17/05/2005|19:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[01/01/2004|14:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[27/02/2005|18:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBT
[08/08/2007|13:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[18/06/2005|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[09/08/2007|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[27/02/2008|11:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[01/01/2004|17:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Intervideo
[11/08/2008|09:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[01/01/2004|14:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[01/01/2004|18:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[05/12/2004|16:37] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Adobe
[09/02/2005|14:05] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AdobeUM
[07/05/2007|14:29] C:\DOCUME~1\HP_PRO~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Apple Computer
[08/12/2004|17:53] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Identities
[20/02/2005|15:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Intervideo
[16/12/2004|18:02] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Leadertech
[28/11/2004|10:56] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Macromedia
[30/07/2006|12:54] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft
[27/02/2005|18:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Microsoft Web Folders
[05/12/2004|19:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Motive
[01/01/2004|18:12] C:\DOCUME~1\HP_PRO~1\APPLIC~1\SampleView
[16/12/2004|18:03] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Symantec
[17/01/2005|18:45] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Template
[18/06/2005|13:40] C:\DOCUME~1\HP_PRO~1\APPLIC~1\Ulead Systems
[06/09/2008|16:50] C:\DOCUME~1\journal\APPLIC~1\Adobe
[25/12/2006|01:36] C:\DOCUME~1\journal\APPLIC~1\AdobeUM
[09/11/2005|12:47] C:\DOCUME~1\journal\APPLIC~1\Alive! Jigsaw
[25/02/2007|14:18] C:\DOCUME~1\journal\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\journal\APPLIC~1\Apple Computer
[21/03/2008|21:05] C:\DOCUME~1\journal\APPLIC~1\Google
[24/08/2005|09:44] C:\DOCUME~1\journal\APPLIC~1\Help
[01/01/2004|14:06] C:\DOCUME~1\journal\APPLIC~1\Identities
[06/11/2005|10:36] C:\DOCUME~1\journal\APPLIC~1\InstallShield
[20/08/2005|11:19] C:\DOCUME~1\journal\APPLIC~1\Intervideo
[11/10/2006|20:48] C:\DOCUME~1\journal\APPLIC~1\Leadertech
[15/11/2008|12:22] C:\DOCUME~1\journal\APPLIC~1\LimeWire
[14/01/2007|11:55] C:\DOCUME~1\journal\APPLIC~1\Macromedia
[27/11/2008|19:49] C:\DOCUME~1\journal\APPLIC~1\Malwarebytes
[08/08/2007|13:01] C:\DOCUME~1\journal\APPLIC~1\Microsoft
[22/04/2008|17:36] C:\DOCUME~1\journal\APPLIC~1\Motive
[30/08/2008|10:50] C:\DOCUME~1\journal\APPLIC~1\Mozilla
[23/11/2008|15:13] C:\DOCUME~1\journal\APPLIC~1\OpenOffice.org2
[18/11/2007|19:19] C:\DOCUME~1\journal\APPLIC~1\Real
[01/01/2004|18:12] C:\DOCUME~1\journal\APPLIC~1\SampleView
[18/09/2005|18:39] C:\DOCUME~1\journal\APPLIC~1\Sonic
[01/01/2004|15:07] C:\DOCUME~1\journal\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\journal\APPLIC~1\Symantec
[07/11/2006|18:41] C:\DOCUME~1\journal\APPLIC~1\Ulead Systems
[17/02/2008|15:39] C:\DOCUME~1\journal\APPLIC~1\vlc
[21/03/2007|14:47] C:\DOCUME~1\journal\APPLIC~1\You've Got Pictures Screensaver
[09/08/2007|10:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[01/01/2004|14:08] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[31/08/2008|15:51] C:\DOCUME~1\SANDRI~1\APPLIC~1\Adobe
[01/04/2007|09:40] C:\DOCUME~1\SANDRI~1\APPLIC~1\AOL
[01/01/2004|17:45] C:\DOCUME~1\SANDRI~1\APPLIC~1\Apple Computer
[01/01/2004|14:06] C:\DOCUME~1\SANDRI~1\APPLIC~1\Identities
[01/01/2004|17:36] C:\DOCUME~1\SANDRI~1\APPLIC~1\Intervideo
[13/08/2007|11:33] C:\DOCUME~1\SANDRI~1\APPLIC~1\Macromedia
[17/04/2008|11:27] C:\DOCUME~1\SANDRI~1\APPLIC~1\Microsoft
[17/06/2008|15:54] C:\DOCUME~1\SANDRI~1\APPLIC~1\Motive
[13/08/2007|11:28] C:\DOCUME~1\SANDRI~1\APPLIC~1\Mozilla
[01/01/2004|18:12] C:\DOCUME~1\SANDRI~1\APPLIC~1\SampleView
[01/01/2004|15:07] C:\DOCUME~1\SANDRI~1\APPLIC~1\Sun
[01/01/2004|21:04] C:\DOCUME~1\SANDRI~1\APPLIC~1\Symantec
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[02/12/2008 18:44][--a------] C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1102268630.job
[05/08/2004 11:00][-rah-----] C:\WINDOWS\tasks\desktop.ini
[01/01/2004 21:08][--a------] C:\WINDOWS\tasks\Symantec NetDetect.job
[03/12/2008 09:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
--------------------\\ Listing des dossiers dans C:\Program Files
[06/11/2005|11:55] C:\Program Files\123 Free Puzzle
[28/10/2008|19:08] C:\Program Files\Adobe
[18/11/2007|19:20] C:\Program Files\AirStrike3D DEMO
[09/11/2005|12:48] C:\Program Files\All Ages Software
[08/08/2007|13:50] C:\Program Files\Alwil Software
[29/01/2006|18:10] C:\Program Files\Anuman Interactive
[18/11/2007|19:18] C:\Program Files\AOL 9.0
[27/11/2008|19:02] C:\Program Files\Avira
[18/11/2007|19:18] C:\Program Files\Blastorama Demo
[18/11/2007|11:16] C:\Program Files\BoundAround_Demo
[09/07/2007|20:19] C:\Program Files\Boxen 2 DEMO
[18/11/2007|11:16] C:\Program Files\BrickShooter Jr
[18/11/2007|19:19] C:\Program Files\Brossard
[26/11/2006|15:52] C:\Program Files\Bubble Frenzy
[25/12/2004|13:50] C:\Program Files\Canon
[18/11/2007|19:18] C:\Program Files\Car Thief
[18/11/2007|19:20] C:\Program Files\Controle Parental
[18/11/2007|19:16] C:\Program Files\Controle Parental(3)
[18/11/2007|19:03] C:\Program Files\Controle Parental(4)
[18/11/2007|11:16] C:\Program Files\cw3d
[28/11/2006|19:35] C:\Program Files\DigiFUN
[25/08/2008|11:35] C:\Program Files\directx
[18/11/2007|19:18] C:\Program Files\DreamQuest
[06/11/2005|19:08] C:\Program Files\EA GAMES
[08/08/2007|15:55] C:\Program Files\Easy Internet signup
[09/07/2007|20:11] C:\Program Files\EduProfix
[18/11/2007|19:18] C:\Program Files\ElastoMania111
[18/11/2007|19:17] C:\Program Files\Fashion Cents
[31/08/2006|12:56] C:\Program Files\FaxTools
[27/11/2008|22:26] C:\Program Files\Fichiers communs
[31/01/2006|19:20] C:\Program Files\Firaxis Games
[18/11/2007|19:20] C:\Program Files\GALLIMARD
[28/10/2008|19:11] C:\Program Files\Google
[11/11/2007|11:30] C:\Program Files\GrayMatter Innovations
[01/01/2004|17:57] C:\Program Files\Help and Support Additions
[01/01/2004|15:51] C:\Program Files\Hewlett-Packard
[25/01/2006|14:12] C:\Program Files\Homebrew Software
[01/01/2004|17:25] C:\Program Files\HP
[21/02/2008|15:11] C:\Program Files\id Software
[23/03/2008|12:37] C:\Program Files\IncrediMail
[28/10/2008|19:15] C:\Program Files\InstallShield Installation Information
[28/10/2008|19:14] C:\Program Files\InterActual
[02/09/2008|11:28] C:\Program Files\Internet Explorer
[07/08/2007|19:50] C:\Program Files\Inventel
[02/09/2008|11:07] C:\Program Files\Java
[23/03/2008|12:35] C:\Program Files\Jeune Styliste
[23/03/2008|12:36] C:\Program Files\Jeune Styliste 2
[18/11/2007|19:18] C:\Program Files\Jollyware
[18/11/2007|19:19] C:\Program Files\JrVetDemo
[23/03/2008|12:36] C:\Program Files\JS FashionMaker
[25/11/2006|14:55] C:\Program Files\Leeds Learning Color and Shapes
[22/11/2008|11:06] C:\Program Files\Lexmark X1100 Series
[19/09/2008|19:03] C:\Program Files\LimeWire
[29/03/2008|13:56] C:\Program Files\Logitech
[19/08/2007|20:40] C:\Program Files\Macrogaming
[27/11/2008|19:49] C:\Program Files\Malwarebytes' Anti-Malware
[06/11/2005|13:36] C:\Program Files\Maxis
[02/09/2008|11:35] C:\Program Files\Messenger
[22/12/2007|11:57] C:\Program Files\Messenger Plus! Live
[06/11/2005|19:28] C:\Program Files\Micro Application
[31/12/2004|15:23] C:\Program Files\Microsoft AutoRoute
[28/02/2008|13:48] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[18/11/2007|19:16] C:\Program Files\Microsoft Encarta
[01/01/2004|14:06] C:\Program Files\microsoft frontpage
[31/12/2004|15:22] C:\Program Files\Microsoft Money
[27/02/2005|18:41] C:\Program Files\Microsoft Office
[23/08/2007|22:03] C:\Program Files\Microsoft Picture It! 9
[31/12/2004|15:18] C:\Program Files\Microsoft Works
[28/12/2004|20:20] C:\Program Files\Microsoft Works Suite 2004
[02/09/2008|11:28] C:\Program Files\Movie Maker
[03/12/2008|09:45] C:\Program Files\Mozilla Firefox
[30/07/2006|12:54] C:\Program Files\MP3 Player Utilities
[25/11/2006|18:41] C:\Program Files\mpegable AVI
[26/08/2005|17:52] C:\Program Files\MSN
[01/01/2004|14:03] C:\Program Files\MSN Gaming Zone
[27/02/2008|11:15] C:\Program Files\MSN Messenger
[18/11/2007|19:19] C:\Program Files\MSXML 4.0
[23/03/2008|12:32] C:\Program Files\Musicmatch
[28/11/2006|19:32] C:\Program Files\MyABCD
[02/09/2008|11:24] C:\Program Files\NetMeeting
[01/01/2004|14:03] C:\Program Files\Online Services
[25/08/2007|13:40] C:\Program Files\OpenOffice.org 2.0
[27/11/2008|22:41] C:\Program Files\Orange
[22/04/2008|17:29] C:\Program Files\OrangeHSS
[03/09/2008|10:24] C:\Program Files\Outlook Express
[01/01/2004|17:58] C:\Program Files\PC-Doctor for Windows
[10/02/2007|17:31] C:\Program Files\Personal Strip Poker
[18/11/2007|19:16] C:\Program Files\QuickTime
[18/11/2007|19:19] C:\Program Files\Quiz
[21/03/2007|14:44] C:\Program Files\Real
[25/01/2006|14:15] C:\Program Files\Realore
[18/11/2007|20:30] C:\Program Files\Securitoo
[01/01/2004|18:06] C:\Program Files\Services en ligne
[02/01/2004|06:00] C:\Program Files\SiS VGA Utilities V3.59e
[27/02/2005|18:41] C:\Program Files\Snapshot Viewer
[18/11/2007|19:15] C:\Program Files\Solsoft
[08/08/2007|13:29] C:\Program Files\Symantec
[25/12/2006|01:33] C:\Program Files\Thomson
[18/11/2007|19:18] C:\Program Files\TikGames
[26/03/2005|19:16] C:\Program Files\TLC-Edusoft
[04/01/2007|19:52] C:\Program Files\TLKGAMES
[18/11/2007|11:16] C:\Program Files\Tomato Catcher
[04/01/2007|19:57] C:\Program Files\Trymedia
[18/11/2007|19:20] C:\Program Files\Ulead Systems
[17/02/2008|15:27] C:\Program Files\VideoLAN
[24/11/2008|18:16] C:\Program Files\Wanadoo
[23/07/2008|13:40] C:\Program Files\WhenUSearch
[27/02/2008|11:11] C:\Program Files\Windows Live
[08/08/2007|20:58] C:\Program Files\Windows Media Connect 2
[02/09/2008|11:23] C:\Program Files\Windows Media Player
[02/09/2008|11:23] C:\Program Files\Windows NT
[01/01/2004|14:06] C:\Program Files\xerox
[28/11/2006|19:37] C:\Program Files\zippy
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[28/10/2008|19:08] C:\Program Files\Fichiers communs\Adobe
[08/08/2007|09:52] C:\Program Files\Fichiers communs\AOL
[21/03/2007|14:52] C:\Program Files\Fichiers communs\aolback
[31/12/2004|15:17] C:\Program Files\Fichiers communs\Designer
[25/08/2008|11:37] C:\Program Files\Fichiers communs\DirectX
[22/04/2008|17:25] C:\Program Files\Fichiers communs\France Telecom
[01/01/2004|15:41] C:\Program Files\Fichiers communs\Hewlett-Packard
[02/01/2004|05:59] C:\Program Files\Fichiers communs\InstallShield
[24/03/2008|13:42] C:\Program Files\Fichiers communs\Java
[29/03/2008|14:11] C:\Program Files\Fichiers communs\LogiShrd
[27/02/2008|11:13] C:\Program Files\Fichiers communs\Microsoft Shared
[22/04/2008|17:34] C:\Program Files\Fichiers communs\Motive
[01/01/2004|14:04] C:\Program Files\Fichiers communs\MSSoap
[21/03/2007|14:45] C:\Program Files\Fichiers communs\Nullsoft
[18/11/2007|19:19] C:\Program Files\Fichiers communs\Real
[31/12/2004|19:32] C:\Program Files\Fichiers communs\Services
[01/01/2004|14:59] C:\Program Files\Fichiers communs\SpeechEngines
[02/09/2008|11:23] C:\Program Files\Fichiers communs\System
[18/06/2005|13:30] C:\Program Files\Fichiers communs\Ulead Systems
[27/02/2008|11:12] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 56 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 09:56:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 525
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:9434][D:1842]-> C:\DOCUME~1\journal\LOCALS~1\Temp
[F:333][D:0]-> C:\DOCUME~1\journal\Cookies
[F:713][D:4]-> C:\DOCUME~1\journal\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 24/11/2008|18:27 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 24/11/2008|20:11 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 02/12/2008|13:15 - Option : [1]
4 - "C:\Lop SD\LopR_4.txt" - 03/12/2008|10:00 - Option : [4]
--------------------\\ Fin du rapport a 10:00:36
Je sais pas si c'est normal mais quand lop S&D faisais son travail antivir a trouver des trojan j'ai donc choisi l'option delete ais-jr birn fait?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:21:18, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11174 bytes
il fallait que je fasse quoi alors? pour les virus d'antivir?
Scan saved at 13:21:18, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WhenUSearch\Search.exe
C:\Program Files\WhenUSearch\whse.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Orange\LiveAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [Orange_McciTrayApp] C:\Program Files\Orange\LiveAssistant.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Fichiers communs\Motive\McciCMService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 11174 bytes
il fallait que je fasse quoi alors? pour les virus d'antivir?
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
Supprime :
C:\Program Files\Save
C:\Program Files\WhenUSearch
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\WhenUSearch\search.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\WhenUSearch\Search.exe"
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKCU\..\Run: [Onceelse] C:\DOCUME~1\journal\APPLIC~1\THESEN~1\Vc Bolt 16.exe
Supprime :
C:\Program Files\Save
C:\Program Files\WhenUSearch
Salut dit moi en attendant ta réponse j'ai lancer un scan antivir en mode sans échec et je suis a 13 détection je ne sais pas si j'ai bien fait ( sa peu pas lui faire de mal de toute façon) tu voudra le rapport antivir? aussi (il est pas fini encore mais il va pas tarder d'ici 30minutes tu a t'es deux rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:57, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Orange_UninstallTracking] C:\DOCUME~1\journal\LOCALS~1\Temp\IHU2.tmp.exe /uninstalltrackingvendor=Orange
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10320 bytes
***********************************************************
antivir :
Avira AntiVir Personal
Report file date: jeudi 4 décembre 2008 16:42
Scanning for 1073459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: journal
Computer name: NOM-641695C7437
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 09:50:26
ANTIVIR3.VDF : 7.1.0.185 192000 Bytes 04/12/2008 09:50:28
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 27/11/2008 18:07:07
AEGEN.DLL : 8.1.1.6 323955 Bytes 28/11/2008 18:04:54
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 18:04:51
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 4 décembre 2008 16:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '64' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\journal\Local Settings\Temp\sta3E7.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta3EC.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta41B.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta41C.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta424.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta461.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta46E.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta58E.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Mes documents\Ma musique\Shared\je recherche mauss et charly.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Mes documents\Ma musique\Shared\three little birth.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Documents and Settings\sandrine Fel\Local Settings\Temp\sta9A.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Ooze slow.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Lop SD\Backup-Lop\DOCUME~1\journal\LOCALS~1\Temp\bis3E5.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Dance_dec_jpg.zip
[0] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains recognition pattern of the WORM/IrcBot.562688 worm
[DETECTION] Contains recognition pattern of the WORM/IrcBot.562688 worm
[NOTE] The file was deleted!
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
[DETECTION] Is the TR/Agent.49664.J Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: jeudi 4 décembre 2008 18:14
Used time: 1:31:35 Hour(s)
The scan has been done completely.
11122 Scanning directories
469874 Files were scanned
16 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
15 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
469857 Files not concerned
16820 Archives were scanned
5 Warnings
15 Notes
Scan saved at 18:28:57, on 04/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\journal\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&loca...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&lo...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.apple.com/fr/quicktime/buy/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Orange_UninstallTracking] C:\DOCUME~1\journal\LOCALS~1\Temp\IHU2.tmp.exe /uninstalltrackingvendor=Orange
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] "C:\Program Files\ClockSync\Sync.exe" /q
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O15 - Trusted Zone: http://pfttbc.ft.motive.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10320 bytes
***********************************************************
antivir :
Avira AntiVir Personal
Report file date: jeudi 4 décembre 2008 16:42
Scanning for 1073459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: journal
Computer name: NOM-641695C7437
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 09:50:26
ANTIVIR3.VDF : 7.1.0.185 192000 Bytes 04/12/2008 09:50:28
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 07/11/2008 15:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 07/11/2008 15:06:41
AEHELP.DLL : 8.1.2.0 119159 Bytes 27/11/2008 18:07:07
AEGEN.DLL : 8.1.1.6 323955 Bytes 28/11/2008 18:04:54
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 18:04:51
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 4 décembre 2008 16:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '64' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\journal\Local Settings\Temp\sta3E7.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta3EC.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta41B.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta41C.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta424.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta461.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta46E.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Local Settings\Temp\sta58E.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Mes documents\Ma musique\Shared\je recherche mauss et charly.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Documents and Settings\journal\Mes documents\Ma musique\Shared\three little birth.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Documents and Settings\sandrine Fel\Local Settings\Temp\sta9A.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\Frag great bend logo\Ooze slow.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\Lop SD\Backup-Lop\DOCUME~1\journal\LOCALS~1\Temp\bis3E5.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\Dance_dec_jpg.zip
[0] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains recognition pattern of the WORM/IrcBot.562688 worm
[DETECTION] Contains recognition pattern of the WORM/IrcBot.562688 worm
[NOTE] The file was deleted!
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
[DETECTION] Is the TR/Agent.49664.J Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <HP_RECOVERY>
End of the scan: jeudi 4 décembre 2008 18:14
Used time: 1:31:35 Hour(s)
The scan has been done completely.
11122 Scanning directories
469874 Files were scanned
16 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
15 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
469857 Files not concerned
16820 Archives were scanned
5 Warnings
15 Notes
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumNom virus cache fichier resolu
- ForumProcessus invisible. virus resolu
- ForumElimination de virus resolu 2011
- ForumVirus win32 adware resolu
- ForumSystem 32 virus resolu
- ForumProbleme virus resolu
- ForumVirus win32 non valide resolu
- ForumEliminer virus satan resolu
- ForumVirus security protection resolu
- ForumVirus - resolu
- Voir plus
