[resolu]fenetres intenmestives CID

[papydani]

Bonjour,

 

J'ai recupéré un ordi qui été utilisé par le fils d'un ami, qui naviguait sur internet avec un logiciel anti-virus desactivé, ca existe! resultat infecté de tous côtés, j'ai réussi à nettoyer les virus (Cheveaux de troies, trojan etc...) mais je n'arrive pas a enlever les fenêtres publicitaires CID qui s'ouvrent intempestivement lorsque je me connecte sur internet, malgres avoir l'utilisation de Adware, Spibot, avaast, et avoir desintallé les logiciels douteux genre msn plus. Merci de bien vouloir m'aider à regler ce probleme.

je joint le fichier log Hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:33:01, on 03/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\dllhost.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Logitech\Video\AlbumDB2.exe

K:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1D99459F-01D3-458B-9ECB-FFB0B140085A} - (no file)

O2 - BHO: (no name) - {36609165-04FB-472F-ADC2-398B0EB74172} - (no file)

O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {A18A7DCC-3C31-4104-8559-427511A869CC} - (no file)

O2 - BHO: (no name) - {e67bae70-f0d7-40d6-aff9-dc5d386d0986} - (no file)

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF\Itch Program.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147193716437

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 8226 bytes

[angelique]

• relance HJT " do a system scan only" , coche uniquement les lignes ci dessous et clic fixchecked::

 

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {1D99459F-01D3-458B-9ECB-FFB0B140085A} - (no file)

O2 - BHO: (no name) - {36609165-04FB-472F-ADC2-398B0EB74172} - (no file)

O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {A18A7DCC-3C31-4104-8559-427511A869CC} - (no file)

O2 - BHO: (no name) - {e67bae70-f0d7-40d6-aff9-dc5d386d0986} - (no file)

O4 - HKLM\..\Run: [Jugs Surf Inter Media] C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF\Itch Program.exe

O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

 

• suis ce tuto et poste les 2 rapports générées par l'option 1 & 2 avec un nouveau rapport HJT

 

http://eric.71.mespages.googlepages.com/lop.sd.exe

[papydani]

Voici les rapports generes

 

j'ai écrasé le rapport 1 lorsque j'ai enregistré l'option 2

 

 

-----------------------------[ Lop S&D 4.0.3 ]---------------------------

 

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]

[ USER : serge esteban ] [ "K:\Lop SD" ]

[ 03/03/2008 | 15:42:50,56 ] [ PC : SN202259320001 ]

[ MAJ : 02-03-2008 | 20:16 ]

 

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

Supprimé! - C:\Program Files\Need2Find

 

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

 

 

-------------[ Listing des dossiers dans Application Data ]------------

 

 

 

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

 

[03/03/2008 11:07][--ah-----] C:\WINDOWS\tasks\MP Scheduled Scan.job

[03/03/2008 11:04][--ah-----] C:\WINDOWS\tasks\SA.DAT

[30/08/2002 12:00][-rah-c---] C:\WINDOWS\tasks\desktop.ini

 

---------------[ Listing des dossiers dans C:\Program Files ]--------------

 

[03/03/2008|15:42] C:\Program Files\.

[03/03/2008|15:42] C:\Program Files\..

[07/01/2008|13:54] C:\Program Files\Alwil Software

[19/02/2008|10:50] C:\Program Files\Ankama Games

[17/07/2007|12:41] C:\Program Files\Atari

[13/08/2007|17:21] C:\Program Files\CCleaner

[05/11/2007|11:33] C:\Program Files\Common Files

[11/03/2006|17:21] C:\Program Files\CyberLink

[22/04/2007|20:58] C:\Program Files\Disney Imagineering

[18/12/2007|22:47] C:\Program Files\Dofus

[14/03/2006|17:57] C:\Program Files\Elaborate Bytes

[01/03/2008|21:09] C:\Program Files\Fichiers communs

[16/02/2008|18:19] C:\Program Files\GlobalWaveBait

[02/03/2008|20:34] C:\Program Files\Google

[11/03/2006|09:53] C:\Program Files\Hewlett-Packard

[13/02/2008|07:16] C:\Program Files\Insider

[15/12/2007|20:44] C:\Program Files\InstallShield Installation Information

[02/03/2008|20:37] C:\Program Files\Internet Explorer

[16/03/2006|19:40] C:\Program Files\Inventel

[25/11/2007|15:36] C:\Program Files\Java

[13/08/2007|15:44] C:\Program Files\Kazaa

[26/12/2007|19:45] C:\Program Files\Kodak

[23/03/2007|13:01] C:\Program Files\Lavasoft

[27/07/2006|21:43] C:\Program Files\Logitech

[05/11/2007|11:50] C:\Program Files\Magic Workstation

[14/03/2007|23:25] C:\Program Files\Messenger

[10/05/2007|20:16] C:\Program Files\Microsoft CAPICOM 2.1.0.2

[09/06/2006|13:44] C:\Program Files\microsoft frontpage

[07/01/2008|17:49] C:\Program Files\Microsoft Games

[03/06/2007|10:03] C:\Program Files\Microsoft Office

[03/06/2007|02:43] C:\Program Files\Microsoft SQL Server

[03/06/2007|10:03] C:\Program Files\Microsoft Visual Studio 8

[11/03/2006|17:23] C:\Program Files\Microsoft Works

[01/06/2007|23:22] C:\Program Files\Microsoft.NET

[01/07/2006|07:06] C:\Program Files\Movie Maker

[02/03/2008|20:36] C:\Program Files\Mozilla Firefox

[11/03/2006|17:23] C:\Program Files\MSN

[11/11/2006|18:21] C:\Program Files\MSN Apps

[11/03/2006|17:21] C:\Program Files\MSN Gaming Zone

[02/03/2008|20:33] C:\Program Files\MSN Messenger

[01/11/2007|10:03] C:\Program Files\MSXML 4.0

[03/06/2007|02:18] C:\Program Files\MSXML 6.0

[22/04/2007|20:55] C:\Program Files\n3w

[02/03/2008|20:33] C:\Program Files\Navilog1

[11/04/2007|18:53] C:\Program Files\Neffy

[01/07/2006|07:00] C:\Program Files\NetMeeting

[01/03/2008|21:10] C:\Program Files\Outerinfo

[14/06/2007|02:05] C:\Program Files\Outlook Express

[11/03/2006|09:14] C:\Program Files\Panda Software

[29/03/2006|19:49] C:\Program Files\Play at Joe's

[26/12/2007|20:05] C:\Program Files\QuickTime

[11/03/2006|17:21] C:\Program Files\Real

[04/11/2007|09:20] C:\Program Files\Samsung

[11/03/2006|17:23] C:\Program Files\Services en ligne

[12/04/2007|20:20] C:\Program Files\Shareaza

[13/08/2007|15:52] C:\Program Files\Slayers Online

[11/03/2006|17:21] C:\Program Files\Sonic

[07/01/2008|14:08] C:\Program Files\S?mantec

[12/11/2007|14:24] C:\Program Files\Temporary

[04/02/2007|14:47] C:\Program Files\Tetrix XP

[11/03/2006|17:21] C:\Program Files\Uninstall Information

[09/01/2008|20:39] C:\Program Files\Valve

[03/03/2008|11:06] C:\Program Files\Wanadoo

[12/11/2007|14:20] C:\Program Files\WinAble

[02/03/2008|20:34] C:\Program Files\Windows Defender

[02/03/2008|20:34] C:\Program Files\Windows Live Safety Center

[02/03/2008|20:33] C:\Program Files\Windows Live Toolbar

[16/04/2007|16:56] C:\Program Files\Windows Media Connect 2

[16/04/2007|16:56] C:\Program Files\Windows Media Player

[01/07/2006|07:00] C:\Program Files\Windows NT

[17/03/2006|17:31] C:\Program Files\WindowsUpdate

[22/03/2007|12:37] C:\Program Files\WinRAR

[11/03/2006|17:21] C:\Program Files\xerox

[29/05/2007|17:56] C:\Program Files\Xvid

[02/03/2008|20:36] C:\Program Files\Yahoo!

 

------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------

 

[01/03/2008|21:09] C:\Program Files\Fichiers communs\.

[01/03/2008|21:09] C:\Program Files\Fichiers communs\..

[29/07/2007|10:17] C:\Program Files\Fichiers communs\Adobe

[13/01/2008|09:12] C:\Program Files\Fichiers communs\Blizzard Entertainment

[09/06/2006|13:45] C:\Program Files\Fichiers communs\Designer

[16/03/2006|19:41] C:\Program Files\Fichiers communs\FDEUnInstaller.exe

[11/03/2006|09:51] C:\Program Files\Fichiers communs\Hewlett-Packard

[12/04/2007|09:41] C:\Program Files\Fichiers communs\InstallShield

[08/05/2007|12:33] C:\Program Files\Fichiers communs\Java

[26/12/2007|19:37] C:\Program Files\Fichiers communs\Kodak

[27/07/2006|21:44] C:\Program Files\Fichiers communs\Logitech

[03/06/2007|10:03] C:\Program Files\Fichiers communs\Microsoft Shared

[11/03/2006|17:21] C:\Program Files\Fichiers communs\MSSoap

[11/03/2006|17:21] C:\Program Files\Fichiers communs\ODBC

[03/04/2007|19:53] C:\Program Files\Fichiers communs\Panda Software

[17/07/2007|12:54] C:\Program Files\Fichiers communs\PocketSoft

[11/03/2006|17:21] C:\Program Files\Fichiers communs\Real

[11/03/2006|17:22] C:\Program Files\Fichiers communs\Services

[11/03/2006|17:21] C:\Program Files\Fichiers communs\SpeechEngines

[19/09/2007|21:13] C:\Program Files\Fichiers communs\SureThing Shared

[14/06/2007|02:05] C:\Program Files\Fichiers communs\System

[11/03/2006|17:21] C:\Program Files\Fichiers communs\xing shared

 

----------------------[ Recherche avec S_Lop ]---------------------

 

Aucun fichier / dossier Lop trouvé !

 

-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

 

Aucun fichier / dossier Lop trouvé !

 

----------------------[ Verification du Registre ]----------------------

 

 

 

 

Rapport HJT

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:38:50, on 03/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\dllhost.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\explorer.exe

K:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...wlscbase370.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147193716437

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 7205 bytes

[angelique]

• relance HJT "do a system scan only" , coche et clic fixchecked:

 

O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe

 

• Télécharger OTMoveIt2 par OldTimer.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

 

* Enregistrer ce fichier sur le Bureau.

* Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Standard List of Files/Folders to Move" (sous la barre bleu clair) puis choisir Coller.

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

EmptyTemp

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste Custom List Of Files/Patterns To Move" (sous la barre jaune) puis choisir Coller.

* Cliquer sur le bouton rouge Moveit!.

* Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

* Fermer OTMoveIt2

 

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

 

• desinstalle avast pour antivir :

 

http://forum.malekal.com/ftopic4192.php

 

effectue un scan avec et poste le rapport

[papydani]

voici les derniers resultats

 

 

C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1 moved successfully.

[Custom Input]

< EmptyTemp >

File delete failed. C:\DOCUME~1\SERGEE~1\LOCALS~1\Temp\~DF79DE.tmp scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_594.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9d8.dat scheduled to be deleted on reboot.

File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

 

OTMoveIt2 v1.0.20 log created on 03032008_165703

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: lundi 3 mars 2008 17:31

 

Scanning for 1131710 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: SN202259320001

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:26:51

ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 16:26:51

ANTIVIR3.VDF : 7.0.2.225 154112 Bytes 03/03/2008 16:26:51

AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 03/03/2008 16:26:52

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/03/2008 16:26:52

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: F:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 3 mars 2008 17:31

 

Starting search for hidden objects.

'56500' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'Watch.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned

Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned

Scan process 'snmp.exe' - '1' Module(s) have been scanned

Scan process 'slserv.exe' - '1' Module(s) have been scanned

Scan process 'locator.exe' - '1' Module(s) have been scanned

Scan process 'sqlservr.exe' - '1' Module(s) have been scanned

Scan process 'msdtc.exe' - '1' Module(s) have been scanned

Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'netdde.exe' - '1' Module(s) have been scanned

Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned

Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned

Scan process 'PollingModule.exe' - '1' Module(s) have been scanned

Scan process 'Inactivity.exe' - '1' Module(s) have been scanned

Scan process 'Toaster.exe' - '1' Module(s) have been scanned

Scan process 'ComComp.exe' - '1' Module(s) have been scanned

Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned

Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'LogiTray.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'QTTask.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

51 processes with 51 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '22' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <HDD>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48312c01.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48312c0d.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LocusSoftwareBestsellerAntivirus57.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '482f2c0a.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\LocusSoftwareBestsellerAntivirus58.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '482f2c0b.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48352c09.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48352c0a.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure14.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48452c0d.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpywareSecure9.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48452c0e.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '483a2c08.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48462c00.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[iNFO] The file was moved to '48462c01.qua'!

C:\Documents and Settings\serge esteban\Application Data\SurfAccuracy\SAccU.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '482f2c02.qua'!

C:\Documents and Settings\serge esteban\Mes documents\Downloads\(C0NFUSED) java samsung e950 (full) (Full).zip

[0] Archive type: ZIP

--> Setup.exe

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.30498

[iNFO] The file was moved to '47fc2c58.qua'!

C:\Documents and Settings\serge esteban\Mes documents\Serge ESTEBAN\setup.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '48402d45.qua'!

C:\Program Files\Navilog1\Backupnavi\ohycraa.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '4845314f.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP563\A0373210.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '47ff3181.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP567\A0382275.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '47ff318a.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP578\A0415486.exe

[DETECTION] Is the Trojan horse TR/Obfusgen.A.5406

[iNFO] The file was moved to '480031ac.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP578\A0415488.exe

[DETECTION] Is the Trojan horse TR/Small.247808

[iNFO] The file was moved to '49a0b4f5.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP593\A0463136.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '480031e3.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501320.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '480131f6.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501327.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '49a1b4af.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501330.dll

[DETECTION] Is the Trojan horse TR/Spy.Vundo.79937

[iNFO] The file was moved to '480131f7.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501333.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '49a1b4a0.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501335.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '480131f8.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501336.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRR

[iNFO] The file was moved to '49a1b4a1.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501346.dll

[DETECTION] Is the Trojan horse TR/Vundo.DVA.1

[iNFO] The file was moved to '480131fa.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501352.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b4a3.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501355.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '480131f9.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501357.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b4a2.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501360.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '480131fb.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501361.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b4a4.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501366.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '480131fc.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501367.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b4a5.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501370.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '480131fe.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501377.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '480131fd.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501392.dll

[DETECTION] Is the Trojan horse TR/Vundo.BT

[iNFO] The file was moved to '49a1b4a6.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501398.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '480131ff.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501399.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b4a7.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501400.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '480131f0.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501405.dll

[DETECTION] Is the Trojan horse TR/Virtumonde.C

[iNFO] The file was moved to '49a1b4a9.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501406.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b758.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501407.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '48013201.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501408.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b75a.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501409.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '48013203.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501410.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '480131f2.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501414.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '49a1b4ab.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501416.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '480131f4.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501421.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b4ad.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501428.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b75c.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501431.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '48013205.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501432.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b75e.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501435.dll

[DETECTION] Is the Trojan horse TR/Vundo.dvc.3

[iNFO] The file was moved to '48013200.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501437.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b759.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501438.dll

[DETECTION] Is the Trojan horse TR/Vundo.dvc.3

[iNFO] The file was moved to '48013202.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501441.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '49a1b75b.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501443.dll

[DETECTION] Is the Trojan horse TR/Vundo.dvc.3

[iNFO] The file was moved to '48013207.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501444.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b750.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501446.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '48013209.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501447.dll

[DETECTION] Is the Trojan horse TR/Virtumonde.C

[iNFO] The file was moved to '49a1b752.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501448.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '48013204.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501449.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b75d.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501450.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '48013206.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501453.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b75f.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501454.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4801320b.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501457.dll

[DETECTION] Is the Trojan horse TR/Vundo.dvc.3

[iNFO] The file was moved to '49a1b754.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501462.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '4801320d.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501466.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '48013238.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501469.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '49a1b761.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501476.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '4801323a.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501477.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b763.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501480.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRK

[iNFO] The file was moved to '49a1b756.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501483.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '4801320f.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501490.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b748.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501493.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '4801323c.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501494.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '49a1b765.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501497.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '4801323e.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501504.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '49a1b767.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501508.dll

[DETECTION] Is the Trojan horse TR/Vundo.DQE

[iNFO] The file was moved to '48013211.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501510.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '49a1b74a.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501512.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUO

[iNFO] The file was moved to '48013213.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501513.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b74c.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501517.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUO

[iNFO] The file was moved to '48013208.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501519.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '49a1b751.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501520.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRR

[iNFO] The file was moved to '4801320a.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501523.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '48013215.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501525.dll

[DETECTION] Is the Trojan horse TR/Vundo.DUP

[iNFO] The file was moved to '49a1b74e.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501526.dll

[DETECTION] Is the Trojan horse TR/Vundo.Gen

[iNFO] The file was moved to '48013217.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501535.dll

[DETECTION] Is the Trojan horse TR/Vundo.DSE

[iNFO] The file was moved to '49a1b740.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501537.dll

[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen

[iNFO] The file was moved to '49a1b753.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501547.dll

[DETECTION] Is the Trojan horse TR/Vundo.DRT

[iNFO] The file was moved to '4801320c.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0501552.dll

[DETECTION] Is the Trojan horse TR/BHO.aby

[iNFO] The file was moved to '49a1b755.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0502677.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '4801325a.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP599\A0502679.exe

[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1

[iNFO] The file was moved to '49a1b703.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP600\A0502698.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '4801325c.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP601\A0502767.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '4801325f.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP607\A0503744.exe

[DETECTION] Is the Trojan horse TR/Agent.142336.B

[iNFO] The file was moved to '4801327d.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP607\A0503745.exe

[DETECTION] Contains suspicious code HEUR/Malware

[iNFO] The file was moved to '49a1b726.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP609\A0503926.exe

[DETECTION] Is the Trojan horse TR/Obfusgen.A.5368

[iNFO] The file was moved to '48013284.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP609\A0503927.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[iNFO] The file was moved to '49a1b7dd.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0504100.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '48013289.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP613\A0504531.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '4801329b.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP613\A0505228.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '480132b2.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP614\A0505368.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '480132b6.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP614\A0506065.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '480132cb.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP615\A0506322.exe

[DETECTION] Is the Trojan horse TR/Agent.33792.B

[iNFO] The file was moved to '480132cf.qua'!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP615\A0506323.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[iNFO] The file was moved to '480132d0.qua'!

C:\_OTMoveIt\MovedFiles3032008_165703\DOCUME~1\SERGEE~1\APPLIC~1\GlobalWaveBait\wipestorechin.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[iNFO] The file was moved to '483c36b7.qua'!

C:\_OTMoveIt\MovedFiles3032008_165703\DOCUME~1\SERGEE~1\APPLIC~1\GlobalWaveBait\wlxuuigb.exe

[DETECTION] Is the Trojan horse TR/Obfusgen.A.5356

[iNFO] The file was moved to '484436bb.qua'!

C:\_OTMoveIt\MovedFiles3032008_165703\DOCUME~1\SERGEE~1\APPLIC~1\GlobalWaveBait\wzviwxaf.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[iNFO] The file was moved to '484236c9.qua'!

Begin scan in 'F:\' <RESTDONE>

 

 

End of the scan: lundi 3 mars 2008 18:33

Used time: 1:01:23 min

 

The scan has been done completely.

 

6965 Scanning directories

337439 Files were scanned

98 viruses and/or unwanted programs were found

12 Files were classified as suspicious:

0 files were deleted

0 files were repaired

110 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

337341 Files not concerned

7550 Archives were scanned

2 Warnings

0 Notes

56500 Objects were scanned with rootkit scan

0 Hidden objects were found

[angelique]

bien

 

• vide la quarantaine d'antivir, la quarantaine de spybot, et le dossier en gras : C:\_OTMoveIt

 

• telecharge sur ton bureau::

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, clic ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

• Télécharge ewido anti-spyware micro scanner sur ton bureau.

• Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  
• Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  
• Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  
• Clique sur Start Scan et laisse l'outil travailler.
  
• Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  
• Poste le dans ta prochaine réponse.
  

• Nb, clique sur Remove infections
  

• reposte un nouveau rapport HJT avec le rapport ewido Micro_scanner

[papydani]

Les choses se sont améliorées sérieusement.

 

Voici les rapports ewido et HJT

 

 

__________________________________________________

ewido anti-spyware online scanner

http://www.ewido.net

__________________________________________________

 

 

Name: Adware.Generic

Path: HKLM\SOFTWARE\Classes\WR

Risk: Medium

 

Name: Adware.Companion

Path: C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP610\A0503935.exe

Risk: Medium

 

Name: Trojan.Small

Path: C:\WINDOWS\system32\wapisvsu32.exe

Risk: High

 

 

 

 

HJT

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:41:48, on 03/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Apps\Powercinema\PCMService.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\QTTask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\WINDOWS\system32\netdde.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\snmp.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\dllhost.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

K:\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1147193716437

O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.0.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://disteng.nefficient.com/disteng/neff...ffyLauncher.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activ...nfosFinder2.CAB

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing)

O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

 

--

End of file - 7027 bytes

[angelique]

ce truc est revenu:

O4 - HKCU\..\Run: [first the] C:\DOCUME~1\SERGEE~1\APPLIC~1\GLOBAL~1\wipestorechin.exe

 

coche et clic fixchecked avec HJT

 

• Telecharge lopxpMH2 de Lazzzy sur ton bureau.

 

http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

 

Dézippe-le (clic droit -> "Extraire ici") et double clique sur le fichier lopxpMH.bat.

 

Dans ta prochaine réponse, poste :

- le contenu du rapport qui va s'ouvrir

[papydani]

Bonjour,

 

Voici le rapport lopxpmh

 

 

Rapport lopxpMH2 version 2.0 fait à 10:13:32,10 le 04/03/2008

C:\Documents and Settings\serge esteban\Bureau

 

******************************************

## Répertoires Application Data

 

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\All Users\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

23/03/2007 13:11 <REP> Adobe

26/12/2007 19:56 <REP> Apple Computer

03/03/2008 17:22 <REP> Avira

05/12/2007 21:14 <REP> Corel

22/04/2007 20:58 <REP> Disney Imagineering

23/03/2007 12:59 <REP> Google

26/12/2007 18:33 <REP> Kodak

11/03/2006 17:21 <REP> Microsoft

01/06/2007 22:38 <REP> Microsoft Help

17/03/2006 13:49 <REP> MSN6

11/03/2006 17:21 <REP> QuickTime

11/03/2006 17:21 <REP> SBSI

14/11/2007 14:46 <REP> Spybot - Search & Destroy

23/12/2007 20:55 <REP> STORE LESS JUGS SURF

23/03/2007 16:16 <REP> Symantec

15/03/2006 08:49 <REP> Windows Genuine Advantage

11/11/2006 18:24 <REP> Windows Live Toolbar

03/03/2008 17:26 305 addr_file.html

30/09/2002 11:55 62 desktop.ini

11/03/2006 09:48 376 hpzinstall.log

15/12/2007 21:04 0 LauncherAccess.dt

4 fichier(s) 743 octets

19 Rép(s) 109 421 584 384 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\Default User\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 08:47 <REP> Identities

11/03/2006 17:21 <REP> Microsoft

11/03/2006 08:47 <REP> Real

30/09/2002 11:55 62 desktop.ini

1 fichier(s) 62 octets

5 Rép(s) 109 421 572 096 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 08:47 <REP> Microsoft

11/03/2006 08:47 <REP> Powercinema

11/03/2006 08:47 2 652 636 IconCache.db

1 fichier(s) 2 652 636 octets

4 Rép(s) 109 421 572 096 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\LocalService\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 17:21 <REP> Microsoft

0 fichier(s) 0 octets

3 Rép(s) 109 421 572 096 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 17:21 <REP> Microsoft

0 fichier(s) 0 octets

3 Rép(s) 109 421 572 096 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\NetworkService\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 17:21 <REP> Microsoft

23/03/2007 16:30 <REP> Symantec

0 fichier(s) 0 octets

4 Rép(s) 109 421 572 096 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 17:21 <REP> Microsoft

0 fichier(s) 0 octets

3 Rép(s) 109 421 568 000 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\Propriétaire

 

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\serge esteban\Application Data

 

11/03/2006 08:49 <REP> .

11/03/2006 08:49 <REP> ..

13/03/2006 22:24 <REP> Adobe

02/04/2006 15:22 <REP> AdobeUM

17/07/2007 12:57 <REP> Atari

05/12/2007 21:18 <REP> Corel

25/07/2007 17:21 <REP> cs

15/09/2006 14:38 <REP> CyberLink

23/03/2007 13:06 <REP> Google

21/04/2006 20:57 <REP> Help

11/03/2006 08:49 <REP> Identities

14/03/2006 18:05 <REP> Lavasoft

15/03/2006 21:06 <REP> Leadertech

11/03/2006 09:10 <REP> Macromedia

11/03/2006 08:49 <REP> Microsoft

09/06/2006 13:44 <REP> Microsoft Web Folders

14/03/2007 18:07 <REP> Mozilla

17/03/2006 13:49 <REP> MSN6

11/03/2006 08:49 <REP> Real

20/06/2006 13:58 <REP> serge esteban

12/04/2007 20:20 <REP> Shareaza

10/04/2006 18:00 <REP> Sonic

08/05/2007 12:58 <REP> Sun

05/11/2007 11:32 <REP> SurfAccuracy

23/03/2007 16:17 <REP> Symantec

11/03/2006 08:49 62 desktop.ini

1 fichier(s) 62 octets

25 Rép(s) 109 421 568 000 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Documents and Settings\serge esteban\Local Settings\Application Data

 

11/03/2006 08:49 <REP> .

11/03/2006 08:49 <REP> ..

02/04/2006 15:22 <REP> Adobe

26/12/2007 19:50 <REP> Apple Computer

10/11/2007 12:41 <REP> Best_Security_Tips

20/03/2006 08:54 <REP> Google

20/04/2006 22:02 <REP> Help

11/03/2006 10:46 <REP> Identities

26/12/2007 20:25 <REP> KodakGallery

11/03/2006 08:49 <REP> Microsoft

01/06/2007 22:44 <REP> Microsoft Help

02/09/2007 13:20 <REP> MicroVision Applications

14/03/2007 18:08 <REP> Mozilla

13/08/2007 11:53 <REP> My Games

11/03/2006 09:37 <REP> Panda Software

11/03/2006 08:49 <REP> Powercinema

12/04/2007 20:20 <REP> Shareaza

13/09/2007 17:51 <REP> Steam

02/06/2007 08:35 <REP> Temporary Projects

20/03/2006 11:45 35 328 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

20/03/2006 11:21 71 272 GDIPFONTCACHEV1.DAT

11/03/2006 08:49 664 182 IconCache.db

3 fichier(s) 770 782 octets

19 Rép(s) 109 421 568 000 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 08:48 <REP> Identities

11/03/2006 17:21 <REP> Microsoft

11/03/2006 08:48 <REP> Real

30/09/2002 12:08 62 desktop.ini

1 fichier(s) 62 octets

5 Rép(s) 109 421 568 000 octets libres

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

 

11/03/2006 17:21 <REP> .

11/03/2006 17:21 <REP> ..

11/03/2006 08:28 <REP> Microsoft

11/03/2006 08:48 <REP> Powercinema

11/03/2006 08:48 2 652 636 IconCache.db

1 fichier(s) 2 652 636 octets

4 Rép(s) 109 421 563 904 octets libres

 

******************************************

Recherche des taches planifiées dans C:\WINDOWS\tasks

 

 

C:\WINDOWS\Tasks\MP

MP inexploitable

 

******************************************

## Répertoires de C:\Program Files

 

Le volume dans le lecteur C s'appelle HDD

Le numéro de série du volume est 58DB-2F9F

 

Répertoire de C:\Program Files

 

03/03/2008 17:22 <REP> .

03/03/2008 17:22 <REP> ..

07/01/2008 13:54 <REP> Alwil Software

19/02/2008 10:50 <REP> Ankama Games

17/07/2007 12:41 <REP> Atari

03/03/2008 17:22 <REP> Avira

13/08/2007 17:21 <REP> CCleaner

05/11/2007 11:33 <REP> Common Files

11/03/2006 17:21 <REP> CyberLink

22/04/2007 20:58 <REP> Disney Imagineering

18/12/2007 22:47 <REP> Dofus

14/03/2006 17:57 <REP> Elaborate Bytes

01/03/2008 21:09 <REP> Fichiers communs

16/02/2008 18:19 <REP> GlobalWaveBait

02/03/2008 20:34 <REP> Google

11/03/2006 09:53 <REP> Hewlett-Packard

13/02/2008 07:16 <REP> Insider

02/03/2008 20:37 <REP> Internet Explorer

16/03/2006 19:40 <REP> Inventel

25/11/2007 15:36 <REP> Java

13/08/2007 15:44 <REP> Kazaa

26/12/2007 19:45 <REP> Kodak

23/03/2007 13:01 <REP> Lavasoft

27/07/2006 21:43 <REP> Logitech

05/11/2007 11:50 <REP> Magic Workstation

14/03/2007 23:25 <REP> Messenger

10/05/2007 20:16 <REP> Microsoft CAPICOM 2.1.0.2

09/06/2006 13:44 <REP> microsoft frontpage

07/01/2008 17:49 <REP> Microsoft Games

03/06/2007 10:03 <REP> Microsoft Office

03/06/2007 02:43 <REP> Microsoft SQL Server

03/06/2007 10:03 <REP> Microsoft Visual Studio 8

11/03/2006 17:23 <REP> Microsoft Works

01/06/2007 23:22 <REP> Microsoft.NET

01/07/2006 07:06 <REP> Movie Maker

02/03/2008 20:36 <REP> Mozilla Firefox

11/03/2006 17:23 <REP> MSN

11/11/2006 18:21 <REP> MSN Apps

11/03/2006 17:21 <REP> MSN Gaming Zone

02/03/2008 20:33 <REP> MSN Messenger

01/11/2007 10:03 <REP> MSXML 4.0

03/06/2007 02:18 <REP> MSXML 6.0

22/04/2007 20:55 <REP> n3w

02/03/2008 20:33 <REP> Navilog1

11/04/2007 18:53 <REP> Neffy

01/07/2006 07:00 <REP> NetMeeting

01/03/2008 21:10 <REP> Outerinfo

14/06/2007 02:05 <REP> Outlook Express

11/03/2006 09:14 <REP> Panda Software

29/03/2006 19:49 <REP> Play at Joe's

26/12/2007 20:05 <REP> QuickTime

11/03/2006 17:21 <REP> Real

04/11/2007 09:20 <REP> Samsung

11/03/2006 17:23 <REP> Services en ligne

12/04/2007 20:20 <REP> Shareaza

13/08/2007 15:52 <REP> Slayers Online

11/03/2006 17:21 <REP> Sonic

07/01/2008 14:08 <REP> S?mantec

12/11/2007 14:24 <REP> Temporary

04/02/2007 14:47 <REP> Tetrix XP

09/01/2008 20:39 <REP> Valve

04/03/2008 10:04 <REP> Wanadoo

12/11/2007 14:20 <REP> WinAble

02/03/2008 20:34 <REP> Windows Defender

03/03/2008 18:56 <REP> Windows Live Safety Center

02/03/2008 20:33 <REP> Windows Live Toolbar

16/04/2007 16:56 <REP> Windows Media Connect 2

16/04/2007 16:56 <REP> Windows Media Player

01/07/2006 07:00 <REP> Windows NT

22/03/2007 12:37 <REP> WinRAR

11/03/2006 17:21 <REP> xerox

29/05/2007 17:56 <REP> Xvid

02/03/2008 20:36 <REP> Yahoo!

0 fichier(s) 0 octets

73 Rép(s) 109 421 547 520 octets libres

 

******************************************

## Popups autorisées

 

* Internet Explorer

 

! REG.EXE VERSION 3.0

 

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

*.gallery.microsoft.com/ REG_BINARY

*.windowsmedia.com REG_BINARY

host-domain-lookup.com REG_SZ

mysearchnow.com REG_SZ

particuliers.edf.fr REG_BINARY

forum.zebulon.fr REG_BINARY

www.clubic.com REG_BINARY

 

* Mozilla Firefox (1 autorisé 2 interdit)

 

---------- C:\DOCUMENTS AND SETTINGS\SERGE ESTEBAN\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\XY6Y72F6.DEFAULT\HOSTPERM.1

host popup 1 www.infos-du-net.com

 

******************************************

## Registre

 

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]

Search Bar REG_SZ http://www.wanadoo.fr/go/page_recherche/

 

******************************************

## Zones de sécurité

 

* HKCU Domains (4)

 

* P3P History (5)

 

******************************************

## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

 

 

*************** Fin du rapport ****************

[angelique]

• supprime en gras:

 

C:\Documents and Settings\All Users\Application Data\STORE LESS JUGS SURF

C:\Program Files\GlobalWaveBait

C:\Program Files\WinAble

C:\Documents and Settings\serge esteban\Application Data\SurfAccuracy

 

• reposte un rapport HJT