Aller au contenu

dideul

Membres
  • Compteur de contenus

    26
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français

dideul's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. Bonjour, Depuis quelques jours je n'ai plus de son venant des HP et de la sortie casque. En lieu et place du son j'entends un grésillement. Je ne peux plus accéder au contrôle du volume (icône en bas à droite de l'écran). Merci pour votre aide
  2. Bonjour, Après les dernières recommandations voilà ce qu'il en est! Par contre j'ai plus de son sur l'ordinateur. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:38, on 09/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\msiexec.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10564 bytes
  3. Bonsoir, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:57:06, on 07/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\wanmpsvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\msiexec.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10900 bytes
  4. Et voila le second! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:12:13, on 06/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\Logitech\Video\FxSvr2.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll (file missing) O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 12548 bytes
  5. Voila le premier rapport. C:\Lop SD: trouvé ! C:\HijackThis: trouvé ! C:\Documents and Settings\HLW\Bureau\Lop S&D.lnk: trouvé ! C:\Documents and Settings\HLW\Bureau\LopSD.exe: trouvé ! C:\Documents and Settings\HLW\Menu Démarrer\Programmes\Lop S&D: trouvé ! C:\Documents and Settings\Salima\Bureau\Navilog1.exe: trouvé ! C:\Documents and Settings\Salima\Recent\HijackThis.lnk: trouvé ! C:\HiJackThis\HijackThis.exe: trouvé ! C:\Lop SD\Lop S&D.lnk: trouvé !
  6. Bonsoir, Voila le rapport demandé Avira AntiVir Personal Report file date: samedi 5 juillet 2008 19:03 Scanning for 1378724 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Save mode Username: Salima Computer name: LGPB Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 16:54:17 ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 16:54:19 ANTIVIR3.VDF : 7.0.5.52 2048 Bytes 04/07/2008 16:54:19 Engineversion : 8.1.0.64 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.46 283002 Bytes 05/07/2008 16:54:33 AESCN.DLL : 8.1.0.22 119157 Bytes 05/07/2008 16:54:32 AERDL.DLL : 8.1.0.20 418165 Bytes 05/07/2008 16:54:31 AEPACK.DLL : 8.1.1.6 364918 Bytes 05/07/2008 16:54:30 AEOFFICE.DLL : 8.1.0.20 192891 Bytes 05/07/2008 16:54:28 AEHEUR.DLL : 8.1.0.35 1298806 Bytes 05/07/2008 16:54:27 AEHELP.DLL : 8.1.0.15 115063 Bytes 05/07/2008 16:54:24 AEGEN.DLL : 8.1.0.29 307573 Bytes 05/07/2008 16:54:23 AEEMU.DLL : 8.1.0.6 430451 Bytes 05/07/2008 16:54:21 AECORE.DLL : 8.1.0.32 168311 Bytes 05/07/2008 16:54:20 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 5 juillet 2008 19:03 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '46' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\HLW\Bureau\install_Messenger Live Plus_.exe [DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.CCleaner.A.38 [NOTE] A backup was created as '48e2aaaa.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\Ante amok plus grey.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e3afba.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\link move mfcd.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48ddafb6.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\Maileach.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d8afae.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Documents and Settings\Salima\Application Data\thunkonline\xsyhwbbm.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e8afc1.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Noun 1.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e4b0d4.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ARZ\APPLIC~1\THUNKO~1\auajuxup.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d0b0db.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ARZ\APPLIC~1\THUNKO~1\ceokcytl.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48deb0cc.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\ARZ\APPLIC~1\THUNKO~1\Maileach.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d8b0c9.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\HLW\APPLIC~1\THUNKO~1\Ante amok plus grey.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e3b0d7.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\HLW\APPLIC~1\THUNKO~1\kudwgbcd.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48d3b0df.qua' ( QUARANTINE ) [NOTE] The file was deleted! C:\Lop SD\Backup-Lop\DOCUME~1\HLW\LOCALS~1\Temp\bisDA.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [NOTE] A backup was created as '48e2b0d4.qua' ( QUARANTINE ) [NOTE] The file was deleted! End of the scan: samedi 5 juillet 2008 20:11 Used time: 1:08:42 min The scan has been done completely. 7205 Scanning directories 259174 Files were scanned 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 12 files were deleted 0 files were repaired 12 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 259162 Files not concerned 7626 Archives were scanned 2 Warnings 12 Notes
  7. Rapport escan File C:\Documents and Settings\HLW\Bureau\InternetGameBox_setup.exe infected by "Trojan-Dropper.Win32.Agent.eaf" Virus. Action Taken: File Deleted. File C:\Documents and Settings\Salima\Bureau\ARZ\Bureau\incredimail_install(2).exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\Documents and Settings\Salima\Bureau\ARZ\Bureau\incredimail_install.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\Documents and Settings\Salima\Bureau\Navilog1.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\Lop SD\Backup-Lop\Program Files\Circle Developement\Uninstall.exe infected by "Trojan.Win32.Obfuscated.mt" Virus. Action Taken: File Deleted. File C:\Program Files\MSN Messenger\riched20.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken. File C:\RECYCLER\S-1-5-21-989968666-1554192886-3421028384-1006\Dc11.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\RECYCLER\S-1-5-21-989968666-1554192886-3421028384-1009\Dc154.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP13\A0010965.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ay. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016397.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016398.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016399.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016400.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016401.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016402.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016403.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016406.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016409.exe tagged as not-a-virus:Downloader.Win32.WinFixer.au. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016412.exe infected by "Trojan-Dropper.Win32.Agent.cca" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016413.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bv. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016415.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016416.exe tagged as not-a-virus:AdTool.Win32.MyWebSearch.av. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP16\A0016417.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.aw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP28\A0021898.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002137.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ay. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002138.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002225.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ax. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002228.exe tagged as not-a-virus:Downloader.Win32.WinFixer.au. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002250.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP3\A0002251.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP37\A0023816.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP37\A0023851.exe tagged as not-a-virus:Downloader.Win32.ImLoader.e. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP37\A0023852.exe tagged as not-a-virus:Downloader.Win32.ImLoader.e. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0028799.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0033364.exe tagged as not-a-virus:Downloader.Win32.ImLoader.e. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0046022.exe infected by "Trojan.Win32.Pakes.cpq" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0086053.exe infected by "Trojan.Win32.Obfuscated.mt" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087164.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087438.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087675.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087714.exe infected by "Trojan-Dropper.Win32.Agent.eaf" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP45\A0087716.exe infected by "Trojan.Win32.Obfuscated.mt" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003427.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bv. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003428.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.aw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003432.exe tagged as not-a-virus:AdTool.Win32.MyWebSearch.av. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003433.exe infected by "Trojan-Dropper.Win32.Agent.cca" Virus. Action Taken: File Deleted. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003437.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003438.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003439.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003440.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003441.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003442.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.bw. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003443.exe tagged as not-a-virus:AdWare.Win32.NaviPromo.ao. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP6\A0003446.exe tagged as not-a-virus:Downloader.Win32.ImLoader.c. No Action Taken. File C:\System Volume Information\_restore{CE9C06BC-2DB9-4281-B152-445B8F66E7DC}\RP9\A0006656.exe tagged as not-a-virus:AdWare.Win32.180Solutions.ax. No Action Taken. rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:52:35, on 29/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\APPS\Powercinema\PCMService.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Real\RealPlayer\RealPlay.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\AOL 9.0\aoltray.exe C:\Program Files\FinePixViewer\QuickDCF.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66028 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Club Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.club-internet.fr:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Proxy exit] C:\DOCUME~1\Salima\APPLIC~1\THUNKO~1\Maileach.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe O4 - Global Startup: Exif Launcher.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: &Search - ?p=ZNfox000 O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1150055348671 O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 13062 bytes Bonne soirée
  8. Voilà le rapport du second compte. Clean Navipromo version 3.6.0 commencé le 29/06/2008 à 17:54:48,85 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "HLW" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\HLW\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\HLW\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\HLW\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\HLW\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup absent ! Certificat Electronic-Group absent ! Certificat OOO-Favorit absent ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 29/06/2008 à 17:58:40,74 ***
  9. Bonjour, Voila le Navilog! Est il nécessaire de refaire le scan kaspersky? Merci Clean Navipromo version 3.6.0 commencé le 29/06/2008 à 14:54:14,04 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "Salima" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\WINDOWS\System32" * * Suppression dans "C:\Documents and Settings\Salima\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\HLW\locals~1\applic~1" * * Suppression dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Suppression dossiers dans "C:\WINDOWS" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Suppression dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Salima\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ARZ\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\HLW\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Salima\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ARZ\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\HLW\locals~1\applic~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Suppression dossiers dans "C:\Documents and Settings\Salima\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\ARZ\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\HLW\menudm~1\progra~1" *** *** Suppression dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Salima\locals~1\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\WINDOWS\system32" * * Dans "C:\Documents and Settings\Salima\locals~1\applic~1" * * Dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Dans "C:\DOCUME~1\HLW\locals~1\applic~1" * * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 29/06/2008 à 14:58:27,14 ***
  10. Et de 2! -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Sunday, June 29, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, June 29, 2008 08:40:45 Records in database: 896750 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ Scan statistics: Files scanned: 101447 Threat name: 5 Infected objects: 7 Suspicious objects: 0 Duration of the scan: 01:29:14 File name / Threat name / Threats count C:\Documents and Settings\ARZ\Bureau\incredimail_install(2).exe Infected: not-a-virus:Downloader.Win32.ImLoader.c 1 C:\Documents and Settings\ARZ\Bureau\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c 1 C:\Documents and Settings\ARZ\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.c 1 C:\Documents and Settings\HLW\Bureau\InternetGameBox_setup.exe Infected: Trojan-Dropper.Win32.Agent.eaf 1 C:\Documents and Settings\HLW\Bureau\Navilog1.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Lop SD\Backup-Lop\Program Files\Circle Developement\Uninstall.exe Infected: Trojan.Win32.Obfuscated.mt 1 C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch 1 The selected area was scanned.
  11. Et de 1! Search Navipromo version 3.6.0 commencé le 28/06/2008 à 18:53:37,39 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "HLW" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : layoguemf.exe trouvé ! * Recherche dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** C:\Documents and Settings\HLW\locals~1\Temp\pack.epk trouvé ! C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : bxzdimxcc.dat trouvé ! bxzdimxcc_nav.dat trouvé ! bxzdimxcc_navps.dat trouvé ! qmbtqudmvz.dat trouvé ! qmbtqudmvz_nav.dat trouvé ! qmbtqudmvz_navps.dat trouvé ! wyvyau.dat trouvé ! wyvyau_nav.dat trouvé ! wyvyau_navps.dat trouvé ! zgczkmit.dat trouvé ! zgczkmit_nav.dat trouvé ! zgczkmit_navps.dat trouvé ! * Dans "C:\Documents and Settings\HLW\locals~1\applic~1" : * Dans "C:\DOCUME~1\ARZ\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 28/06/2008 à 19:09:38,67 ***
  12. Et ceci pour terminé! Search Navipromo version 3.6.0 commencé le 28/06/2008 à 18:53:37,39 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "HLW" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 7.0.5730.11 Système de fichiers : NTFS Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\HLW\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ARZ\menudm~1\progra~1" *** *** Recherche dossiers dans "C:\DOCUME~1\INVIT~1\menudm~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * Fichiers trouvés : layoguemf.exe trouvé ! * Recherche dans "C:\Documents and Settings\HLW\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ARZ\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" * *** Recherche fichiers *** C:\Documents and Settings\HLW\locals~1\Temp\pack.epk trouvé ! C:\WINDOWS\pack.epk trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : bxzdimxcc.dat trouvé ! bxzdimxcc_nav.dat trouvé ! bxzdimxcc_navps.dat trouvé ! qmbtqudmvz.dat trouvé ! qmbtqudmvz_nav.dat trouvé ! qmbtqudmvz_navps.dat trouvé ! wyvyau.dat trouvé ! wyvyau_nav.dat trouvé ! wyvyau_navps.dat trouvé ! zgczkmit.dat trouvé ! zgczkmit_nav.dat trouvé ! zgczkmit_navps.dat trouvé ! * Dans "C:\Documents and Settings\HLW\locals~1\applic~1" : * Dans "C:\DOCUME~1\ARZ\locals~1\applic~1" : * Dans "C:\DOCUME~1\INVIT~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 28/06/2008 à 19:09:38,67 ***
  13. Et voici le second rapport. Merci pour l'interprétation. -----------------------[ Lop S&D 4.2.1-8 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : HLW ] [ "C:\Lop SD" ] [ Selection : 2 ] [ 28/06/2008 | 13:49:39,81 ] [ PC : LGPB ] [ MAJ : 24-06-2008 | 11:00 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Eggs List.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\more htm.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Noun 1.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\auajuxup.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\ceokcytl.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\klkqelkn.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\link move mfcd.exe Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\Maileach.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Ante amok plus grey.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\drueaepe.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\jltefmiu.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\kudwgbcd.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\link move mfcd.exe Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Maileach.exe Supprime! - C:\Program Files\Circle Developement\Uninstall.exe Supprime! - C:\WINDOWS\Prefetch\EGGS LIST.EXE-1E1FF1D9.pf Supprime! - C:\WINDOWS\Prefetch\MORE HTM.EXE-051749D8.pf Supprime! - C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-0291D555.pf Supprime! - C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-28E677C9.pf Supprime! - C:\WINDOWS\Prefetch\MAILEACH.EXE-092B270B.pf Supprime! - C:\WINDOWS\Prefetch\MAILEACH.EXE-28CC7B3F.pf Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@bigpoint[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@casinoking[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@pacificpoker[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@partypoker[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@32vegas[1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@2xmoinscher[2].txt Supprime! - C:\DOCUME~1\HLW\Cookies\[email protected][1].txt Supprime! - C:\DOCUME~1\HLW\Cookies\hlw@888[1].txt Supprime! - C:\WINDOWS\Tasks\A0D12EC391C2A50F.job Supprime! - C:\WINDOWS\Tasks\A58CD070918B489C.job Supprime! - C:\WINDOWS\Tasks\B605D6249BFA474C.job Supprime! - C:\DOCUME~1\HLW\LOCALS~1\Temp\bisDA.exe Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load Supprime! - C:\DOCUME~1\ARZ\APPLIC~1\thunko~1 Supprime! - C:\DOCUME~1\HLW\APPLIC~1\thunko~1 Supprime! - C:\Program Files\thunko~1 Supprime! - C:\Program Files\Circle Developement RestaurÚ! - Fichier Hosts //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Supprime! - C:\Program Files\Viewpoint Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans APPLIC~1 ]------------ [10/01/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/01/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [30/08/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [29/03/2007|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [04/03/2007|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [02/11/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt [25/02/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [15/06/2008|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [12/04/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2 [09/01/2008|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [04/09/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [27/06/2008|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [10/01/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [03/03/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [12/04/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [28/06/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [30/10/2006|17:38] C:\DOCUME~1\ARZ\APPLIC~1\Adobe [15/04/2007|15:19] C:\DOCUME~1\ARZ\APPLIC~1\AdobeUM [12/11/2006|20:20] C:\DOCUME~1\ARZ\APPLIC~1\AOL [05/09/2006|03:00] C:\DOCUME~1\ARZ\APPLIC~1\Canon [30/08/2006|22:29] C:\DOCUME~1\ARZ\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ARZ\APPLIC~1\desktop.ini [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Identities [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Leadertech [03/02/2007|13:38] C:\DOCUME~1\ARZ\APPLIC~1\Macromedia [18/03/2007|12:36] C:\DOCUME~1\ARZ\APPLIC~1\Microsoft [03/02/2007|13:33] C:\DOCUME~1\ARZ\APPLIC~1\Mozilla [24/03/2008|17:58] C:\DOCUME~1\ARZ\APPLIC~1\MSNInstaller [03/09/2006|22:53] C:\DOCUME~1\ARZ\APPLIC~1\OD2 [20/06/2008|17:54] C:\DOCUME~1\ARZ\APPLIC~1\OpenOffice.org2 [05/09/2006|03:36] C:\DOCUME~1\ARZ\APPLIC~1\ScanSoft [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Skype [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Sonic [28/06/2007|09:52] C:\DOCUME~1\ARZ\APPLIC~1\Sun [30/03/2008|14:48] C:\DOCUME~1\ARZ\APPLIC~1\Template [26/10/2007|19:20] C:\DOCUME~1\ARZ\APPLIC~1\Windows Desktop Search [09/06/2006|03:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Skype [20/01/2008|15:31] C:\DOCUME~1\HLW\APPLIC~1\Adobe [04/03/2007|14:55] C:\DOCUME~1\HLW\APPLIC~1\AdobeUM [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\AOL [11/06/2008|15:01] C:\DOCUME~1\HLW\APPLIC~1\Canon [12/11/2006|17:29] C:\DOCUME~1\HLW\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\HLW\APPLIC~1\desktop.ini [28/01/2008|21:52] C:\DOCUME~1\HLW\APPLIC~1\FUJIFILM [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Identities [04/03/2007|14:47] C:\DOCUME~1\HLW\APPLIC~1\Macromedia [25/10/2007|19:52] C:\DOCUME~1\HLW\APPLIC~1\Microsoft [09/02/2007|20:04] C:\DOCUME~1\HLW\APPLIC~1\Mozilla [01/10/2006|21:51] C:\DOCUME~1\HLW\APPLIC~1\OD2 [28/06/2008|12:44] C:\DOCUME~1\HLW\APPLIC~1\OpenOffice.org2 [14/10/2007|13:20] C:\DOCUME~1\HLW\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Skype [27/07/2007|12:08] C:\DOCUME~1\HLW\APPLIC~1\Sun [24/09/2006|12:01] C:\DOCUME~1\HLW\APPLIC~1\Template [19/03/2007|01:06] C:\DOCUME~1\HLW\APPLIC~1\vlc [27/10/2007|10:31] C:\DOCUME~1\HLW\APPLIC~1\Windows Desktop Search [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\You've Got Pictures Screensaver [14/04/2007|16:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe [13/11/2006|21:34] C:\DOCUME~1\INVIT~1\APPLIC~1\AOL [23/09/2006|10:42] C:\DOCUME~1\INVIT~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities [14/04/2007|14:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [02/01/2008|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [14/04/2007|14:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla [23/09/2006|10:34] C:\DOCUME~1\INVIT~1\APPLIC~1\OD2 [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Skype [26/10/2007|17:08] C:\DOCUME~1\INVIT~1\APPLIC~1\Windows Desktop Search [25/10/2007|19:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [25/10/2007|19:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [28/06/2008 13:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [02/03/2006 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini [28/06/2008 01:31][--ah-----] C:\WINDOWS\tasks\SA.DAT ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [21/06/2006|11:56] C:\Program Files\Adobe [10/01/2007|19:07] C:\Program Files\Alwil Software [19/01/2008|21:25] C:\Program Files\AOL [09/01/2008|21:58] C:\Program Files\AOL 9.0 [09/01/2008|21:57] C:\Program Files\AOL Compagnon [30/08/2006|23:23] C:\Program Files\ArcSoft [06/10/2007|20:02] C:\Program Files\Auralog [21/06/2006|11:56] C:\Program Files\AvRack [09/01/2008|21:55] C:\Program Files\Canon [27/06/2008|23:16] C:\Program Files\CCleaner [09/01/2008|21:58] C:\Program Files\ComPlus Applications [09/01/2008|21:58] C:\Program Files\CVitae [09/01/2008|21:58] C:\Program Files\CyberLink [26/05/2008|00:37] C:\Program Files\DivX [09/01/2008|21:58] C:\Program Files\eMule [21/03/2007|22:12] C:\Program Files\EZFace [09/01/2008|15:34] C:\Program Files\Fichiers communs [26/05/2008|00:37] C:\Program Files\FinePixViewer [04/01/2007|17:30] C:\Program Files\GIMP-2.0 [24/03/2008|17:57] C:\Program Files\IncrediMail [09/01/2008|15:33] C:\Program Files\InstallShield Installation Information [09/01/2008|21:58] C:\Program Files\Internet Explorer [04/12/2007|21:48] C:\Program Files\Java [30/08/2006|13:10] C:\Program Files\Larousse [12/11/2006|19:40] C:\Program Files\Learn2.com [09/01/2008|15:33] C:\Program Files\Logitech [09/01/2008|21:58] C:\Program Files\LogMeIn [23/09/2006|10:58] C:\Program Files\Matroska Pack [26/05/2008|00:37] C:\Program Files\Messenger [10/05/2007|20:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [21/06/2006|11:57] C:\Program Files\microsoft frontpage [25/10/2007|19:43] C:\Program Files\Microsoft SQL Server Compact Edition [26/05/2008|00:37] C:\Program Files\Microsoft Works [11/01/2007|21:49] C:\Program Files\Mindscape [21/06/2006|11:57] C:\Program Files\Movie Maker [28/06/2008|12:45] C:\Program Files\Mozilla Firefox [24/03/2008|17:58] C:\Program Files\MSN [21/06/2006|11:43] C:\Program Files\MSN Gaming Zone [25/02/2008|20:11] C:\Program Files\MSN Messenger [09/01/2008|21:58] C:\Program Files\MSXML 4.0 [21/06/2006|11:43] C:\Program Files\Music Manager [21/06/2006|11:43] C:\Program Files\NetMeeting [28/12/2006|23:19] C:\Program Files\Neuf [21/06/2006|11:43] C:\Program Files\NVIDIA Corporation [21/06/2006|11:44] C:\Program Files\Online Services [04/01/2007|17:06] C:\Program Files\OpenOffice.org 2.0 [27/01/2008|21:53] C:\Program Files\Outlook Express [30/09/2006|17:16] C:\Program Files\PIXELA [11/09/2006|20:16] C:\Program Files\QuickTime [12/11/2006|19:39] C:\Program Files\Real [21/06/2006|11:44] C:\Program Files\Realtek AC97 [09/01/2008|21:58] C:\Program Files\Realtek Sound Manager [09/01/2008|21:58] C:\Program Files\RegCleaner [30/09/2006|17:13] C:\Program Files\REGSHAVE [10/08/2007|20:00] C:\Program Files\Samsung [30/08/2006|23:25] C:\Program Files\ScanSoft [21/06/2006|11:44] C:\Program Files\Services en ligne [21/06/2006|11:44] C:\Program Files\Sonic [10/01/2007|18:49] C:\Program Files\spybot [20/10/2007|13:53] C:\Program Files\Spybot - Search & Destroy [25/03/2008|20:01] C:\Program Files\Symantec [31/08/2006|18:27] C:\Program Files\TI Education [17/09/2006|20:43] C:\Program Files\Ubi Soft [17/09/2006|20:52] C:\Program Files\Ubi Soft Entertainment [09/01/2008|21:58] C:\Program Files\Uninstall Information [27/10/2007|13:43] C:\Program Files\Veoh Networks [04/01/2007|17:21] C:\Program Files\VideoLAN [24/09/2006|11:12] C:\Program Files\Warcraft III Demo [09/01/2008|21:58] C:\Program Files\Winamp [25/10/2007|19:43] C:\Program Files\Windows Desktop Search [30/11/2007|14:50] C:\Program Files\Windows Live [30/11/2007|14:49] C:\Program Files\Windows Live Favorites [04/01/2008|19:10] C:\Program Files\Windows Live Toolbar [28/03/2007|20:07] C:\Program Files\Windows Media Connect 2 [09/01/2008|22:03] C:\Program Files\Windows Media Player [21/06/2006|11:44] C:\Program Files\Windows NT [21/06/2006|11:44] C:\Program Files\xerox [27/06/2008|23:15] C:\Program Files\Yahoo! [11/09/2006|22:44] C:\Program Files\Yeti Studios ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [21/06/2006|11:56] C:\Program Files\Fichiers communs\Adobe [19/01/2008|21:25] C:\Program Files\Fichiers communs\AOL [04/01/2008|18:40] C:\Program Files\Fichiers communs\aolshare [09/01/2008|21:58] C:\Program Files\Fichiers communs\GTK [21/06/2006|11:56] C:\Program Files\Fichiers communs\InstallShield [21/06/2006|11:56] C:\Program Files\Fichiers communs\Java [09/01/2008|15:34] C:\Program Files\Fichiers communs\Logitech [28/11/2007|22:10] C:\Program Files\Fichiers communs\Microsoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\MSSoap [12/11/2006|19:39] C:\Program Files\Fichiers communs\Nullsoft [09/01/2008|21:58] C:\Program Files\Fichiers communs\ODBC [12/11/2006|19:39] C:\Program Files\Fichiers communs\Real [05/09/2006|03:13] C:\Program Files\Fichiers communs\ScanSoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\Services [21/06/2006|11:56] C:\Program Files\Fichiers communs\Sonic Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\SpeechEngines [21/06/2006|11:56] C:\Program Files\Fichiers communs\SureThing Shared [24/03/2008|17:58] C:\Program Files\Fichiers communs\Symantec Shared [14/06/2007|18:35] C:\Program Files\Fichiers communs\System [31/08/2006|17:59] C:\Program Files\Fichiers communs\TI Shared [21/06/2006|11:57] C:\Program Files\Fichiers communs\TiVo Shared [09/01/2008|21:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller ---------------------------[ Process ]-------------------------- ... 56 ... OK ! ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- Aucun fichier / dossier Lop trouvé ! ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 13:50:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\DOCUME~1\HLW\LOCALS~1\Temp\pack.epk C:\WINDOWS\pack.epk C:\WINDOWS\system32\bxzdimxcc_navps.dat C:\WINDOWS\system32\qmbtqudmvz_navps.dat C:\WINDOWS\system32\wyvyau_navps.dat C:\WINDOWS\system32\zgczkmit_navps.dat C:\WINDOWS\system32\bxzdimxcc_nav.dat C:\WINDOWS\system32\bxzdimxcc.dat C:\WINDOWS\system32\qmbtqudmvz_nav.dat C:\WINDOWS\system32\qmbtqudmvz.dat C:\WINDOWS\system32\wyvyau_nav.dat C:\WINDOWS\system32\wyvyau.dat C:\WINDOWS\system32\zgczkmit_nav.dat C:\WINDOWS\system32\zgczkmit.dat ! EGDACCESS ! => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.au => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.idx => C:\Documents and Settings\HLW\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw [F:2401][D:106]-> C:\DOCUME~1\HLW\LOCALS~1\Temp [F:371][D:0]-> C:\DOCUME~1\HLW\Cookies [F:29268][D:53]-> C:\DOCUME~1\HLW\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 13:52:29,32 ]----------------------
  14. Voilà le premier rapport! -----------------------[ Lop S&D 4.2.1-8 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : HLW ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 28/06/2008 | 13:41:12,46 ] [ PC : LGPB ] [ MAJ : 24-06-2008 | 11:00 ] -------------[ Listing des dossiers dans Application Data ]------------ [10/01/2007|22:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/01/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL [30/08/2006|23:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ [29/03/2007|19:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [04/03/2007|15:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [02/11/2007|18:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt [25/02/2008|20:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [15/06/2008|15:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [12/04/2007|15:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2 [09/01/2008|15:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [04/09/2006|19:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype [27/06/2008|23:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir [05/09/2006|02:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard [10/01/2007|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [25/06/2008|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load [12/11/2006|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint [21/06/2006|11:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [03/03/2007|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar [12/04/2008|19:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [28/06/2008|01:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion [30/10/2006|17:38] C:\DOCUME~1\ARZ\APPLIC~1\Adobe [15/04/2007|15:19] C:\DOCUME~1\ARZ\APPLIC~1\AdobeUM [12/11/2006|20:20] C:\DOCUME~1\ARZ\APPLIC~1\AOL [05/09/2006|03:00] C:\DOCUME~1\ARZ\APPLIC~1\Canon [30/08/2006|22:29] C:\DOCUME~1\ARZ\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\ARZ\APPLIC~1\desktop.ini [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Identities [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Leadertech [03/02/2007|13:38] C:\DOCUME~1\ARZ\APPLIC~1\Macromedia [18/03/2007|12:36] C:\DOCUME~1\ARZ\APPLIC~1\Microsoft [03/02/2007|13:33] C:\DOCUME~1\ARZ\APPLIC~1\Mozilla [24/03/2008|17:58] C:\DOCUME~1\ARZ\APPLIC~1\MSNInstaller [03/09/2006|22:53] C:\DOCUME~1\ARZ\APPLIC~1\OD2 [20/06/2008|17:54] C:\DOCUME~1\ARZ\APPLIC~1\OpenOffice.org2 [05/09/2006|03:36] C:\DOCUME~1\ARZ\APPLIC~1\ScanSoft [30/08/2006|13:13] C:\DOCUME~1\ARZ\APPLIC~1\Skype [03/09/2006|22:38] C:\DOCUME~1\ARZ\APPLIC~1\Sonic [28/06/2007|09:52] C:\DOCUME~1\ARZ\APPLIC~1\Sun [30/03/2008|14:48] C:\DOCUME~1\ARZ\APPLIC~1\Template [19/06/2008|13:45] C:\DOCUME~1\ARZ\APPLIC~1\thunkonline [26/10/2007|19:20] C:\DOCUME~1\ARZ\APPLIC~1\Windows Desktop Search [09/06/2006|03:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Skype [20/01/2008|15:31] C:\DOCUME~1\HLW\APPLIC~1\Adobe [04/03/2007|14:55] C:\DOCUME~1\HLW\APPLIC~1\AdobeUM [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\AOL [11/06/2008|15:01] C:\DOCUME~1\HLW\APPLIC~1\Canon [12/11/2006|17:29] C:\DOCUME~1\HLW\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\HLW\APPLIC~1\desktop.ini [28/01/2008|21:52] C:\DOCUME~1\HLW\APPLIC~1\FUJIFILM [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Identities [04/03/2007|14:47] C:\DOCUME~1\HLW\APPLIC~1\Macromedia [25/10/2007|19:52] C:\DOCUME~1\HLW\APPLIC~1\Microsoft [09/02/2007|20:04] C:\DOCUME~1\HLW\APPLIC~1\Mozilla [01/10/2006|21:51] C:\DOCUME~1\HLW\APPLIC~1\OD2 [28/06/2008|12:44] C:\DOCUME~1\HLW\APPLIC~1\OpenOffice.org2 [14/10/2007|13:20] C:\DOCUME~1\HLW\APPLIC~1\ScanSoft [21/06/2006|11:51] C:\DOCUME~1\HLW\APPLIC~1\Skype [27/07/2007|12:08] C:\DOCUME~1\HLW\APPLIC~1\Sun [24/09/2006|12:01] C:\DOCUME~1\HLW\APPLIC~1\Template [17/06/2008|12:27] C:\DOCUME~1\HLW\APPLIC~1\thunkonline [19/03/2007|01:06] C:\DOCUME~1\HLW\APPLIC~1\vlc [27/10/2007|10:31] C:\DOCUME~1\HLW\APPLIC~1\Windows Desktop Search [12/11/2006|19:40] C:\DOCUME~1\HLW\APPLIC~1\You've Got Pictures Screensaver [14/04/2007|16:27] C:\DOCUME~1\INVIT~1\APPLIC~1\Adobe [13/11/2006|21:34] C:\DOCUME~1\INVIT~1\APPLIC~1\AOL [23/09/2006|10:42] C:\DOCUME~1\INVIT~1\APPLIC~1\CyberLink [09/06/2006|03:01] C:\DOCUME~1\INVIT~1\APPLIC~1\desktop.ini [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Identities [14/04/2007|14:30] C:\DOCUME~1\INVIT~1\APPLIC~1\Macromedia [02/01/2008|16:13] C:\DOCUME~1\INVIT~1\APPLIC~1\Microsoft [14/04/2007|14:24] C:\DOCUME~1\INVIT~1\APPLIC~1\Mozilla [23/09/2006|10:34] C:\DOCUME~1\INVIT~1\APPLIC~1\OD2 [21/06/2006|11:51] C:\DOCUME~1\INVIT~1\APPLIC~1\Skype [26/10/2007|17:08] C:\DOCUME~1\INVIT~1\APPLIC~1\Windows Desktop Search [25/10/2007|19:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [25/10/2007|19:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [28/06/2008 13:00][--ah-----] C:\WINDOWS\tasks\B605D6249BFA474C.job [28/06/2008 13:00][--ah-----] C:\WINDOWS\tasks\A0D12EC391C2A50F.job [28/06/2008 13:00][--ah-----] C:\WINDOWS\tasks\A58CD070918B489C.job [28/06/2008 13:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [02/03/2006 14:00][-rah-----] C:\WINDOWS\tasks\desktop.ini [28/06/2008 01:31][--ah-----] C:\WINDOWS\tasks\SA.DAT A0D12EC391C2A50F.job <--> c:\docume~1\arz\applic~1\thunko~1\linkmovemfcd.exe A58CD070918B489C.job <--> c:\docume~1\hlw\applic~1\thunko~1\linkmovemfcd.exe B605D6249BFA474C.job <--> c:\docume~1\salima\applic~1\thunko~1\linkmovemfcd.exe ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [21/06/2006|11:56] C:\Program Files\Adobe [10/01/2007|19:07] C:\Program Files\Alwil Software [19/01/2008|21:25] C:\Program Files\AOL [09/01/2008|21:58] C:\Program Files\AOL 9.0 [09/01/2008|21:57] C:\Program Files\AOL Compagnon [30/08/2006|23:23] C:\Program Files\ArcSoft [06/10/2007|20:02] C:\Program Files\Auralog [21/06/2006|11:56] C:\Program Files\AvRack [09/01/2008|21:55] C:\Program Files\Canon [27/06/2008|23:16] C:\Program Files\CCleaner [25/02/2008|20:11] C:\Program Files\Circle Developement [09/01/2008|21:58] C:\Program Files\ComPlus Applications [09/01/2008|21:58] C:\Program Files\CVitae [09/01/2008|21:58] C:\Program Files\CyberLink [26/05/2008|00:37] C:\Program Files\DivX [09/01/2008|21:58] C:\Program Files\eMule [21/03/2007|22:12] C:\Program Files\EZFace [09/01/2008|15:34] C:\Program Files\Fichiers communs [26/05/2008|00:37] C:\Program Files\FinePixViewer [04/01/2007|17:30] C:\Program Files\GIMP-2.0 [24/03/2008|17:57] C:\Program Files\IncrediMail [09/01/2008|15:33] C:\Program Files\InstallShield Installation Information [09/01/2008|21:58] C:\Program Files\Internet Explorer [04/12/2007|21:48] C:\Program Files\Java [30/08/2006|13:10] C:\Program Files\Larousse [12/11/2006|19:40] C:\Program Files\Learn2.com [09/01/2008|15:33] C:\Program Files\Logitech [09/01/2008|21:58] C:\Program Files\LogMeIn [23/09/2006|10:58] C:\Program Files\Matroska Pack [26/05/2008|00:37] C:\Program Files\Messenger [10/05/2007|20:43] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [21/06/2006|11:57] C:\Program Files\microsoft frontpage [25/10/2007|19:43] C:\Program Files\Microsoft SQL Server Compact Edition [26/05/2008|00:37] C:\Program Files\Microsoft Works [11/01/2007|21:49] C:\Program Files\Mindscape [21/06/2006|11:57] C:\Program Files\Movie Maker [28/06/2008|12:45] C:\Program Files\Mozilla Firefox [24/03/2008|17:58] C:\Program Files\MSN [21/06/2006|11:43] C:\Program Files\MSN Gaming Zone [25/02/2008|20:11] C:\Program Files\MSN Messenger [09/01/2008|21:58] C:\Program Files\MSXML 4.0 [21/06/2006|11:43] C:\Program Files\Music Manager [21/06/2006|11:43] C:\Program Files\NetMeeting [28/12/2006|23:19] C:\Program Files\Neuf [21/06/2006|11:43] C:\Program Files\NVIDIA Corporation [21/06/2006|11:44] C:\Program Files\Online Services [04/01/2007|17:06] C:\Program Files\OpenOffice.org 2.0 [27/01/2008|21:53] C:\Program Files\Outlook Express [30/09/2006|17:16] C:\Program Files\PIXELA [11/09/2006|20:16] C:\Program Files\QuickTime [12/11/2006|19:39] C:\Program Files\Real [21/06/2006|11:44] C:\Program Files\Realtek AC97 [09/01/2008|21:58] C:\Program Files\Realtek Sound Manager [09/01/2008|21:58] C:\Program Files\RegCleaner [30/09/2006|17:13] C:\Program Files\REGSHAVE [10/08/2007|20:00] C:\Program Files\Samsung [30/08/2006|23:25] C:\Program Files\ScanSoft [21/06/2006|11:44] C:\Program Files\Services en ligne [21/06/2006|11:44] C:\Program Files\Sonic [10/01/2007|18:49] C:\Program Files\spybot [20/10/2007|13:53] C:\Program Files\Spybot - Search & Destroy [25/03/2008|20:01] C:\Program Files\Symantec [25/06/2008|15:20] C:\Program Files\thunkonline [31/08/2006|18:27] C:\Program Files\TI Education [17/09/2006|20:43] C:\Program Files\Ubi Soft [17/09/2006|20:52] C:\Program Files\Ubi Soft Entertainment [09/01/2008|21:58] C:\Program Files\Uninstall Information [27/10/2007|13:43] C:\Program Files\Veoh Networks [04/01/2007|17:21] C:\Program Files\VideoLAN [12/11/2006|19:40] C:\Program Files\Viewpoint [24/09/2006|11:12] C:\Program Files\Warcraft III Demo [09/01/2008|21:58] C:\Program Files\Winamp [25/10/2007|19:43] C:\Program Files\Windows Desktop Search [30/11/2007|14:50] C:\Program Files\Windows Live [30/11/2007|14:49] C:\Program Files\Windows Live Favorites [04/01/2008|19:10] C:\Program Files\Windows Live Toolbar [28/03/2007|20:07] C:\Program Files\Windows Media Connect 2 [09/01/2008|22:03] C:\Program Files\Windows Media Player [21/06/2006|11:44] C:\Program Files\Windows NT [21/06/2006|11:44] C:\Program Files\xerox [27/06/2008|23:15] C:\Program Files\Yahoo! [11/09/2006|22:44] C:\Program Files\Yeti Studios ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [21/06/2006|11:56] C:\Program Files\Fichiers communs\Adobe [19/01/2008|21:25] C:\Program Files\Fichiers communs\AOL [04/01/2008|18:40] C:\Program Files\Fichiers communs\aolshare [09/01/2008|21:58] C:\Program Files\Fichiers communs\GTK [21/06/2006|11:56] C:\Program Files\Fichiers communs\InstallShield [21/06/2006|11:56] C:\Program Files\Fichiers communs\Java [09/01/2008|15:34] C:\Program Files\Fichiers communs\Logitech [28/11/2007|22:10] C:\Program Files\Fichiers communs\Microsoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\MSSoap [12/11/2006|19:39] C:\Program Files\Fichiers communs\Nullsoft [09/01/2008|21:58] C:\Program Files\Fichiers communs\ODBC [12/11/2006|19:39] C:\Program Files\Fichiers communs\Real [05/09/2006|03:13] C:\Program Files\Fichiers communs\ScanSoft Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\Services [21/06/2006|11:56] C:\Program Files\Fichiers communs\Sonic Shared [21/06/2006|11:56] C:\Program Files\Fichiers communs\SpeechEngines [21/06/2006|11:56] C:\Program Files\Fichiers communs\SureThing Shared [24/03/2008|17:58] C:\Program Files\Fichiers communs\Symantec Shared [14/06/2007|18:35] C:\Program Files\Fichiers communs\System [31/08/2006|17:59] C:\Program Files\Fichiers communs\TI Shared [21/06/2006|11:57] C:\Program Files\Fichiers communs\TiVo Shared [09/01/2008|21:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller ---------------------------[ Process ]-------------------------- ... 59 iexplore.exe ~ [2396] iexplore.exe ~ [2712] ----------------------[ Recherche avec S_Lop ]--------------------- C:\DOCUME~1\HLW\LOCALS~1\Temp\bisDA.exe -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Eggs List.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\more htm.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\two setup mode load\Noun 1.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1 C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\auajuxup.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\ceokcytl.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\klkqelkn.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\link move mfcd.exe C:\DOCUME~1\ARZ\APPLIC~1\thunko~1\Maileach.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1 C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Ante amok plus grey.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\drueaepe.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\jltefmiu.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\kudwgbcd.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\link move mfcd.exe C:\DOCUME~1\HLW\APPLIC~1\thunko~1\Maileach.exe C:\Program Files\thunko~1 C:\Program Files\Circle Developement C:\Program Files\Circle Developement\Uninstall.exe C:\WINDOWS\Prefetch\EGGS LIST.EXE-1E1FF1D9.pf C:\WINDOWS\Prefetch\MORE HTM.EXE-051749D8.pf C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-0291D555.pf C:\WINDOWS\Prefetch\LINK MOVE MFCD.EXE-28E677C9.pf C:\WINDOWS\Prefetch\MAILEACH.EXE-092B270B.pf C:\WINDOWS\Prefetch\MAILEACH.EXE-28CC7B3F.pf C:\DOCUME~1\HLW\Cookies\[email protected][1].txt C:\DOCUME~1\HLW\Cookies\[email protected][1].txt C:\DOCUME~1\HLW\Cookies\hlw@bigpoint[1].txt C:\DOCUME~1\HLW\Cookies\[email protected][1].txt C:\DOCUME~1\HLW\Cookies\[email protected][2].txt C:\DOCUME~1\HLW\Cookies\hlw@casinoking[1].txt C:\DOCUME~1\HLW\Cookies\[email protected][2].txt C:\DOCUME~1\HLW\Cookies\hlw@cotedazurpalace[1].txt C:\DOCUME~1\HLW\Cookies\[email protected][2].txt C:\DOCUME~1\HLW\Cookies\hlw@pacificpoker[2].txt C:\DOCUME~1\HLW\Cookies\[email protected][1].txt C:\DOCUME~1\HLW\Cookies\hlw@partypoker[1].txt C:\DOCUME~1\HLW\Cookies\[email protected][1].txt C:\DOCUME~1\HLW\Cookies\hlw@32vegas[1].txt C:\DOCUME~1\HLW\Cookies\[email protected][2].txt C:\DOCUME~1\HLW\Cookies\hlw@2xmoinscher[2].txt C:\DOCUME~1\HLW\Cookies\[email protected][1].txt C:\DOCUME~1\HLW\Cookies\hlw@888[1].txt C:\WINDOWS\Tasks\A0D12EC391C2A50F.job C:\WINDOWS\Tasks\A58CD070918B489C.job C:\WINDOWS\Tasks\B605D6249BFA474C.job ----------------------[ Verification du Registre ]---------------------- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\Eggs List.exe" "Proxy exit"="C:\\DOCUME~1\\HLW\\APPLIC~1\\THUNKO~1\\Maileach.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mode Load Mpeg Less"="C:\\Documents and Settings\\All Users\\Application Data\\two setup mode load\\more htm.exe" --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts MODIFIE 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD -> 72 ( 70 ## added by CiD ) /!\ 1 Not 127.0.0.1 !! ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-28 13:42:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\DOCUME~1\HLW\LOCALS~1\Temp\pack.epk C:\WINDOWS\pack.epk C:\WINDOWS\system32\bxzdimxcc_navps.dat C:\WINDOWS\system32\qmbtqudmvz_navps.dat C:\WINDOWS\system32\wyvyau_navps.dat C:\WINDOWS\system32\zgczkmit_navps.dat C:\WINDOWS\system32\bxzdimxcc_nav.dat C:\WINDOWS\system32\bxzdimxcc.dat C:\WINDOWS\system32\qmbtqudmvz_nav.dat C:\WINDOWS\system32\qmbtqudmvz.dat C:\WINDOWS\system32\wyvyau_nav.dat C:\WINDOWS\system32\wyvyau.dat C:\WINDOWS\system32\zgczkmit_nav.dat C:\WINDOWS\system32\zgczkmit.dat ! EGDACCESS ! => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.au => C:\Documents and Settings\HLW\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\crack.au-1d48f49a-6173d3b8.idx => C:\Documents and Settings\HLW\Local Settings\Temp\IncrediMail\IMInstall\Contents\Sound\tchaikovsky_the_nutcracker.imw [F:2402][D:106]-> C:\DOCUME~1\HLW\LOCALS~1\Temp [F:388][D:0]-> C:\DOCUME~1\HLW\Cookies [F:29268][D:53]-> C:\DOCUME~1\HLW\LOCALS~1\TEMPOR~1\content.IE5 --------------------[ Fin du rapport a 13:45:30,75 ]----------------------
×
×
  • Créer...