Sujet Précédent Sujet Suivant

[Virus] Shopnav + Pb virus sur windows XP

Fermé
Karine - 31 juil. 2006 à 09:09
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 - 8 oct. 2006 à 19:43
Bonjour,

J'ai actuellement quelques souscis avec mon PC (Windows XP).

Tout d'abord, un "mouchard" qui m'empêche de naviguer sur Internet. Quelque soit le site que je demande, je tombe sur une autre page avec le message serveur indisponible.
Voici ce qui s'affiche au niveau de l'adresse du site :
http://badurl.shopnav.com/url.cgi?uid=10856920&version=1.20031&url=http://wanadoo.fr
J'ai lancé Spybot, Adaware mais rien n'y fait. Spybot détecte bien Shopnav, je corrige mais il reste actif.


Ensuite, et comme beaucoup, plusieurs virus sont présents sur mon PC : win32Trojan-gen{other}, win32:Keenval[Adw], win32:Trojan-gen{VC}, win32:Dialer-336[Trj],win32:Adware-gen[Adw]. J'ai lancé hijackthis, voici la log :

Logfile of HijackThis v1.99.1
Scan saved at 17:55:09, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ciodm821.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\OFFICE ONE6.0\program\soffice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\KARINE\Mes documents\Protection\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [4206a213aaa1] C:\WINDOWS\System32\ciodm821.exe
O4 - HKLM\..\Run: [smanp] C:\DOCUME~1\KARINE\LOCALS~1\Temp\appB.tmp
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\program files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE ONE6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Y aurait'il une bonne âme pour me venir en aide ?
Je ne suis pas experte, aussi merci d'avance de votre aide.

Karine.
A voir également:

58 réponses

Réponse 1 / 58
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
31 juil. 2006 à 11:09
Salut,

Avec Kazaa ne t'étonnes pas d'avoir des m******,
Supprime le, tu le ré-installeras plus tard.......à tes risques et périls...
Tu es bien vérolée entre Kazaa, NetDoNet, et aboutBank.........




Fais ceci bien dans l'ordre car y'a du boulot.......

Il est important d’effectuer la manip dans sa totalité et dans l’ordre :

Télécharge (sauf si tu les as) et colle les 3 rapports dans l’ordre

A - ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

B - spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

D – Ewido
https://www.malekal.com/tutorial-et-guide-ewido-v4/
règle ton ewido sur delete ou remove
Copie/colle le rapport

E - Scan online avec BitDefender (fonctionne uniquement sous Internet Explorer en acceptant l’ activX)
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/scan8/ie.html
Copie/COLLE le rapport entier


Et tu refais un Hitjackthis


A lire,


about blank page de demarrage remplacee




0
Réponse 2 / 58
Karine
1 août 2006 à 10:28
Bonjour Marie,

J'ai effectué les manipulations que tu m'as demandé, voici les résultats :

Scan ad-aware
Ad-Aware SE Build 1.06r1
Logfile Created on:lundi 31 juillet 2006 18:43:27
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


31-07-2006 18:43:27 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


Scan Spybot (je n'ai pas la version 1.4 mais la version 1.3, j'espère que ça ira quand même)

IE Plugin: Data (Fichier, nothing done)
C:\WINDOWS\lu.dat

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-602414446-1397737051-2654145001-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

ShopNav: IE Search URL (Modification du registre, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\=about:blank

ShopNav: IE Search bar (Modification du registre, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank

ShopNav: IE Search bar (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar=about:blank

ShopNav: IE Search page (Modification du registre, nothing done)
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=https://www.google.com/?gws_rd=ssl

ShopNav: IE Search page (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page=https://www.google.com/?gws_rd=ssl


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


Scan Ccleaner


ANALYSE COMPLETE - (7,732 secs)
------------------------------------------------------------------------------------------
55,8MB ont été supprimés. (Taille approximative)
------------------------------------------------------------------------------------------

Détails des fichiers à supprimer (Note: AUCUN fichier n'a pour l'instant été supprimé)
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 6) 402 bytes
Marqué pour l'effacement: C:\Documents and Settings\KARINE\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marqué pour l'effacement: C:\Documents and Settings\KARINE\Cookies\index.dat
C:\WINDOWS\TEMP\845.CAT 6,59KB
C:\WINDOWS\TEMP\845.INF 3,44KB
C:\WINDOWS\TEMP\Cookies\index.dat 16,00KB
C:\WINDOWS\TEMP\Historique\History.IE5\desktop.ini 113 bytes
C:\WINDOWS\TEMP\Historique\History.IE5\index.dat 16,00KB
C:\WINDOWS\TEMP\ICH2BR.CAT 6,59KB
C:\WINDOWS\TEMP\ICH2BR.INF 2,82KB
C:\WINDOWS\TEMP\jre_install.txt 7 bytes
C:\WINDOWS\TEMP\Perflib_Perfdata_510.dat 16,00KB
C:\WINDOWS\TEMP\Perflib_Perfdata_518.dat 16,00KB
C:\WINDOWS\TEMP\setup1036.exe 0,17MB
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\9FD3G1B5\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\BQ84VKXN\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\index.dat 16,00KB
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\UHA5W5YL\desktop.ini 67 bytes
C:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\WPYL4XKV\desktop.ini 67 bytes
C:\WINDOWS\TEMP\tom.tmp 6 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\1621B7.tmp 0,43MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\50COMUPD.EXE 0,49MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\875498-NOSB.exe 0,40MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAX12.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAX1C.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAX21.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAX4.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAX9.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAX9D.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAXA2.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAXA8.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAXAD.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\AAXD.tmp 28,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\Acr4.tmp 1,95MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\Acr6.tmp 1,95MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\Acr83.tmp 1,95MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app38.tmp 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app3A.tmp 0,12MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app5.tmp 0,50MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app5B.tmp 36,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app62.tmp 0,12MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app63.tmp 76,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app74.tmp 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app8B.tmp 36,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app8C.tmp 62,49KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\app9.tmp 0,50MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\appB.tmp 76,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\control.xml 717 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\eUnivPreinstallerLog.tmp 266 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\Excel8.0\MSForms.EXD 0,21MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\f-sasser.exe 90,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\GLC4.tmp 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\GLC5.tmp 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\GLF7.tmp 9,50KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\GLF8.tmp 9,50KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r11.tmp 3,06KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r13.tmp 84,40KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r4.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r49.tmp 3,03KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r4C.tmp 3,03KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r7.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2r9.tmp 84,40KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rBA.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rBD.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rC.tmp 84,40KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rC0.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rC3.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rC6.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rC9.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rCC.tmp 19,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\h2rE.tmp 3,06KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\hi-story.tmp 16 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IEC12.tmp 0,33MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT11.xml 1,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT12.xml 426 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT13.xml 0,77MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT18.xml 1,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT19.xml 426 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT1A.xml 0,77MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT33.xml 1,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT34.xml 426 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT35.xml 0,77MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT9B.xml 1,98KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT9C.xml 426 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IMT9D.xml 0,77MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\InstHelp.dll 56,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\IVIApp.tmp 106 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\jar_cache34939.tmp 23,92KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\jar_cache34940.tmp 16,79KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\jar_cache34941.tmp 6,81KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\jar_cache34942.tmp 2,53KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\KIT1A.tmp 52,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\KIT7.tmp 24,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\KITD.tmp 52,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\kmdb.html 843 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\MirarSetup.exe 0,15MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mitB8.tmp 0,15MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mitB8.tmp.cab 0,15MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso32.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso33.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso34.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso35.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso36.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso37.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso38.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso38A.doc 68,50KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso39.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso3A.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso3B.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso3C.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso3D.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso3E.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso3F.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso40.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso41.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso42.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso43.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso44.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso45.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso46.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso47.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso48.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso49.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso4A.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso4B.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso4C.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso4D.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso4E.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso4F.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso50.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso51.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso52.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso53.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso54.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso55.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso56.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso57.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso58.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso59.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso5A.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso5B.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso5C.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso5D.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso5E.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso5F.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso60.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso61.tmp 4,51KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso62.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso63.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso64.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso65.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso66.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso67.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso68.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso69.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso6A.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso6B.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso6C.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso6D.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso6E.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso6F.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso70.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso71.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso72.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso73.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso74.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso75.tmp 4,51KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso76.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso77.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso78.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso79.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso7A.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso7B.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso7C.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso7D.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso7E.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso7F.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso80.tmp 2,39KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso81.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso82.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso83.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso84.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso85.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso86.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso87.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso88.tmp 1,85KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso89.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso8A.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso8B.tmp 4,51KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso8C.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso8D.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso8E.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso8F.tmp 5,54KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\mso90.tmp 4,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\NDCNETOC.INF 430 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\nn_patch.exe 0,55MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\nn_patch.ini 337 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\r2h269.tmp 6,01KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.fr89ED\Data\app.dat 28,17KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_1_512700.GIF 14,92KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_1_512900.GIF 10,44KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_1_651400.GIF 11,80KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_1_749400.GIF 12,72KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_2_559800.GIF 18,21KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_2_560700.GIF 14,31KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_2_663500.GIF 12,52KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_2_663700.GIF 16,15KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_4_546600.GIF 12,16KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_4_547500.GIF 4,83KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_291_0_4_550100.GIF 13,80KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_508100.HTM 473 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_513900.HTM 478 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_547000.HTM 1022 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_552300.HTM 456 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_554300.HTM 532 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_554700.HTM 546 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_574900.HTM 1,04KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_578300.HTM 216 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_580500.HTM 486 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_592600.HTM 1,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_593700.HTM 1,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_596800.HTM 1,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_608700.HTM 566 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_616600.HTM 2,83KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_618700.HTM 1015 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_621800.HTM 438 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_622500.HTM 1015 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_624900.HTM 643 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_636200.HTM 425 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_644000.HTM 1,01KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_644300.HTM 1,05KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_645000.HTM 1,05KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_645100.HTM 1,05KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_651900.HTM 445 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_655200.HTM 474 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_655300.HTM 473 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_656000.HTM 1,02KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\temp.frC327\B_687700.HTM 425 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\TLB3C.tmp 64,13KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp2C.tmp 493 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp34.tmp 541 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp34A.tmp 331 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp36.tmp 297 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp367.tmp 589 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp37.tmp 542 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp38.tmp 472 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp39.tmp 654 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp3A.tmp 264 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp3B.tmp 264 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp3C.tmp 217 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp3D.tmp 424 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp3E.tmp 593 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp3F.tmp 633 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp40.tmp 712 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp41.tmp 543 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp42.tmp 562 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp43.tmp 473 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp44.tmp 383 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp45.tmp 535 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp46.tmp 527 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp47.tmp 472 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp48.tmp 346 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp49.tmp 541 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp4A.tmp 535 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp4B.tmp 379 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp4C.tmp 526 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp4D.tmp 407 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp4E.tmp 551 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp4F.tmp 524 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp50.tmp 330 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp51.tmp 470 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp52.tmp 541 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp53.tmp 551 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp54.tmp 545 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp55.tmp 331 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp56.tmp 463 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp57.tmp 311 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp58.tmp 437 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp59.tmp 345 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp5A.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp5B.tmp 235 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp5C.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp5D.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp5E.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp5F.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp60.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp61.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp62.tmp 509 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp63.tmp 238 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp64.tmp 380 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp65.tmp 396 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp66.tmp 541 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp67.tmp 542 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp68.tmp 330 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp69.tmp 648 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp6A.tmp 540 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp6B.tmp 351 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp6C.tmp 316 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp6D.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp6E.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp6F.tmp 316 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp70.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp71.tmp 235 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp72.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp73.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp74.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp75.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp76.tmp 550 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp77.tmp 549 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp78.tmp 316 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp79.tmp 316 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp7A.tmp 533 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp7B.tmp 197 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp7C.tmp 408 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp7D.tmp 542 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp7E.tmp 235 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp7F.tmp 194 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp80.tmp 194 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp81.tmp 194 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp82.tmp 235 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp83.tmp 297 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp84.tmp 311 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp85.tmp 311 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp86.tmp 548 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp87.tmp 316 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp88.tmp 550 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp89.tmp 494 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp8A.tmp 493 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp8B.tmp 534 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp8C.tmp 672 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp8D.tmp 534 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp8E.tmp 566 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp8F.tmp 195 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp90.tmp 68 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp91.tmp 353 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp92.tmp 353 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp93.tmp 311 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp94.tmp 197 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp95.tmp 312 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp96.tmp 542 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp97.tmp 311 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp98.tmp 313 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp99.tmp 313 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp9A.tmp 298 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp9B.tmp 250 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp9C.tmp 533 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp9D.tmp 581 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp9E.tmp 193 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmp9F.tmp 550 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmpA0.tmp 193 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmpA1.tmp 613 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmpA4.tmp 709 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmpB9.tmp 524 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\tmpBB.tmp 312 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\totem_droite_accueil (2).jpg 0 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\TsUninst84.bat 337 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd10.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd11.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd12.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd13.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd14.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd15.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd16.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd17.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd18.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd1A.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd1B.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd1C.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd1D.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd1E.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd1F.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd21.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd22.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd23.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd27.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd28.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd282.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd3.tmp 0,22MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd31.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd34.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd37.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd39.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd4.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd42.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd4F4.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd5.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd53.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd54.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd57.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd5C.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd6.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd61.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd63.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd66.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd69.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd6F.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd7.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd72.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd77.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd8.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\upd9.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\updA.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\UpdatedUpdaterInstall.exe 93,88KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\updB.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\updC.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\updD.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\updE.tmp 56 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\updF.tmp 55 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\VBE\MSForms.EXD 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\vmstmp\vmstmp.exe 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER4.tmp.dir00\appcompat.txt 16,18KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER4.tmp.dir00\manifest.txt 1,65KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER4.tmp.dir00\svchost.exe.hdmp 1,78MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER4.tmp.dir00\svchost.exe.mdmp 50,87KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER6fde.dir00\appcompat.txt 15,96KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER6fde.dir00\drwtsn32.exe.hdmp 3,41MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER6fde.dir00\drwtsn32.exe.mdmp 64,96KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\WER6fde.dir00\manifest.txt 1,94KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\Word8.0\MSForms.EXD 0,16MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\ycomp_setup_cclean.exe 0,73MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\avast.setup 1,88MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\avscan-23c.vpu 0,70MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\av_pro_core-305.vpu 3,17MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\av_pro_dll40c-5a.vpu 1,24MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\av_pro_hlp40c-133.vpu 0,18MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\av_pro_skins-13.vpu 0,42MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\jollyroger.vpu 4,75KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\news409-31.vpu 11,08KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\part-news-4a.vpu 220 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\part-prg_av_pro-34c.vpu 4,95KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\part-setup_av_pro-34c.vpu 365 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\part-vps-62202.vpu 661 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\prod-av_pro.vpu 511 bytes
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\servers.def 8,54KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\setif_av_pro-34c.vpu 43,45KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\setup.ovr 1,88MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\setup_av_pro-34c.vpu 0,52MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\vps-62200.vpu 3,43MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\vpsm-62202.vpu 12,38KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\winsys-1.vpu 0,30MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_av_sfx.tm~a03816\winsysgui-1.vpu 0,65MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\60d51.DLL 0,14MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\bbrd1.bmp 98,71KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\bbrd2.bmp 98,71KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\bbrd3.bmp 98,71KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\bbrdl1.bmp 48,92KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\bbrdl2.bmp 48,92KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\bbrdl3.bmp 48,92KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.Exe 0,31MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\license.txt 8,99KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\progrs1.bmp 90,29KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\progrs2.bmp 90,29KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\progrs3.bmp 90,29KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\progrs4.bmp 90,29KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\progrs5.bmp 90,29KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\progrs6.bmp 90,29KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\value.shl 17,87KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\_ISNU.DLL 0,25MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\_Setup.dll 34,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_iu14D2N.tmp 71,26KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_USBTMP_\SetupUMSD.EXE 1,09MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\_USBTMP_\_Setup.exe 1,11MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DF1FB.tmp 16,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DF3B94.tmp 16,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DF4D3A.tmp 48,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DF64DB.tmp 48,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DF721F.tmp 16,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DF9BBA.tmp 16,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DFE945.tmp 16,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DFEBBB.tmp 0,20MB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DlfnTmp0\8151820.jpg 11,92KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DlfnTmp0\imgSizer.ocx 36,00KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DlfnTmp0\index.html 2,43KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DlfnTmp1\index.html 4,25KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~DlfnTmp2\index.html 4,25KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~wmvtmp1\index.html 4,25KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~wmvtmp2\index.html 4,25KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~wmvtmp3\index.html 4,25KB
C:\DOCUME~1\KARINE\LOCALS~1\Temp\~WRF0000.tmp 16,00KB
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 36,56KB
C:\WINDOWS\system32\wbem\Logs\mofcomp.log 12,69KB
C:\WINDOWS\system32\wbem\Logs\replog.log 400 bytes
C:\WINDOWS\system32\wbem\Logs\setup.log 5,16KB
C:\WINDOWS\system32\wbem\Logs\wbemcore.log 119 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 62,76KB
C:\WINDOWS\system32\wbem\Logs\wbemprox.log 804 bytes
C:\WINDOWS\system32\wbem\Logs\WinMgmt.log 15,35KB
C:\WINDOWS\system32\wbem\Logs\wmiadap.log 1,48KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 22,81KB
C:\WINDOWS\system32\wbem\Logs\wbemess.lo_ 64,02KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.lo_ 64,05KB
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\chipset.log 353 bytes
C:\WINDOWS\cmsetacl.log 200 bytes
C:\WINDOWS\COM+.log 3,00KB
C:\WINDOWS\comsetup.log 0,16MB
C:\WINDOWS\DtcInstall.log 731 bytes
C:\WINDOWS\f-sasser.log 4,72KB
C:\WINDOWS\FaxSetup.log 0,53MB
C:\WINDOWS\iis6.log 87,86KB
C:\WINDOWS\imsins.log 1,34KB
C:\WINDOWS\KB823980.log 16,43KB
C:\WINDOWS\KB828741.log 19,91KB
C:\WINDOWS\KB833987.log 7,85KB
C:\WINDOWS\KB834707-IE6SP1-20040929.091901.log 11,78KB
C:\WINDOWS\KB835732.log 9,88KB
C:\WINDOWS\KB840987.log 16,97KB
C:\WINDOWS\KB841356.log 11,60KB
C:\WINDOWS\KB841533.log 9,05KB
C:\WINDOWS\KB842252.log 96 bytes
C:\WINDOWS\KB842773.log 7,12KB
C:\WINDOWS\KB867282-IE6SP1-20050127.163319.log 12,08KB
C:\WINDOWS\KB871250.log 9,06KB
C:\WINDOWS\KB873333.log 0,29MB
C:\WINDOWS\KB873339.log 0,20MB
C:\WINDOWS\KB873376.log 10,97KB
C:\WINDOWS\KB883939.log 15,93KB
C:\WINDOWS\KB885250.log 17,25KB
C:\WINDOWS\KB885835.log 0,20MB
C:\WINDOWS\KB885836.log 0,20MB
C:\WINDOWS\KB886185.log 8,27KB
C:\WINDOWS\KB887472.log 12,37KB
C:\WINDOWS\KB887742.log 12,83KB
C:\WINDOWS\KB888113.log 0,20MB
C:\WINDOWS\KB888302.log 0,20MB
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log 7,77KB
C:\WINDOWS\KB890046.log 12,19KB
C:\WINDOWS\KB890047.log 0,24MB
C:\WINDOWS\KB890175.log 0,21MB
C:\WINDOWS\KB890859.log 0,20MB
C:\WINDOWS\KB890923-IE6SP1-20050225.103456.log 10,02KB
C:\WINDOWS\KB890923.log 14,01KB
C:\WINDOWS\KB891711.log 8,99KB
C:\WINDOWS\KB891781.log 0,20MB
C:\WINDOWS\KB893066.log 0,21MB
C:\WINDOWS\KB893086.log 0,20MB
C:\WINDOWS\KB893756.log 17,86KB
C:\WINDOWS\KB893803.log 6,18KB
C:\WINDOWS\KB893803v2.log 7,04KB
C:\WINDOWS\KB894391.log 13,06KB
C:\WINDOWS\KB896358.log 12,38KB
C:\WINDOWS\KB896422.log 14,69KB
C:\WINDOWS\KB896423.log 62,84KB
C:\WINDOWS\KB896424.log 12,30KB
C:\WINDOWS\KB896428.log 11,39KB
C:\WINDOWS\KB896688.log 17,43KB
C:\WINDOWS\KB896727.log 18,26KB
C:\WINDOWS\KB898458.log 4,46KB
C:\WINDOWS\KB898461.log 7,65KB
C:\WINDOWS\KB899587.log 18,31KB
C:\WINDOWS\KB899588.log 13,16KB
C:\WINDOWS\KB899591.log 17,75KB
C:\WINDOWS\KB900485.log 11,34KB
C:\WINDOWS\KB900725.log 20,53KB
C:\WINDOWS\KB901017.log 27,79KB
C:\WINDOWS\KB901214.log 11,60KB
C:\WINDOWS\KB902400.log 30,39KB
C:\WINDOWS\KB903235.log 4,19KB
C:\WINDOWS\KB904706.log 18,43KB
C:\WINDOWS\KB905414.log 20,66KB
C:\WINDOWS\KB905749.log 19,08KB
C:\WINDOWS\KB905915.log 22,54KB
C:\WINDOWS\KB908519.log 11,22KB
C:\WINDOWS\KB908531.log 14,98KB
C:\WINDOWS\KB910437.log 8,55KB
C:\WINDOWS\KB911562.log 14,19KB
C:\WINDOWS\KB911564.log 4,09KB
C:\WINDOWS\KB911565.log 9,29KB
C:\WINDOWS\KB911567.log 11,33KB
C:\WINDOWS\KB911927.log 10,40KB
C:\WINDOWS\KB912812.log 16,29KB
C:\WINDOWS\KB912919.log 11,92KB
C:\WINDOWS\KB913446.log 6,50KB
C:\WINDOWS\KB913580.log 12,19KB
C:\WINDOWS\KB914389.log 3,34KB
C:\WINDOWS\KB916281.log 3,74KB
C:\WINDOWS\KB917344.log 3,96KB
C:\WINDOWS\KB917953.log 3,48KB
C:\WINDOWS\KB918439.log 3,71KB
C:\WINDOWS\msgsocm.log 27,58KB
C:\WINDOWS\ntdtcsetup.log 99,43KB
C:\WINDOWS\ocgen.log 0,27MB
C:\WINDOWS\ocmsn.log 22,94KB
C:\WINDOWS\offitems.log 44,00KB
C:\WINDOWS\Q323183.log 3,12KB
C:\WINDOWS\Q327979.log 2,70KB
C:\WINDOWS\regopt.log 2,95KB
C:\WINDOWS\sessmgr.setup.log 5,30KB
C:\WINDOWS\Setup.log 86 bytes
C:\WINDOWS\setupact.log 0,21MB
C:\WINDOWS\setupapi.log 0,94MB
C:\WINDOWS\setuperr.log 537 bytes
C:\WINDOWS\spupdsvc.log 32,44KB
C:\WINDOWS\Sti_Trace.log 0 bytes
C:\WINDOWS\svcpack.log 0,42MB
C:\WINDOWS\TMFilter.log 212 bytes
C:\WINDOWS\tsoc.log 0,21MB
C:\WINDOWS\updspapi.log 34,65KB
C:\WINDOWS\vminst.log 2,02KB
C:\WINDOWS\wiadebug.log 216 bytes
C:\WINDOWS\wiaservc.log 47 bytes
C:\WINDOWS\Windows Update.log 0,18MB
C:\WINDOWS\WindowsUpdate.log 1,66MB
C:\WINDOWS\wmsetup.log 43,61KB
C:\WINDOWS\wmsetup10.log 242 bytes
C:\WINDOWS\xpsp1hfm.log 2,58KB
C:\WINDOWS\imsins.BAK 1,34KB
C:\WINDOWS\OEWABLog.txt 1,49KB
C:\WINDOWS\setuplog.txt 0,80MB
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log 3,83MB
C:\WINDOWS\Debug\blastcln.log 286 bytes
C:\WINDOWS\Debug\mrt.log 9,76KB
C:\WINDOWS\Debug\NetSetup.LOG 4,13KB
C:\WINDOWS\security\logs\backup.log 3,59KB
C:\WINDOWS\security\logs\SceRoot.log 624 bytes
C:\WINDOWS\security\logs\scesetup.log 0,13MB
C:\WINDOWS\security\logs\update.log 8,14KB
C:\WINDOWS\security\logs\scecomp.old 326 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\#SharedObjects\6V9K2A29\thedayaftertomorrow.com\site_dvd\fr\container.swf\tdat_main_vars.sol 54 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\#SharedObjects\6V9K2A29\wanadooregie.com\detections.sol 125 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\disneylandparis.com\user.sol 79 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\localhost\Documents and Settings\KARINE\Mes documents\OFFICE One Zip\smashback\smashback_offline.exe\HighScore.sol 52 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#disneylandparis.com\settings.sol 89 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol 75 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#thedayaftertomorrow.com\settings.sol 93 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wanadooregie.com\settings.sol 86 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 441 bytes
C:\Documents and Settings\KARINE\Application Data\Macromedia\Flash Player\wanadooregie.com\detections.sol 125 bytes
C:\Program Files\Ahead\Nero\NeroHistory.log 0,25MB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040905-1510.log 11,83KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040905-1516.txt 20,00KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040905-1523.log 4,98KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040905-1523.txt 1,46KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040912-1941.log 14,91KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040912-1948.txt 24,10KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040913-2005.log 12,93KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.040913-2012.txt 22,04KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050911-1751.log 10,34KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.050911-1758.txt 14,99KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060205-1039.log 2,53KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060205-1047.txt 5,17KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060719-1948.log 1,56KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060719-1953.txt 3,82KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060719-1959.log 905 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060719-2003.txt 2,22KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060719-2006.log 905 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060719-2010.txt 2,22KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060730-1950.log 852 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060730-1954.txt 2,07KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060731-1857.log 905 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.060731-1901.txt 2,22KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.040913-2015.txt 22,03KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060719-1954.txt 3,66KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060719-2005.txt 2,15KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060719-2016.txt 2,15KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.060730-1955.txt 2,01KB
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Update downloads.log 416 bytes
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Statistics.ini 1,86KB
C:\Documents and Settings\KARINE\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-07-24 16-59-00.txt 44,27KB
C:\Documents and Settings\KARINE\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-07-30 19-41-53.txt 27,00KB
C:\Documents and Settings\KARINE\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-07-31 18-49-40.txt 22,53KB
C:\WINDOWS\Internet Logs\ZALog.txt 81,69KB
C:\WINDOWS\Internet Logs\ZALog2005.02.13.txt 23,87KB
C:\WINDOWS\Internet Logs\ZALog2005.03.03.txt 50,62KB
------------------------------------------------------------------------------------------


Scan Ewido


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:35:15 31/07/2006

+ Scan result:



C:\Documents and Settings\KARINE\Local Settings\Temp\app74.tmp -> Adware.DelphinMediaViewer : No action taken.
C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe -> Adware.DelphinMediaViewer : No action taken.
C:\WINDOWS\system32\nfomon\nfo.ocx -> Adware.DelphinMediaViewer : No action taken.
C:\Program Files\MediaLoads\v1\ML.exe -> Adware.DownloadWare : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : No action taken.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : No action taken.
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{00027925-0017-4faf-9539-90E4AC0B9EC5} -> Adware.IEPlugin : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5} -> Adware.IEPlugin : No action taken.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00027925-0017-4FAF-9539-90E4AC0B9EC5} -> Adware.IEPlugin : No action taken.
HKU\.DEFAULT\Software\intexp -> Adware.IEPlugin : No action taken.
HKU\.DEFAULT\Software\intexp\Config -> Adware.IEPlugin : No action taken.
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : No action taken.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00027925-0017-4FAF-9539-90E4AC0B9EC5} -> Adware.IEPlugin : No action taken.
HKU\S-1-5-18\Software\intexp -> Adware.IEPlugin : No action taken.
HKU\S-1-5-18\Software\intexp\Config -> Adware.IEPlugin : No action taken.
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : No action taken.
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00027925-0017-4FAF-9539-90E4AC0B9EC5} -> Adware.IEPlugin : No action taken.
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\intexp -> Adware.IEPlugin : No action taken.
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\intexp\Config -> Adware.IEPlugin : No action taken.
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : No action taken.
C:\WINDOWS\eltt.dll -> Adware.ImiBar : No action taken.
C:\Program Files\IncrediFind -> Adware.Incredifind : No action taken.
C:\Program Files\IncrediFind\BHO -> Adware.Incredifind : No action taken.
C:\Program Files\IncrediFind\BHO\date.txt -> Adware.Incredifind : No action taken.
HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : No action taken.
C:\Documents and Settings\KARINE\Local Settings\Temp\upd3.tmp/ME.dll -> Adware.MediaPops : No action taken.
C:\WINDOWS\system32\WinNB57.dll -> Adware.NetNucleus : No action taken.
C:\Program Files\NewDotNet -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : No action taken.
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall5_20.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall5_40.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_10.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_30.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\KARINE\Local Settings\Temp\MirarSetup.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\Downloaded Program Files\MirarSetup.exe -> Adware.SaveNow : No action taken.
C:\Program Files\MaxSpeed -> Adware.SideFind : No action taken.
C:\Program Files\MaxSpeed\Privacy Info.url -> Adware.SideFind : No action taken.
C:\Program Files\MaxSpeed\Terms and Conditions.url -> Adware.SideFind : No action taken.
C:\Program Files\MaxSpeed\Uninstall Instructions.url -> Adware.SideFind : No action taken.
C:\RECYCLER\NPROTECT\00000135.exe -> Adware.UrlSpy : No action taken.
C:\RECYCLER\NPROTECT\00000136.dll -> Adware.UrlSpy : No action taken.
C:\RECYCLER\NPROTECT\00000138.exe -> Adware.UrlSpy : No action taken.
C:\WINDOWS\system32\cfgmgr32.exe -> Adware.UrlSpy : No action taken.
C:\WINDOWS\system32\ciodm821.exe -> Adware.UrlSpy : No action taken.
C:\WINDOWS\system32\cmdial32.exe -> Adware.UrlSpy : No action taken.
[1120] C:\WINDOWS\System32\cmdial32.exe -> Adware.UrlSpy : No action taken.
[1968] C:\WINDOWS\System32\ciodm821.exe -> Adware.UrlSpy : No action taken.


::Report end



Rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 19:39:29, on 31/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ciodm821.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OFFICE ONE6.0\program\soffice.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Documents and Settings\KARINE\Mes documents\Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=10856920&id=1.20031
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=10856920&id=1.20031
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=10856920&id=1.20031
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=10856920&id=1.20031
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [4206a213aaa1] C:\WINDOWS\System32\ciodm821.exe
O4 - HKLM\..\Run: [smanp] C:\DOCUME~1\KARINE\LOCALS~1\Temp\appB.tmp
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\program files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE ONE6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Pour l'instant, j'ai juste scanné mais je n'ai rien enlevé ou corrigé.
Je n'ai pas pu faire le scan en ligne car pas d'accès internet.

Voila, cela fait beaucoup de lecture.
Je te remercie d'avance de ton aide.

Karine.
0
Réponse 3 / 58
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
1 août 2006 à 10:45
Salut,

EWIDO ===> No action taken ==> n'a pas fonctioné, lis bien le tuto, STP

D – Ewido
https://www.malekal.com/tutorial-et-guide-ewido-v4/
règle ton ewido sur delete ou remove
Copie/colle le rapport


Je n'ai pas pu faire le scan en ligne car pas d'accès internet. ha ! il aurait été bon d'avoir spybot version 1.4


Tu es infectée par NewDoNet : regarde si tu l'as dans ajout/supp des programmes
Que se passe-t-il avec ta connexion ???

http://perso.orange.fr/jesses/Docs/Nuisibles/NewDotNet.htm


A++
0
Réponse 4 / 58
Karine
1 août 2006 à 11:30
Je ferai les manips ce soir car je suis au boulot actuellement.
Pour Ewido, où dois-je régler le remove ou delete ? Dans Scanner, dans quarantine ?


Pour ma connexion Internet, voici ce qui se passe : je lance internet explorer, j'arrive sur une page avec le message Impossible d'afficher la page (dans la barre de titre "Wanadoo serveur indisponible)". Dans l'url, j'ai ceci : http://badurl.shopnav.com/url.cgi?uid=10856920&version=1.20031&url=http://wanadoo.fr

J'ai contacté le service client Wanadoo qui me dit que la connexion fonctionne bien mais que j'ai un mouchard qui me redirige ailleurs à chaque fois que je tape une adresse.
Ici, je devrai normalement tomber sur la page d'accueil Wanadoo.

Spybot détecte bien Shopnav mais ne peut le corriger.

As-tu besoin d'infos supplémentaires ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 58
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
1 août 2006 à 11:43
Re,

Essaie ça

Salut

Telecharge la derniere version stp

http://siri.urz.free.fr/Fix/SmitfraudFix.zip
SMITFRAUD REGIS 30/07/2006
Télécharge ceci: (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
----------------------------------------------------------------------------
Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
Relance le programme Smitfraud,
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

========================================
A+


0
Réponse 6 / 58
Karine
2 août 2006 à 08:51
Bonjour Marie,

J'ai regardé comme tu me l'as demandé dans ajout/sup de programmes, je ne vois pas NewDotNet. J'ai un New.net Domains 7.22, est-ce lié ?

J'ai relancé Ewido, voici le résultat :

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:39:36 01/08/2006

+ Scan result:



C:\Documents and Settings\KARINE\Local Settings\Temp\app74.tmp -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nfomon\nfo.ocx -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
C:\Program Files\MediaLoads\v1\ML.exe -> Adware.DownloadWare : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Adware.Downloadware : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00027925-0017-4faf-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00027925-0017-4FAF-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00027925-0017-4FAF-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00027925-0017-4FAF-9539-90E4AC0B9EC5} -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-602414446-1397737051-2654145001-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
C:\WINDOWS\eltt.dll -> Adware.ImiBar : Cleaned with backup (quarantined).
C:\Program Files\IncrediFind -> Adware.Incredifind : Cleaned with backup (quarantined).
C:\Program Files\IncrediFind\BHO -> Adware.Incredifind : Cleaned with backup (quarantined).
C:\Program Files\IncrediFind\BHO\date.txt -> Adware.Incredifind : Cleaned with backup (quarantined).
HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Cleaned with backup (quarantined).
C:\Documents and Settings\KARINE\Local Settings\Temp\upd3.tmp/ME.dll -> Adware.MediaPops : Error during cleaning.
C:\WINDOWS\system32\WinNB57.dll -> Adware.NetNucleus : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\readme.html -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\uninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall4_88.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_20.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall5_40.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_10.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_30.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Documents and Settings\KARINE\Local Settings\Temp\MirarSetup.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\MirarSetup.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\MaxSpeed\Privacy Info.url -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\MaxSpeed\Terms and Conditions.url -> Adware.SideFind : Cleaned with backup (quarantined).
C:\Program Files\MaxSpeed\Uninstall Instructions.url -> Adware.SideFind : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00000135.exe -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00000136.dll -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\RECYCLER\NPROTECT\00000138.exe -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_m_d_i_a_l_3_2_._e_x_e_ -> Adware.UrlSpy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cfgmgr32.exe -> Adware.UrlSpy : Cleaned with backup (quarantined).


::Report end




J'ai effectué les scan avec Smitfraud, voici les résultats :

Option 1 :

SmitFraudFix v2.77

Rapport fait à 19:47:19,21, 01/08/2006
Executé à partir de C:\Documents and Settings\KARINE\Mes documents\Protection\smitfraudfix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\KARINE\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\KARINE\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


Option 2 :

SmitFraudFix v2.77

Rapport fait à 20:44:33,56, 01/08/2006
Executé à partir de C:\Documents and Settings\KARINE\Mes documents\Protection\smitfraudfix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


J'ai également relancé Hijackthis :

Logfile of HijackThis v1.99.1
Scan saved at 07:26:11, on 02/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OFFICE ONE6.0\program\soffice.exe
C:\Documents and Settings\KARINE\Mes documents\Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smanp] C:\DOCUME~1\KARINE\LOCALS~1\Temp\appB.tmp
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\program files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE ONE6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Tout cela a quand même modifié quelque chose. Quand j'arrive sur Internet, j'ai toujours le même résultat (impossible d'afficher la page) mais l'url a changé. Au lieu de http://badurl.shopnav.com/url.cgi?uid=10856920&version=1.20031&url=http://wanadoo.fr
j'obtiens maintenant
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome


Voila, j'attends tes instructions.
0
Réponse 7 / 58
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
2 août 2006 à 11:56
Re,

New.net Domains 7.22 ===> Désinstalle le.

Regarde ici aussi :

Tu es infectée par NewDoNet : Que se passe-t-il avec ta connexion ???

http://perso.orange.fr/jesses/Docs/Nuisibles/NewDotNet.htm


A++
0
Réponse 8 / 58
Karine
3 août 2006 à 08:44
Bonjour Marie,

J'ai enfin retrouvé ma connexion. Je te dis un grand merci.

Dois-je effectuer d'autres manip afin d'enlever les autres virus qui traînent sur mon poste ?

A +.
0
Réponse 9 / 58
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
3 août 2006 à 09:45
Bonjour Karine,

A)- Désactive la restauration système.
"Pour accéder à la restauration système rapide --->clic sur "la touche Windows" + "la touche Pause" > Onglet Restauration".

B)- Relance HijackThis et suis ceci:

1°- À fixer ( vérifiés avec CastleCops )

•- O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll (file missing)
•- O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
( Band Class {00027925-0017-4faf-9539-90E4AC0B9EC5} X BHO ttext.dll, eltt.dll, sh32.dll IePlugin/ImiServ adware variant )
•- O2 - BHO: (no name) - {911A1534-8E65-448E-92AE-E22D49F870C4} - (no file)
•- O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
•- O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s Celui-ci disparait en principe avec Spybot....Mais il est réapparait parfois lors du dernier HJT. ---> lire plus bas.
•- O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
•- O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
•- O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
•- O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
•- O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

2°- Danger / gravité

•- Il faut que tu supprimes cette ligne avec "LSPFIX" :
-O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet7_22.dll' missing ---> Pirates de Winsock !!
Ne JAMAIS corriger une 010 avec HJT ; réparer EVENTUELLEMENT avec < LSPsFix de Cexx.org > ou Spybot S&D
Lire ce qui suit :
< http://perso.orange.fr/jesses/Docs/Nuisibles/NewDotNet.htm >
Et en complément, un cas vécu ( pour le mode d'emploi éventuellement ):
< plus de connection internet explorer >
Ajouté par moe31 (23/01/2006 à 00:05 GMT+2)
Pour la 010, telecharge lspfix ici: < http://www.cexx.org/LSPFix.exe >
Puis lance LSPFIX et agrandis la fenêtre sinon on ne vois pas le bouton FINISH en bas.
Coche 'I know what I'm doing'
Dans la colonne de gauche (KEEP) selectionne newdotnet7_14.dll (et surtout rien d'autre, attention !) et tu le fais passer dans la colonne de droite (REMOVE).
(tu peux le faire glisser avec la souris ou te servir des fleches dans la barre du milieu)
Puis clic sur 'FINISH'
Redemarre ton pc après la manip et reessaye ta connection

•- O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) ---> = sites indésirables dans la zône de confiance.
Si le domaine affiché dans la zône de confiance n'a pas été ajouté par vous-même et que l'adresse n'est pas reconnue, faire réparer par HJT ! OUI, tout à fait...mais pas nécessaire de le faire fixer, pour ma part.
Si la ligne résiste à HJT, utiliser < DelDomains.inf >

3°- Inconnues( attendre ):

? O4 - HKLM\..\Run: [oov6multiuser.exe] C:\program files\OFFICE One6.0\program\oov6multiuser.exe
? O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
? O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
4°- Avec Avast, il faut Kério comme pare-feu ( et non pas ZA à cause de conflits ! )

C)- Après ça, réactive la restauration système; redémarre ton PC; et relance un HJT et poste son rapport.
Je ne fais que passer.
Il faudra attendre le retour de Marie.
Bonne journée.
PS; Ton PC est une bombe à retardement!
0
Réponse 10 / 58
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
3 août 2006 à 11:35
Resalut,
Je viens de voir Marie sur le forum vers 08Hoo; peut-être a-t-elle un empêchement ?

Pour que tu puisses en connaître davantage, et pour compléter ce que je t'écrivais au # 9 § 2° relativement au " NewDoNet " , à savoir : « Ne JAMAIS corriger une 010 avec HJT ; réparer EVENTUELLEMENT avec < LSPsFix de Cexx.org > ou avec Spybot S&D » ; il y a ici un INCONTOURNABLE à lire absolument et à CLASSER ( merci Olivier ) ----->:
< http://entraide.aceboard.fr/175280-1992-3434-0-vous-etes-infecte-NewDoNet.htm > ( à lire jusqu'à la fin ).

Bonne lecture.
Bonne continuation. ;)
0
Réponse 11 / 58
Karine
3 août 2006 à 13:17
Merci de ta réponse.
Je fais tout ça ce soir chez moi et je vous tiens au courant.

A+
0
Réponse 12 / 58
Karine
3 août 2006 à 21:34
Bonsoir,

Voici le résultat du Hijackthis après les dernières manipulations :

Logfile of HijackThis v1.99.1
Scan saved at 21:24:42, on 03/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\MESSAG~1\Demon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OFFICE ONE6.0\program\soffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\KARINE\Mes documents\Protection\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [smanp] C:\DOCUME~1\KARINE\LOCALS~1\Temp\appB.tmp
O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [oov6multiuser.exe] C:\program files\OFFICE One6.0\program\oov6multiuser.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\OoPDFSettingsv6.exe
O4 - HKLM\..\Run: [OFFICEOneNotesv6.exe] C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\OFFICEOneNotesv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OFFICE One 6.0.lnk = C:\Program Files\OFFICE ONE6.0\program\quickstart.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


A t'on réussi à tout enlever ?
En démarrant mon PC, j'ai une fenêtre indiquant que le fichier TopSearch.dll n'est pas trouvé.

J'aimerais bien enlever Kazaa. J'ai fait supprimer le programme dans ajout/supress des programmes mais je le vois toujours dans Démarer/Tous les programmes.

A+.
0
Réponse 13 / 58
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
4 août 2006 à 06:22
Slt,

Démarrer/Tous les programmes/rechercher/ ===> kazaa

Regarde ici :
comment desinstaller kazaa

A++

Tiens nous au courant


0
Réponse 14 / 58
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
4 août 2006 à 11:29
Salut Karine
Beau travail
1°- Ce que nous devons supprimer, c'est " TopSearch.exe " et non pas " TopSearch.dll ", dans la ligne 04.
Affiche les fichiers cachés ( Démarrer>Panneau de Configuration>Options des Dossiers>Onglet Affichage> "coche la case afficher les fichiers et dossiers cachés" et un peu plus bas sur cette page, "décoche la case Masquer les extensions des fichiers dont le type est connu".
Ensuite dans poste de travail, tu suis ce chemin (C:\Program Files\TopSearch\TopSearch.exe) avec les dossiers jaunes pour en finale aboutir à l'extension" TopSearch.exe" que tu supprimes.
Essaie.
2°- Pour supprimer KAZAA, essaie avec CCleaner v1.31.325; comme tu le vois sur l'image qui t'indique le chemin.< http://img100.imageshack.us/img100/2645/screenshot043fm4.gif >


Bonne chance.

PS, si tu n'as pas ZA, je ne vois pas à quoi sert la 023 de TrueVector.
0
Réponse 15 / 58
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
4 août 2006 à 11:42
N'oublie pas , pour supprimer cette ligne, relire # 9
« A)- Désactive la restauration système.
"Pour accéder à la restauration système rapide --->clic sur "la touche Windows" + "la touche Pause" > Onglet Restauration".
C)- Après ça, réactive la restauration système; redémarre ton PC; et relance un HJT et poste son rapport. »
0
Réponse 16 / 58
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
4 août 2006 à 17:55
Karine,
Si tu ne t'en sors pas pour supprimer cette
04 -C:\Program Files\TopSearch\TopSearch.exe; ( attention, c'est une saloperie --> TopSearch X TopSearch.exe TopSearch = adware variant ;
il reste à allonger la procédure .

Voici une méthode :

1°- HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.
2°- Désinstalle ceci aussi "TopSearch" dans la liste.
2° bis - relance HJT , clic sur "do a system scan and save logfile" ; faire un copier coller du log entier sur le forum

3°- Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais "Ok" pour valider les changements.
Et "Appliquer" !
3° bis- Désactive la Restauration Système
3° ter- Mets à jour Ad-Aware et Spybot S&D.

4°-Relance HijackThis, coche la case devant cette ligne et ensuite clique sur "fix checked" :

O4 - HKLM\..\Run: [TopSearch] C:\Program Files\TopSearch\TopSearch.exe

5°- Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).

6°- Vide tes fichiers temps et temporary internet file =
Supprimer les fichiers temporaires et Vider tout le contenu de ces dossiers,ci dessous :

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp
* Ne pas oublier de vider la corbeille !

7°- Recherche et supprime ceci: Attention seulement le fichier (si présent).

C:\Program Files\TopSearch ( peut-être aura-t-il été supprimé en 1° + 2°- ci-dessus )

8°- Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…

9°- Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…

10°- Vide ta Corbeille.
----------------------------------------------------------------------------
11°- Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.
12°- Réactive la Restauration Système.

Précise tes soucis s’il en reste....

Tiens-moi au courant ( Merci à Quentin )
0
Réponse 17 / 58
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 1 321
4 août 2006 à 18:03
Salut afideg,

Je doute qu elle connaisse mon prenom lol
Et puis pas la peine de me citer ;-)

J'aimerais juste donner 2 petits conseils:

-Pour la restauration systeme, ne la desactive que quand le systeme est sain et stable. Car, en cas de desinfection difficile et ou tu peux rencontrer des soucis, ce sera ta solution de secours.

- Verifie que ceci est supprimé:

c:\eied_s7.cab
c:\ex.cab

A+ Afideg et Karine
0
Réponse 18 / 58
afideg Messages postés 10517 Date d'inscription lundi 10 octobre 2005 Statut Contributeur sécurité Dernière intervention 12 avril 2022 602
4 août 2006 à 20:41
Salut Karine et Régis59,

Régis59 nous demande de vérifier que ceci est supprimé: "C:\eied_s7.cab" et "C:\ex.cab" ; ce sont les fichiers des 4 lignes 016 que tu as supprimées.

C'est toujours les mêmes méthodes:
•- Soit Idem à 3°- du # 16
Affiche les fichiers cachés ( Démarrer>Panneau de Configuration>Options des Dossiers>Onglet Affichage> "coche la case afficher les fichiers et dossiers cachés" et un peu plus bas sur cette page, "décoche la case Masquer les extensions des fichiers dont le type est connu".
Ensuite dans poste de travail, tu suis ce chemin (C:\eied_s7.cab , et C:\ex.cab) pour en finale aboutir à " à ces deux fichiers - avec l'extension .cab-" que tu supprimes.
•- Ou alors, tu peux aussi faire une Recherche avec le menu Démarrer comme au 7°- du # 16.

Essaie
Merci à Régis59.
0
Réponse 19 / 58
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
7 août 2006 à 20:51
Kariiiiiiiiiiiine !!!!!!!!!!!!! Hou, houououou !!!!!!!!!

On ne t'oublie pas

A++
0
Réponse 20 / 58
Karine
11 août 2006 à 11:37
Bonjour,

Excusez-moi de mon silence, je suis en vacances et suis partie en week-end prolongé. Mais me voici de retour.

J'ai supprimé le TopSearch.exe comme vous me l'avez conseillé.
Je n'ai pas de fichiers c:\eied_s7.cab et c:\ex.cab.

Avant d'arriver sur le forum (avant de supprimer TopSearch), j'ai effectué un scan Adaware et spybot, j'ai encore des merdouilles, voici les résultats :

IE Plugin: Data (Fichier, fixed)
C:\WINDOWS\lu.dat

Central24: Uninstall settings (Clé du registre, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ewidoantispyware4

DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-21-602414446-1397737051-2654145001-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modification du registre, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi


Ad-Aware SE Build 1.06r1
Logfile Created on:vendredi 11 août 2006 11:00:38
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R118 07.08.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
GetMirar(TAC index:8):2 total references
ImIServer IEPlugin(TAC index:5):23 total references
MRU List(TAC index:0):7 total references
Tracking Cookie(TAC index:3):5 total references
Win32.TrojanClicker(TAC index:10):3 total references
Win32.TrojanDownloader.Delf(TAC index:10):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


11-08-2006 11:00:38 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\KARINE\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-602414446-1397737051-2654145001-1005\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 408
ThreadCreationTime : 11-08-2006 08:28:48
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 472
ThreadCreationTime : 11-08-2006 08:28:52
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 11-08-2006 08:28:53
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 11-08-2006 08:28:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 11-08-2006 08:28:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 11-08-2006 08:28:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 11-08-2006 08:28:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 808
ThreadCreationTime : 11-08-2006 08:28:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 860
ThreadCreationTime : 11-08-2006 08:28:54
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 888
ThreadCreationTime : 11-08-2006 08:28:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1156
ThreadCreationTime : 11-08-2006 08:28:58
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1164
ThreadCreationTime : 11-08-2006 08:28:58
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:13 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1328
ThreadCreationTime : 11-08-2006 08:28:59
BasePriority : Normal


#:14 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1340
ThreadCreationTime : 11-08-2006 08:28:59
BasePriority : High
FileVersion : 4, 7, 844, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswServ.exe

#:15 [ctsvccda.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1368
ThreadCreationTime : 11-08-2006 08:29:00
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:16 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1420
ThreadCreationTime : 11-08-2006 08:29:00
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:17 [kpf4ss.exe]
FilePath : C:\Program Files\Sunbelt Software\Personal Firewall\
ProcessID : 1448
ThreadCreationTime : 11-08-2006 08:29:00
BasePriority : Normal
FileVersion : 4.3.268.0
ProductVersion : 4.3.268.0
ProductName : Sunbelt Kerio Personal Firewall
CompanyName : Sunbelt Software
FileDescription : Sunbelt Kerio Firewall Service
InternalName : kpf4ss.exe
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. Sunbelt Kerio Personal Firewall and SKPF are trademarks of Sunbelt Software.
OriginalFilename : kpf4ss.exe

#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1480
ThreadCreationTime : 11-08-2006 08:29:01
BasePriority : Normal
FileVersion : 6.13.10.4072
ProductVersion : 6.13.10.4072
ProductName : NVIDIA Driver Helper Service, Version 40.72
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 40.72
InternalName : NVSVC
LegalCopyright : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1616
ThreadCreationTime : 11-08-2006 08:29:03
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2032
ThreadCreationTime : 11-08-2006 08:29:15
BasePriority : Normal


#:21 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 136
ThreadCreationTime : 11-08-2006 08:29:16
BasePriority : Normal


#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 248
ThreadCreationTime : 11-08-2006 08:29:17
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [kpf4gui.exe]
FilePath : C:\Program Files\Sunbelt Software\Personal Firewall\
ProcessID : 1044
ThreadCreationTime : 11-08-2006 08:29:25
BasePriority : Normal
FileVersion : 4.3.268.0
ProductVersion : 4.3.268.0
ProductName : Sunbelt Kerio Personal Firewall
CompanyName : Sunbelt Software
FileDescription : Sunbelt Kerio Firewall GUI
InternalName : kpf4gui.exe
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. Sunbelt Kerio Personal Firewall and SKPF are trademarks of Sunbelt Software.
OriginalFilename : kpf4gui.exe

#:24 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2092
ThreadCreationTime : 11-08-2006 08:29:27
BasePriority : Normal
FileVersion : 5.0.16
ProductVersion : 5.0.16
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:25 [cnxmon.exe]
FilePath : C:\PROGRA~1\Wanadoo\
ProcessID : 2100
ThreadCreationTime : 11-08-2006 08:29:28
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Application CnxMon
FileDescription : Application MFC CnxMon
InternalName : CnxMon
LegalCopyright : Copyright (C) 2001
OriginalFilename : CnxMon.EXE

#:26 [demon.exe]
FilePath : C:\PROGRA~1\MESSAG~1\
ProcessID : 2124
ThreadCreationTime : 11-08-2006 08:29:28
BasePriority : Normal
FileVersion : 3, 0, 20, 0
ProductVersion : 3, 0, 20, 0
ProductName : Demon Messager
CompanyName : France Telecom
FileDescription : Demon
InternalName : Demon
OriginalFilename : Demon.exe

#:27 [taskbaricon.exe]
FilePath : C:\PROGRA~1\Wanadoo\
ProcessID : 2260
ThreadCreationTime : 11-08-2006 08:29:35
BasePriority : Normal


#:28 [dragdiag.exe]
FilePath : C:\Program Files\Thomson\SpeedTouch USB\
ProcessID : 2312
ThreadCreationTime : 11-08-2006 08:29:39
BasePriority : Normal
FileVersion : 301.0.0.12
ProductVersion : 301.0.0.12
ProductName : SpeedTouch USB
CompanyName : THOMSON Telecom Belgium
FileDescription : SpeedTouch Statistics
LegalCopyright : Copyright© THOMSON Telecom Belgium 1999-2004
LegalTrademarks : SpeedTouch

#:29 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 2332
ThreadCreationTime : 11-08-2006 08:29:39
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2006 ALWIL Software
OriginalFilename : aswDisp.exe

#:30 [ewido.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 2340
ThreadCreationTime : 11-08-2006 08:29:40
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:31 [kpf4gui.exe]
FilePath : C:\Program Files\Sunbelt Software\Personal Firewall\
ProcessID : 2364
ThreadCreationTime : 11-08-2006 08:29:40
BasePriority : Normal
FileVersion : 4.3.268.0
ProductVersion : 4.3.268.0
ProductName : Sunbelt Kerio Personal Firewall
CompanyName : Sunbelt Software
FileDescription : Sunbelt Kerio Firewall GUI
InternalName : kpf4gui.exe
LegalCopyright : Copyright © 2002-2005 Sunbelt Software. All rights reserved.
LegalTrademarks : SUNBELT SOFTWARE and the "S" logo are registered trademarks of Sunbelt Software. Sunbelt Kerio Personal Firewall and SKPF are trademarks of Sunbelt Software.
OriginalFilename : kpf4gui.exe

#:32 [oopdfsettingsv6.exe]
FilePath : C:\Program Files\OFFICE ONE6.0\OFFICE One PDF Manager v6\
ProcessID : 2528
ThreadCreationTime : 11-08-2006 08:29:51
BasePriority : Normal
FileVersion : 6.0.5.0
ProductVersion : 6.0.3.0
ProductName : OFFICE One PDF Manager v6
CompanyName : ISSENDIS
FileDescription : OFFICE One PDF Manager v6
InternalName : OFFICE One PDF Manager v6
LegalCopyright : (c) 2002, ISSENDIS.
LegalTrademarks : ISSENDIS
OriginalFilename : OFFICE One PDF Manager v6
Comments : Gestion des modeles

#:33 [officeonenotesv6.exe]
FilePath : C:\Program Files\OFFICE ONE6.0\OFFICE One Notes v6\
ProcessID : 2584
ThreadCreationTime : 11-08-2006 08:29:54
BasePriority : Normal
FileVersion : 6.0.5.0
ProductVersion : 1.0.0.0
ProductName : OFFICE One Notes
CompanyName : ISSENDIS
FileDescription : OFFICE One Notes
InternalName : OFFICE One Notes
LegalCopyright : ISSENDIS

#:34 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2592
ThreadCreationTime : 11-08-2006 08:29:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:35 [ctdetect.exe]
FilePath : C:\Program Files\Creative\MediaSource\Detector\
ProcessID : 2688
ThreadCreationTime : 11-08-2006 08:30:03
BasePriority : Normal
FileVersion : 3.0.2.0
ProductVersion : 3.0.0.0
ProductName : Creative MediaSource Detector
CompanyName : Creative Technology Ltd
FileDescription : Creative MediaSource Detector
InternalName : CTDetect
LegalCopyright : Copyright (c) Creative Technology Ltd., 2003-2004. All rights reserved.
OriginalFilename : CTDetect.EXE

#:36 [wincinemamgr.exe]
FilePath : C:\Program Files\InterVideo\Common\Bin\
ProcessID : 2704
ThreadCreationTime : 11-08-2006 08:30:04
BasePriority : Normal
FileVersion : 1.0
ProductVersion : 1, 0, 0, 1
ProductName : WinCinema Manager for InterVideo WinCinema products
FileDescription : WinCinema Manager
InternalName : WinCinema Manager
LegalCopyright : Copyright (C) 2000 InterVideo Inc.
OriginalFilename : WinCinemaMgr.EXE

#:37 [osa.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ProcessID : 2724
ThreadCreationTime : 11-08-2006 08:30:05
BasePriority : Normal


#:38 [findfast.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ProcessID : 2736
ThreadCreationTime : 11-08-2006 08:30:07
BasePriority : Normal
FileVersion : 8.0
ProductVersion : 8.0
ProductName : Microsoft® Recherche accélérée
CompanyName : Microsoft Corporation
FileDescription : Microsoft Recherche accélérée
InternalName : FINDFAST
LegalCopyright : Copyright © 1995-1997 Microsoft Corporation
OriginalFilename : FINDFAST.EXE

#:39 [soffice.exe]
FilePath : C:\Program Files\OFFICE ONE6.0\program\
ProcessID : 2760
ThreadCreationTime : 11-08-2006 08:30:10
BasePriority : Normal
FileVersion : 6.00.7663
ProductVersion : 6.00.7663
CompanyName : Sun Microsystems, Inc.
FileDescription : OFFICE One 6.0
InternalName : SOFFICE
LegalCopyright : Copyright © 2000 by Sun Microsystems, Inc.
OriginalFilename : SOFFICE.EXE

#:40 [espacewanadoo.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 1512
ThreadCreationTime : 11-08-2006 08:57:53
BasePriority : Normal
FileVersion : 5.7 (248)
ProductVersion : 5.7 (248)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Espace Client
InternalName : EspaceClient
LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
OriginalFilename : EspaceClient.exe

#:41 [comcomp.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 1440
ThreadCreationTime : 11-08-2006 08:57:55
BasePriority : Normal
FileVersion : 9.0 (517)
ProductVersion : 9.0 (517)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Module de communication
InternalName : ComComp
LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
OriginalFilename : ComComp.exe

#:42 [watch.exe]
FilePath : C:\Program Files\Wanadoo\
ProcessID : 2088
ThreadCreationTime : 11-08-2006 08:57:57
BasePriority : Normal
FileVersion : 9.0 (102)
ProductVersion : 9.0 (102)
ProductName : Kit de Connexion et de Services
CompanyName : France Télécom R&D
FileDescription : Surveillance des modifications
InternalName : Watch
LegalCopyright : Copyright (C) France Télécom R&D 1999-2003
OriginalFilename : Watch.exe

#:43 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2500
ThreadCreationTime : 11-08-2006 08:58:30
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

GetMirar Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9a9c9b69-f908-4aab-8d0c-10ea8997f37e}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{5e0910c6-9e45-481c-a2ec-0ec29c96ebeb}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79406f24-8e95-4af8-9fef-2ea2b504e707}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8f7d96aa-489a-4194-ab34-21ef42507932}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b424e2aa-4466-41ca-8194-5a83995a9b15}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{22cacae9-c999-4695-b47b-b2f092bdf84a}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{45da4f3d-2379-45d6-b5c5-c41d33536bc6}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{783ed36e-fa7e-4d4f-9f15-9d1431668c32}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8e0c73cc-54be-4c32-b6ad-8e6e3427c119}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c2ea0488-e1b4-4403-ae40-ef4849269a69}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e45c1548-4bd7-404b-830b-f47c1354fe60}

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{46bd3f46-6e46-43d2-a69d-fd8c05044475}

Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{54645654-2225-4455-44a1-9f4543d34545}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 20


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karine@weborama[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:karine@weborama.fr/
Expires : 09-08-2008 10:22:42
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karine@247realmedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:11
Value : Cookie:karine@247realmedia.com/
Expires : 01-01-2021 02:00:00
LastSync : Hits:11
UseCount : 0
Hits : 11

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karine@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:karine@estat.com/
Expires : 07-08-2016 13:09:28
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karine@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:karine@www.smartadserver.com/
Expires : 05-08-2026 13:10:10
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : karine@bluestreak[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:karine@bluestreak.com/
Expires : 07-08-2016 06:27:02
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 25



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.TrojanDownloader.Delf Object Recognized!
Type : File
Data : Downloader.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\PeDevice\



Win32.TrojanDownloader.Delf Object Recognized!
Type : File
Data : Preparation.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Program Files\PeDevice\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 27




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

GetMirar Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\net-nucleus.com

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : remove

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : snb.band

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : snb.band.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.bottomframe

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.bottomframe.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.leftframe

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.leftframe.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.popupbrowser

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.popupbrowser.1

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.popupwindow

ImIServer IEPlugin Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : sntb.popupwindow.1

ImIServer IEPlugin Object Recognized!
Type : File
Data : lu.dat
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\WINDOWS\



Win32.TrojanClicker Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

Win32.TrojanClicker Object Recognized!
Type : RegData
Data : c:\windows\system32\userinit.exe,
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Userinit
Data : c:\windows\system32\userinit.exe,

Win32.TrojanDownloader.Delf Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\coolwebsearch.com

Win32.TrojanDownloader.Delf Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings\zonemap\domains\searchmeup.com

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 44

11:08:27 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:48.593
Objects scanned:121888
Objects identified:37
Objects ignored:0
New critical objects:37


Question : peut - on tout réparer par Spybot et Adaware, n'y a t'il pas de risque de supprimer des éléments servants à des anti spywares concurrents ?
0