XP D VIRUS hacktool.rootkit [WINDOWS/syst32] Résolu

Question

bonjour à tous !

novice à besoin de votre aide SVP atteint par virus hacktool.rootkit environs 6 fichiers : 

détails :
sytem32
toskrnl.exe : kernel 5
service en cours d'execution 1
oddyssee 1


stephane

danx · Answer

Hello,


Alors question première : as tu un anti virus sur ton pc ? Apparement oui , donc lequel ?
 A plus

philo2100 · Answer

dans un premier temps:
vérifies que tu as :
un fire-wall
un anti-virus
regardes ici, histoire de te mettre au couranr, si tu ne l'es pas---->
https://leblogdeclaude.blogspot.com/2006/10/informatique-comment-se-protger-si-on.html
ensuite vu ton soucis, je te suggère un scan en ligne suivi d'un log HJT
en premier lieu:
http://support.f-secure.fr/fra/home/ols.shtml
en second:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

steph77phane · Answer

hello danx !

merci  de ton secours!

mon anti virus est : norton internet security 2006 j'y suis abonné mais pas très content

steph77phane · Answer

j'ai un par feu windows +anti virus ! je vais faire un scan mais suis novice et je prends des notes en mem tant ! je t'envoie le rapport ensuite 


ps : pas mal ta phrase en fin

philo2100 · Answer

ok,
j'attend le rapport F-secure+log Hijackthis.

danx · Answer

Ok.

 Pour ma part j'ai laissé de coté norton suite à l'achat de kaspersky, mais aucuns anti virus n'est parfait.... 
Bon courage et bon  Hijackthis .

A plus

philo2100 · Answer

Ben, moi j'ai laissé Kasperky pour F-secure....pour le moment (2 ans) rien ne passe, mais les licenses ne sont pas données!

steph77phane · Answer

RE

encore 228 jrs d'abonnement à norton ensuite je changerais ! oui j'entends beaucoup parler de ce kapersky avec beaucoup d'éloges.
c vrai que les anti virus et les virus progressent cela est comme tout l'informatique et autres d'ailleurs , tout deviens obsolètes en 5mn. pour hijackthis étant novice (suis sur le net depuis dec 06) je l'ai découvert hier pour un virus nommé foto celular attrapper par messenger !!! merci pour tout a ++
tiens au courant

stephane

philo2100 · Answer

fais ceci, ce n'est pas sorcier...tous le monde le fait !
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Darkkiller · Answer

Re,

Tu t'est trompé de post Stef ^^

steph77phane · Answer

RE

suis à 57 600 dossiers effectuées seulement depuis 1h :

2 virus 
7 logiciels espions
et 4 ignorés

steph77phane · Answer

RE
 voici le rapport scan f secure !
je fait hijackthis maintenant



Scanning Report
Thursday, May 17, 2007 11:51:54 - 13:11:16
Computer name: BAYARD 
Scanning type: Scan system for viruses, rootkits, spyware 
Target: C:\ D:\ 


--------------------------------------------------------------------------------

Result: 18 malware found
Tracking Cookie (spyware) 
System (Disinfected) 
System 
System 
System 
System 
System 
System 
Trojan-Downloader.Win32.Zlob.bjy (virus) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\1255555A.EXE (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\12587F57.EXE (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\125C2953.EXE (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\22131627.EXE (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\487703D6.EXE (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\487B2DD2.EXE (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\591870F8.DLL (Submitted) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\5D2B1265.DLL (Submitted) 
W32/Downloader (virus) 
C:\WINDOWS\SYSTEM32\LOGUNIT.SYS (Submitted) 
W32/Malware (virus) 
C:\WINDOWS\SYSTEM32\HIDEKIT.EXE (Submitted) 
not-virus:Hoax.Win32.Renos.fo (virus) 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SYMANTEC\NORTON ANTIVIRUS\QUARANTINE\67DB7427.EXE (Submitted) 

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 65170 
System: 6530 
Not scanned: 8 
Actions:
Disinfected: 1 
Renamed: 0 
Deleted: 0 
None: 17 
Submitted: 11 
Files not scanned:
C:\HIBERFIL.SYS 
C:\PAGEFILE.SYS 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT 
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL 
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAM 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\DSCRP\SAMPLE_PICTURE01.JPG.41B2A334.MPD 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02031837543560B8AA0581DA039F8B52_0494E46B-FC3E-495B-8BE7-2A44920A2D0D 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C19E735E12AE28CD96285F0196F33159_0494E46B-FC3E-495B-8BE7-2A44920A2D0D 

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-05-16 
F-Secure AVP: 7.0.171, 2007-05-17 
F-Secure Orion: 1.2.37, 2007-05-17 
F-Secure Blacklight: 1.0.53 
F-Secure Draco: 1.0.35, 0260-23-12 
F-Secure Pegasus: 1.19.0, 2007-04-14 
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX 
Use Advanced heuristics 

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

steph77phane · Answer

RE

voici le rapport hijackthis !




Logfile of HijackThis v1.99.1
Scan saved at 13:26:02, on 17/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
C:\Anti-Virus (tous)\Spyware Doctor\sdtrayapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\NMain.exe
C:\Hijackthis\scanner.exe.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

steph77phane · Answer

RE

merci de votre aide à tous !!!
bonne app pour ceux qui vont manger !!!
je vais grignoter aussi tout en jetant un oeil

stephane

Darkkiller · Answer

Re,

Pourrais-tu vider la quarantaine de Norton ?

philo2100 · Answer

bien faits ceci:
https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-navifix.html

civad · Answer

http://search.atomz.com/search/?sp-q=hacktool.rootkit&sp-a=sp1002e9aa&sp-f=ISO-8859-1&sp-advanced=1&submit2=Rechercher&sp-w-control=0&sp-w=exact&sp-p=any&sp-c=10

philo2100 · Answer

comme il est mis dans ma page:
"appuyez de nouveau....on y arrive !
Voici enfin le menu:
choissez l'option 1-Recherche"

philo2100 · Answer

reçu...

steph77phane · Answer

RE 

voici un rapport : fixnavi


Search Navipromo version 2.0.1 commencé le 17/05/2007 à 13:58:47,26
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 10.05.2007 a 22h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes *** 

 


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\HP_Administrateur\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 05/17/07 at 13:58:51.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items ................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 05/17/07 at 14:06:18 (return code = 0).


*** Recherche fichiers *** 




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] 
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] 
 
 

Recherche Clé Magic Control 
 
 
 
*** Module de Recherche complémentaire *** 
(Recherche fichiers spécifiques) 
 
1)Recherche fichiers connus:


2)Recherche Heuristique :
* 
** 
*** 
**** 
***** 
****** 
******* 
******** 
 
 
*** Analyse Terminé le 17/05/2007 à 14:07:29,15 ***

philo2100 · Answer

Parfait log clean.
faits ceci:
https://leblogdeclaude.blogspot.com/2007/03/informatique-procdure-de-nettoyage.html

steph77phane · Answer

RE 

suis en nettoyage superspyware te recontact 1 fois fini !

philo2100 · Answer

ok...

steph77phane · Answer

RE

2 trojan.securityToolbar
5 Adware.trackingCookies de détecter mis en 40taine et supprimer 

je fais un hijackthis ?

philo2100 · Answer

ok, refaits un log HJT

steph77phane · Answer

RE 

voilà le rapport



Logfile of HijackThis v1.99.1
Scan saved at 17:12:22, on 17/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\windows\system\hpsysdrv.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\QConsole.exe
C:\Hijackthis\scanner.exe.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

steph77phane · Answer

RE

puis je faire une analyse complète avec norton tous en continuant à t'envoyer des messages et travailler sur pc

philo2100 · Answer

je te conseille ceci:
http://support.f-secure.fr/fra/home/ols.shtml
postes le log

philo2100 · Answer

reçu...

steph77phane · Answer

RE

scan f secure en cours 30 000 dossiers, détecter pour  l'immédiat :

4 skipped
2 virus
1 spyware

a+

philo2100 · Answer

ok postes moi le rapport complet...

steph77phane · Answer

salut 


voici le rapport f secure



Scanning Report
Thursday, May 17, 2007 19:39:28 - 20:57:08
Computer name: BAYARD 
Scanning type: Scan system for viruses, rootkits, spyware 
Target: C:\ D:\ 


--------------------------------------------------------------------------------

Result: 3 malware found
Tracking Cookie (spyware) 
System (Disinfected) 
W32/Downloader (virus) 
C:\WINDOWS\SYSTEM32\LOGUNIT.SYS (Submitted) 
W32/Malware (virus) 
C:\WINDOWS\SYSTEM32\HIDEKIT.EXE (Submitted) 

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 64605 
System: 6181 
Not scanned: 9 
Actions:
Disinfected: 1 
Renamed: 0 
Deleted: 0 
None: 2 
Submitted: 2 
Files not scanned:
C:\HIBERFIL.SYS 
C:\PAGEFILE.SYS 
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT 
C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{80EFD1A1-C877-438D-ADF7-A73A2C27CB8F}.BIN 
C:\PROGRAM FILES\FICHIERS COMMUNS\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL 
C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH\DBDAM 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MUVEE TECHNOLOGIES\030625\DSCRP\SAMPLE_PICTURE01.JPG.41B2A334.MPD 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\02031837543560B8AA0581DA039F8B52_0494E46B-FC3E-495B-8BE7-2A44920A2D0D 
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C19E735E12AE28CD96285F0196F33159_0494E46B-FC3E-495B-8BE7-2A44920A2D0D 

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2007-05-16 
F-Secure AVP: 7.0.171, 2007-05-17 
F-Secure Orion: 1.2.37, 2007-05-17 
F-Secure Blacklight: 1.0.53 
F-Secure Draco: 1.0.35, 2007-05-07 
F-Secure Pegasus: 1.19.0, 2007-04-14 
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX 
Use Advanced heuristics 

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

steph77phane · Answer

salut !

je crois que tu n'es plus là philo2100 moi je me reconnect demain matin vers 9h !

bon je te souhaite bonne nuit, philo 2100 !!! et merci on continura demain. pour rappel, le rapport est juste au dessus de ce message. 

bye

stephane

steph77phane · Answer

salut philo 2100!

bien dormi? 

bon il est 8h55 je commence un hjt et j'affiche le rapport suite au scan f secure affiché si dessus

steph77phane · Answer

voici le log hjt !!!



Logfile of HijackThis v1.99.1
Scan saved at 08:52:15, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SDTray] "C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

philo2100 · Answer

fais ctrl+alt+del
dans onglet processus, stoppe ceci:

 	C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe
---------------------------------------
coche+fixer objets
comment faire:
https://leblogdeclaude.blogspot.com/2007/05/comment-utiliser-hijackthis-fixer.html
------------------------------------------
Tu as trop de trucs qui démarrent inutilement avec le PC!
------------------------------------------------------------------
O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe 
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe 
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SDTray] "C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup 

O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\issch.exe" -start 

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe 
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe 
 	O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.ex
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
-----------------------------------------------
vérifies avec Spybot, je parie que tu as encore des trucs en zone blanche:
regardes ici les infos à ce sujet:
https://leblogdeclaude.blogspot.com/2007/03/informatique-supprimer-des-logiciels-au.html

philo2100 · Answer

Oh, que je n'aime pas les Rootkits !!
fais un scan avec cei:
http://www.sysinternals.com/Utilities/RootkitRevealer.html
colles le log.

philo2100 · Answer

Non, fixe aussi la liste...ça sera déjà ça en moins qui encombre...

philo2100 · Answer

Bien reçu

steph77phane · Answer

RE

voici le hjt après le spybot !!!

je m'occupe du scan pour le hacktool rootkit et te le fait parvenir  !!!!


Logfile of HijackThis v1.99.1
Scan saved at 11:30:09, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Anti-Virus (tous)\Spyware Doctor\SDTrayApp.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

philo2100 · Answer

re,
vire ça au plus vite de ton ordi:
C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe 
fermes le processsus avec ctrl+alt+del
désinstalles-le.
---------------------------------
coches ceci+fixer ceci:
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized 
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe 
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe 

-----------------------------------------------
inutile la version free ne sert à rien en temps réel !
-----------------------------------------------------------
stoppes ces services
tapes services.msc dans Exécuter:
regardes dans la colonne de droite:
Anti-Malware Development a.s.
Spyware Doctor Auxiliary Service 
Spyware Doctor Servic
-------------------------------

O23 - Service: - Anti-Malware Development a.s. - C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\guard.exe 
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Anti-Virus (tous)\Spyware Doctor\swdsvc.exe 
-------------------------------------------------------------------
dans la config AVG, vérifies:
Sur la page "état", choisir inactif pour le bouclier résident.
ne sert que pour le scan.
inutile la version free ne sert à rien en temps réel !

steph77phane · Answer

ok

je m'occupe de ceci après avoir fini le scan de ceci que tu m'a demander http://www.sysinternals.com/Utilities/RootkitRevealer.html 


dit moi si je peu le faire en meme temps sinon pour gagner du temps

philo2100 · Answer

Ne rien faire en même temps, tu vas ralentir ta machine....au pire bloquer tout !

philo2100 · Answer

oui, tu peux mettre les deux à la suite..pas de soucis.

philo2100 · Answer

en attente...sais pas si je serais toujours là...bientôt:
lunch time, ensuite boulot...

steph77phane · Answer

salut !!!


J'AI FOTO  CELULAR QUI EST REVENU !!!!!!!  EH MERDE  !


voici le resultat scan hacktool.rootkit
 je fais ce que tu m'a dit maintenant




HKLM\SECURITY\Policy\Secrets\SAC*	10/10/2005 14:47	0 bytes	Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*	10/10/2005 14:47	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed	18/05/2007 11:41	80 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\PCTools\Spyware Doctor\AUXSVCSTAT	18/05/2007 11:41	22 bytes	Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@www.commentcamarche[2].txt	18/05/2007 12:20	114 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@www.commentcamarche[3].txt	18/05/2007 11:34	115 bytes	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1093397129@x01[1]	18/05/2007 11:59	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1096668199@x01[1]	18/05/2007 12:11	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1101880018@x01[1]	18/05/2007 11:54	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1193694956@x01[1]	18/05/2007 11:56	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1474844752@x01[1]	18/05/2007 12:17	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1659072971@x01[1]	18/05/2007 12:00	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\1804935467@x01[1]	18/05/2007 12:18	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads.htm	18/05/2007 12:18	2.10 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[10].htm	18/05/2007 12:14	2.04 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[11].htm	18/05/2007 12:17	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[2].htm	18/05/2007 11:51	1.88 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[3].htm	18/05/2007 11:51	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[4].htm	18/05/2007 11:54	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[5].htm	18/05/2007 11:59	2.05 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[6].htm	18/05/2007 12:03	2.05 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[7].htm	18/05/2007 12:04	1.90 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[8].htm	18/05/2007 12:04	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ads[9].htm	18/05/2007 12:10	2.05 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\ajout[2].htm	18/05/2007 12:17	26.34 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\evaluer[1].htm	18/05/2007 12:17	1.00 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[2].gif	18/05/2007 11:54	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[3].gif	18/05/2007 11:56	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[4].gif	18/05/2007 11:57	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[5].gif	18/05/2007 12:00	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[6].gif	18/05/2007 12:00	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[7].gif	18/05/2007 12:11	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\hit[8].gif	18/05/2007 12:18	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\imgad[2].png	18/05/2007 11:46	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\imgad[3].png	18/05/2007 12:00	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\imgad[4].png	18/05/2007 12:03	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\imgad[5].png	18/05/2007 12:10	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\imgad[6].png	18/05/2007 12:17	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\LearnMode[1]	18/05/2007 12:20	1.92 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\SecurityCheck[1]	18/05/2007 12:20	1.18 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\statusTabBgBottom[1]	18/05/2007 12:20	289 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\statusTabSeparator[1]	18/05/2007 12:20	854 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\0VM6F5IF\warning_wht[1]	18/05/2007 12:20	1.02 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\1263286004@x01[1]	18/05/2007 11:59	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\1282598734@x01[1]	18/05/2007 12:10	305 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\1307206743@x01[1]	18/05/2007 12:00	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\1349562345@x01[1]	18/05/2007 11:51	305 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\1555294240@x01[1]	18/05/2007 11:57	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\1793303174@x01[1]	18/05/2007 12:17	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ads[3].htm	18/05/2007 11:57	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ads[4].htm	18/05/2007 12:00	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ads[5].htm	18/05/2007 12:14	1.88 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ads[6].htm	18/05/2007 12:17	1.86 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ads[7].htm	18/05/2007 12:17	1.95 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\affich-2998513-xp-d-virus-hacktool-rootkit-windows-syst32[1].htm	18/05/2007 12:20	260.81 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\affich-3003519-xp-d-virus-hacktool-rootkit-windows-syst32[1].htm	18/05/2007 12:03	31.35 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ajout[1].htm	18/05/2007 11:51	26.41 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\ajout[2].htm	18/05/2007 12:00	26.09 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\BackgroundOK[1]	18/05/2007 12:20	15.89 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\btn96x22set[1]	18/05/2007 12:20	2.89 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\empty[1].gif	18/05/2007 11:28	43 bytes	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\evaluer[2].htm	18/05/2007 12:06	1.00 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\evaluer[3].htm	18/05/2007 12:17	488 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\forum-7-virus-securite[1].htm	18/05/2007 11:28	102.20 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\forum-7-virus-securite[2].htm	18/05/2007 12:17	102.58 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[2].gif	18/05/2007 11:46	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[3].gif	18/05/2007 11:51	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[4].gif	18/05/2007 11:51	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[5].gif	18/05/2007 11:59	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[6].gif	18/05/2007 12:03	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[7].gif	18/05/2007 12:03	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[8].gif	18/05/2007 12:10	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\hit[9].gif	18/05/2007 12:20	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[2].png	18/05/2007 11:57	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[3].png	18/05/2007 11:59	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[4].png	18/05/2007 12:00	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[5].png	18/05/2007 12:03	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[6].png	18/05/2007 12:04	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[7].png	18/05/2007 12:14	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[8].png	18/05/2007 12:15	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\imgad[9].png	18/05/2007 12:17	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\NewStatus[1]	18/05/2007 12:20	73.88 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\spacer[1]	18/05/2007 12:20	67 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\SymButton[1]	18/05/2007 12:20	3.87 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QBCKMN7L\up_disabled[1].gif	18/05/2007 11:45	832 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\10036[1]	18/05/2007 12:20	23.97 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1094364763@x01[1]	18/05/2007 12:03	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1099058360@x01[1]	18/05/2007 12:00	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1314839211@x01[1]	18/05/2007 12:14	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1539728106@x01[1]	18/05/2007 11:51	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1842897516@x01[1]	18/05/2007 12:03	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1921435174@x01[1]	18/05/2007 11:46	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\1974056296@x01[1]	18/05/2007 12:04	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ads[4].htm	18/05/2007 11:46	2.09 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ads[5].htm	18/05/2007 11:55	2.08 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ads[6].htm	18/05/2007 11:56	2.08 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ads[7].htm	18/05/2007 11:57	2.05 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ads[8].htm	18/05/2007 12:00	1.90 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ads[9].htm	18/05/2007 12:20	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\affich-2998513-xp-d-virus-hacktool-rootkit-windows-syst32[2].htm	18/05/2007 11:33	237.23 KB	Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\affich-3003492-xp-d-virus-hacktool-rootkit-windows-syst32[1].htm	18/05/2007 12:00	33.52 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\affich-3003529-xp-d-virus-hacktool-rootkit-windows-syst32[1].htm	18/05/2007 12:20	35.91 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\ajout[1].htm	18/05/2007 11:59	26.21 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\down_enabled[1].gif	18/05/2007 11:45	833 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\empty[2].gif	18/05/2007 12:20	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\evaluer[2].htm	18/05/2007 11:53	1.00 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\evaluer[3].htm	18/05/2007 11:59	1.00 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\evaluer[4].htm	18/05/2007 12:06	488 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\hit[3].gif	18/05/2007 12:04	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\hit[4].gif	18/05/2007 12:14	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\hit[5].gif	18/05/2007 12:17	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\hit[6].gif	18/05/2007 12:17	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\hit[7].gif	18/05/2007 12:17	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[10].png	18/05/2007 12:20	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[3].png	18/05/2007 11:55	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[4].png	18/05/2007 11:57	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[5].png	18/05/2007 11:59	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[6].png	18/05/2007 12:04	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[7].png	18/05/2007 12:11	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[8].png	18/05/2007 12:14	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\imgad[9].png	18/05/2007 12:17	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\shared[1]	18/05/2007 12:20	30.66 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\statusHints[1]	18/05/2007 12:20	362 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\statusTabBg[1]	18/05/2007 12:20	322 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1J620QQ\xmlStrings[1]	18/05/2007 12:20	20.24 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1033817175@x01[1]	18/05/2007 12:15	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1172237451@x01[1]	18/05/2007 11:55	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1235598629@x01[1]	18/05/2007 12:20	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1249450947@x01[1]	18/05/2007 12:17	305 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1278278547@x01[1]	18/05/2007 12:20	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1350387455@x01[1]	18/05/2007 12:14	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1543212051@x01[1]	18/05/2007 12:17	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1851020937@x01[1]	18/05/2007 12:04	307 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\1888778849@x01[1]	18/05/2007 11:57	306 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ads[3].htm	18/05/2007 11:59	1.87 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ads[4].htm	18/05/2007 12:00	2.09 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ads[5].htm	18/05/2007 12:03	2.05 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ads[6].htm	18/05/2007 12:11	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ads[7].htm	18/05/2007 12:15	2.07 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ads[8].htm	18/05/2007 12:20	2.05 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ajout[1].htm	18/05/2007 12:04	26.13 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\ajout[2].htm	18/05/2007 12:14	26.40 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\check_wht[1]	18/05/2007 12:20	1.19 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\evaluer[3].htm	18/05/2007 11:53	488 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\evaluer[4].htm	18/05/2007 11:59	488 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[10].gif	18/05/2007 12:17	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[11].gif	18/05/2007 12:20	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[3].gif	18/05/2007 11:55	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[4].gif	18/05/2007 11:57	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[5].gif	18/05/2007 11:59	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[6].gif	18/05/2007 12:00	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[7].gif	18/05/2007 12:04	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[8].gif	18/05/2007 12:14	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\hit[9].gif	18/05/2007 12:15	43 bytes	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[3].png	18/05/2007 11:51	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[4].png	18/05/2007 11:51	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[5].png	18/05/2007 11:54	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[6].png	18/05/2007 11:56	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[7].png	18/05/2007 12:00	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[8].png	18/05/2007 12:18	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\imgad[9].png	18/05/2007 12:20	2.71 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW
is2005[1]	18/05/2007 12:20	3.27 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPWesource[1]	18/05/2007 12:20	13.83 KB	Hidden from Windows API.
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\TI6B5RPW\statusTabBgTop[1]	18/05/2007 12:20	294 bytes	Hidden from Windows API.
C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070517.073\vscanmsx.dat	18/05/2007 12:07	2.02 KB	Hidden from Windows API.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0894NAV~.TMP	18/05/2007 12:08	0 bytes	Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll	27/03/2007 23:20	252.00 KB	Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll	27/03/2007 23:20	111.50 KB	Visible in Windows API, but not in MFT or directory index.
D:	01/01/1601 02:00	0 bytes	Error mounting volume

steph77phane · Answer

salut !

voici HJT APRES avoir fixer certains élélments et un AVG pour rendre le bouclier inactif


Logfile of HijackThis v1.99.1
Scan saved at 15:24:22, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

steph77phane · Answer

salut !!!

alors qu'est ce qui cloche ???

steph77phane · Answer

SALUT !

dernier HJT 


KEL VIRUS IL Y A ???             ROOTKIT est il TOUJOURS PRESENT !!!

JE CROIS QUE FOTO  CELULAR EST REVENU !!!        j'attends une confirmation


Logfile of HijackThis v1.99.1
Scan saved at 17:48:58, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

philo2100 · Answer

re,
dans ce log il n'y a rien de critique.(hijackthis)
----------refaits un peu un  scan hacktool.rootkit , en faisant un CCleaner avant...trop de choses en tmp !

philo2100 · Answer

ok...

steph77phane · Answer

18/05/2007 a 18:48:30,25 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND 
 
*** Recherche des fichiers dans C:\Program Files 
*** Fin du rapport !

philo2100 · Answer

fait un peu un scan avec Bitdefender, il devrait le détecté et le supprimer:
""C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND "
ici:
http://www.bitdefender.fr/bd/site/search.php#

steph77phane · Answer

RE



voici le rapport hacktool rootkit




HKLM\SECURITY\Policy\Secrets\SAC*	10/10/2005 14:47	0 bytes	Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI*	10/10/2005 14:47	0 bytes	Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed	18/05/2007 18:54	80 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed	18/05/2007 18:53	4 bytes	Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful	18/05/2007 18:53	4 bytes	Data mismatch between Windows API and raw hive data.
C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070518.019\vscanmsx.dat	18/05/2007 19:17	2.02 KB	Hidden from Windows API.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll	27/03/2007 23:20	252.00 KB	Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll	27/03/2007 23:20	111.50 KB	Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\Debug\UserMode\userenv.log	18/05/2007 19:15	214 bytes	Hidden from Windows API.
D:	01/01/1601 02:00	0 bytes	Error mounting volume

steph77phane · Answer

OK 

JE FAIT LE SCAN BITDEFENDER

ET JE TE JOINT LE RAPPORT ENSUITE  MERCI !!

philo2100 · Answer

ok,
tu ciblera ceci:
System.EnterpriseServices.Wrapper.dll
dans 
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
http://www.virustotal.com/en/virustotalx.html
(Parcourir/ en haut de la page) puis tu fais send/tu colles le rapport.

steph77phane · Answer

RE

VOICI LE RAPPORT SCAN BIT DEFENDER







//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	18/05/2007	19:48:41
//
//-----------------------------------------------------------------


Statistics

Scan path	: C:\WINDOWS\system32\
Folders	: 277
Files	:  9093
Archives	: 31 
Packed files	: 401
Identified viruses	: 2
Infected files	: 2
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 2
Renamed files	: 0
I/O errors	: 12
Scan time	: 00:03:35
Scan speed (files/sec)	: 42

Virus definitions	: 507004
Scan plugins	: 14
Archive plugins	: 38
Unpack plugins	: 6
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\WINDOWS\system32\dllcache\se_fudeu.exe	Infected BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\system32\dllcache\se_fudeu.exe	Disinfection failed
C:\WINDOWS\system32\dllcache\se_fudeu.exe	Moved
C:\WINDOWS\system32\logunit.sys	Infected Win32.Worm.Agent.X
C:\WINDOWS\system32\logunit.sys	Disinfection failed
C:\WINDOWS\system32\logunit.sys	Moved

Scanned files

C:\=>Master Boot Record	OK
C:\=>Primary partition 1 (Active)	OK
C:\=>Primary partition 2	OK
C:\WINDOWS\system32\$ncsp$.inf	OK
C:\WINDOWS\system32\$winnt$.inf	OK
C:\WINDOWS\system32\1033\dwintl.dll	OK
C:\WINDOWS\system32\1036\dwintl.dll	OK
C:\WINDOWS\system32\12520437.cpx	OK
C:\WINDOWS\system32\12520850.cpx	OK
C:\WINDOWS\system32\24wwxsp1.txt	OK
C:\WINDOWS\system32\34CoInstaller.dll	OK
C:\WINDOWS\system32\6to4svc.dll	OK
C:\WINDOWS\system32\aaaamon.dll	OK
C:\WINDOWS\system32\aaclient.dll	OK
C:\WINDOWS\system32\access.cpl	OK
C:\WINDOWS\system32\acctres.dll	OK
C:\WINDOWS\system32\accwiz.exe	OK
C:\WINDOWS\system32\acelpdec.ax	OK
C:\WINDOWS\system32\acledit.dll	OK
C:\WINDOWS\system32\aclui.dll	OK
C:\WINDOWS\system32\activeds.dll	OK
C:\WINDOWS\system32\activeds.tlb	OK
C:\WINDOWS\system32\ActiveSkin.ocx	OK
C:\WINDOWS\system32\actmovie.exe	OK
C:\WINDOWS\system32\actxprxy.dll	OK
C:\WINDOWS\system32\admparse.dll	OK
C:\WINDOWS\system32\adptif.dll	OK
C:\WINDOWS\system32\adsldp.dll	OK
C:\WINDOWS\system32\adsldpc.dll	OK
C:\WINDOWS\system32\adsmsext.dll	OK
C:\WINDOWS\system32\adsnds.dll	OK
C:\WINDOWS\system32\adsnt.dll	OK
C:\WINDOWS\system32\adsnw.dll	OK
C:\WINDOWS\system32\advapi32.dll	OK
C:\WINDOWS\system32\advpack.dll	OK
C:\WINDOWS\system32\advpack.dll.mui	OK
C:\WINDOWS\system32\ahui.exe	OK
C:\WINDOWS\system32\alg.exe	OK
C:\WINDOWS\system32\alrsvc.dll	OK
C:\WINDOWS\system32\ALSNDMGR.CPL	OK
C:\WINDOWS\system32\amcompat.tlb	OK
C:\WINDOWS\system32\amstream.dll	OK
C:\WINDOWS\system32\ansi.sys	OK
C:\WINDOWS\system32\apcups.dll	OK
C:\WINDOWS\system32\append.exe	OK
C:\WINDOWS\system32\apphelp.dll	OK
C:\WINDOWS\system32\appmgmts.dll	OK
C:\WINDOWS\system32\appmgr.dll	OK
C:\WINDOWS\system32\appwiz.cpl	OK
C:\WINDOWS\system32\arp.exe	OK
C:\WINDOWS\system32\asctrls.ocx	OK
C:\WINDOWS\system32\asferror.dll	OK
C:\WINDOWS\system32\asr_fmt.exe	OK
C:\WINDOWS\system32\asr_ldm.exe	OK
C:\WINDOWS\system32\asr_pfu.exe	OK
C:\WINDOWS\system32\asycfilt.dll	OK
C:\WINDOWS\system32\at.exe	OK
C:\WINDOWS\system32\ati2cqag.dll	OK
C:\WINDOWS\system32\ati2dvag.dll	OK
C:\WINDOWS\system32\ati2edxx.dll	OK
C:\WINDOWS\system32\ati2evxx.dll	OK
C:\WINDOWS\system32\ati2evxx.exe	OK
C:\WINDOWS\system32\Ati2mdxx.exe	OK
C:\WINDOWS\system32\ati3duag.dll	OK
C:\WINDOWS\system32\ATIDDC.DLL	OK
C:\WINDOWS\system32\ATIDEMGR.dll	OK
C:\WINDOWS\system32\atifglpf.xml	OK
C:\WINDOWS\system32\atiicdxx.dat	OK
C:\WINDOWS\system32\atiiiexx.dll	OK
C:\WINDOWS\system32\atikvmag.dll	OK
C:\WINDOWS\system32\atioglx1.dll	OK
C:\WINDOWS\system32\atioglxx.dll	OK
C:\WINDOWS\system32\atipdlxx.dll	OK
C:\WINDOWS\system32\atitvo32.dll	OK
C:\WINDOWS\system32\ativcoxx.dll	OK
C:\WINDOWS\system32\ativvaxx.dll	OK
C:\WINDOWS\system32\atkctrs.dll	OK
C:\WINDOWS\system32\atl.dll	OK
C:\WINDOWS\system32\atl71.dll	OK
C:\WINDOWS\system32\atmadm.exe	OK
C:\WINDOWS\system32\atmfd.dll	OK
C:\WINDOWS\system32\atmlib.dll	OK
C:\WINDOWS\system32\atmpvcno.dll	OK
C:\WINDOWS\system32\atrace.dll	OK
C:\WINDOWS\system32\attrib.exe	OK
C:\WINDOWS\system32\audiodev.dll	OK
C:\WINDOWS\system32\audiosrv.dll	OK
C:\WINDOWS\system32\auditusr.exe	OK
C:\WINDOWS\system32\authz.dll	OK
C:\WINDOWS\system32\autochk.exe	OK
C:\WINDOWS\system32\autoconv.exe	OK
C:\WINDOWS\system32\autodisc.dll	OK
C:\WINDOWS\system32\AUTOEXEC.NT	OK
C:\WINDOWS\system32\autofmt.exe	OK
C:\WINDOWS\system32\autolfn.exe	OK
C:\WINDOWS\system32\avicap.dll	OK
C:\WINDOWS\system32\avicap32.dll	OK
C:\WINDOWS\system32\avifil32.dll	OK
C:\WINDOWS\system32\avifile.dll	OK
C:\WINDOWS\system32\avmeter.dll	OK
C:\WINDOWS\system32\avtapi.dll	OK
C:\WINDOWS\system32\avwav.dll	OK
C:\WINDOWS\system32\axaltocm.dll	OK
C:\WINDOWS\system32\basecsp.dll	OK
C:\WINDOWS\system32\basesrv.dll	OK
C:\WINDOWS\system32\batmeter.dll	OK
C:\WINDOWS\system32\batt.dll	OK
C:\WINDOWS\system32\bcbmm.dll	OK
C:\WINDOWS\system32\bcbsmp50.bpl	OK
C:\WINDOWS\system32\bcsprsrc.dll	OK
C:\WINDOWS\system32\BdaPlgIn.ax	OK
C:\WINDOWS\system32\bfc42.dll	OK
C:\WINDOWS\system32\bfc42d.dll	OK
C:\WINDOWS\system32\bidispl.dll	OK
C:\WINDOWS\system32\bios1.rom	OK
C:\WINDOWS\system32\bios4.rom	OK
C:\WINDOWS\system32\bios4.rom=>REMOVED_NULLS	OK
C:\WINDOWS\system32\bitsprx2.dll	OK
C:\WINDOWS\system32\bitsprx3.dll	OK
C:\WINDOWS\system32\blackbox.dll	OK
C:\WINDOWS\system32\blastcln.exe	OK
C:\WINDOWS\system32\bootcfg.exe	OK
C:\WINDOWS\system32\bootok.exe	OK
C:\WINDOWS\system32\bootvid.dll	OK
C:\WINDOWS\system32\bootvrfy.exe	OK
C:\WINDOWS\system32\bopomofo.uce	OK
C:\WINDOWS\system32\borlndmm.dll	OK
C:\WINDOWS\system32\browselc.dll	OK
C:\WINDOWS\system32\browser.dll	OK
C:\WINDOWS\system32\browseui.dll	OK
C:\WINDOWS\system32\browsewm.dll	OK
C:\WINDOWS\system32\bthci.dll	OK
C:\WINDOWS\system32\bthprops.cpl	OK
C:\WINDOWS\system32\bthserv.dll	OK
C:\WINDOWS\system32\btpanui.dll	OK
C:\WINDOWS\system32\cabinet.dll	OK
C:\WINDOWS\system32\cabview.dll	OK
C:\WINDOWS\system32\cacls.exe	OK
C:\WINDOWS\system32\calc.exe	OK
C:\WINDOWS\system32\camocx.dll	OK
C:\WINDOWS\system32\capesnpn.dll	OK
C:\WINDOWS\system32\capicom.dll	OK
C:\WINDOWS\system32\cards.dll	OK
C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\1.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\basecsp.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\codecs10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\DRM10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\FP4.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HPCRDP.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IASNT4.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IDNMitigationAPIs.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ie7.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\IMS.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB873339.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB883667.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB885250.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB885835.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB885836.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB886185.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB887472.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB887742.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB887998.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB888111WXPSP2.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB888113.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB888302.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB888795.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB890175.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB890859.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB891593.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB891781.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB892050.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893066.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893357.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893803v2_wxp.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB895961.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896358.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896422.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896428.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB898461.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899337.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899510.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900325.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900485.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901017.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB902400.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB902841.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903157.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904706.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904942.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905414.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905749.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB906569.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908250.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908519.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910393.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911927.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912024.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913580.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB913800.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914388.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB914389.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB915865.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916595.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917422.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917734.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917953.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918118.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB919007.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920213.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920342.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920670.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920683.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920685.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB920872.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922819.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923191.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923414.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923689.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923694.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923723.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB923980.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924191.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924270.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924496.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB924667.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925398.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925720.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925766.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925876.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925902.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB926239.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB926251.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB926255.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB926436.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB927779.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB927802.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB928090-IE7.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB928090.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB928255.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB928843.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929338.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929399.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB929969.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB930178.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB930916.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB931261.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB931768-IE7.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB931784.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB931836.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB932168.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB935448.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MAPIMIG.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\mediactr.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MPPRE10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSCompPackV1.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSMSGS.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msn7.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\msn9.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MSTSWEB.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\MW770.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}
etfx.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NLSDownlevelMapping.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5IIS.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NT5INF.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\NTPRINT.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem0.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem1.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem11.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem12.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem13.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem14.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem15.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem16.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem17.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem18.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem19.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem20.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem21.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem22.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem23.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem24.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem26.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem27.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem29.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem30.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem31.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem32.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem33.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem34.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem35.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem36.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem37.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem38.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem39.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem4.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem40.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem41.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem42.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem43.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem44.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem45.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem46.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem47.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem48.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem49.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem5.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem50.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem51.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem52.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem53.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem54.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem55.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem56.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem57.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem58.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem59.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem6.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem61.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem62.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem63.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem64.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem65.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem66.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem67.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem68.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem69.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem7.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem70.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem71.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem72.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem73.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem74.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem75.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem77.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem78.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem79.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem8.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem80.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem81.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem82.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem83.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem84.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem9.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\OEMBIOS.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\plus.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\PresentationFontCache.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\sonic.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\SP2.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	abletpc.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIC.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMDM10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmerrenu.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFSDK10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\wmp11.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WPD10.CAT	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Wudf01000.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\XpsEPSC.cat	OK
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\XPSEPSCLP.cat	OK
C:\WINDOWS\system32\CatRoot2\dberr.txt	OK
C:\WINDOWS\system32\CatRoot2\edb.chk	OK
C:\WINDOWS\system32\CatRoot2\edb.chk=>REMOVED_NULLS	OK
C:\WINDOWS\system32\CatRoot2\edb.log	OK
C:\WINDOWS\system32\CatRoot2\edb000B2.log	OK
C:\WINDOWS\system32\CatRoot2\edb000B3.log	OK
C:\WINDOWS\system32\CatRoot2es1.log	OK
C:\WINDOWS\system32\CatRoot2es2.log	OK
C:\WINDOWS\system32\CatRoot2	mp.edb	OK
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb	OK
C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp	OK
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb	OK
C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp	OK
C:\WINDOWS\system32\catsrv.dll	OK
C:\WINDOWS\system32\catsrvps.dll	OK
C:\WINDOWS\system32\catsrvut.dll	OK
C:\WINDOWS\system32\cc3250.dll	OK
C:\WINDOWS\system32\cc3250mt.dll	OK
C:\WINDOWS\system32\ccfgnt.dll	OK
C:\WINDOWS\system32\cdfview.dll	OK
C:\WINDOWS\system32\cdm.dll	OK
C:\WINDOWS\system32\cdmodem.dll	OK
C:\WINDOWS\system32\cdosys.dll	OK
C:\WINDOWS\system32\cdplayer.exe.manifest	OK
C:\WINDOWS\system32\certcli.dll	OK
C:\WINDOWS\system32\certmgr.dll	OK
C:\WINDOWS\system32\certmgr.msc	OK
C:\WINDOWS\system32\cewmdm.dll	OK
C:\WINDOWS\system32\cfgbkend.dll	OK
C:\WINDOWS\system32\cfgmgr32.dll	OK
C:\WINDOWS\system32\charmap.exe	OK
C:\WINDOWS\system32\Chaînes.scf	OK
C:\WINDOWS\system32\chcp.com	OK
C:\WINDOWS\system32\chkdsk.exe	OK
C:\WINDOWS\system32\chkntfs.exe	OK
C:\WINDOWS\system32\CHODDI.SYS	OK
C:\WINDOWS\system32\ciadmin.dll	OK
C:\WINDOWS\system32\ciadv.msc	OK
C:\WINDOWS\system32\cic.dll	OK
C:\WINDOWS\system32\cidaemon.exe	OK
C:\WINDOWS\system32\ciodm.dll	OK
C:\WINDOWS\system32\cipher.exe	OK
C:\WINDOWS\system32\cisvc.exe	OK
C:\WINDOWS\system32\ckcnv.exe	OK
C:\WINDOWS\system32\clb.dll	OK
C:\WINDOWS\system32\clbcatex.dll	OK
C:\WINDOWS\system32\clbcatq.dll	OK
C:\WINDOWS\system32\cleanmgr.exe	OK
C:\WINDOWS\system32\cliconf.chm	OK
C:\WINDOWS\system32\cliconf.chm=>/#SYSTEM	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_apple.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_apple.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_ipxspx1.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_ipxspx1.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_ipxspx2.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_ipxspx2.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_multi.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_multi.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_namedpipes.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_namedpipes.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_others.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_others.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_tcpip.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_tcpip.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_vines.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_add_vines.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_alias.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_alias.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_dblib.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_dblib.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_general.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_general.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_netlib.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/idh_netlib.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_add_(or_edit)_via_library_configuration.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_add_(or_edit)_via_library_configuration.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_appletalk_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_appletalk_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_banyan_vines_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_banyan_vines_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_alias_a_client_to_an_alternate_pipe.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_alias_a_client_to_an_alternate_pipe.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_check_the_library_version_numbers.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_check_the_library_version_numbers.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_use_the_windows_sockets_net.2d.library_.28.windows.2d_.or_windows_nt.2d.based_clients.29.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_helphow_to_verify_that_sql_server_is_listening_on_appletalk_and_can_accept_a_client_connection.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_add_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_check_the_odbc_sql_server_driver_version_.28.windows_95.2d.based_clients.29.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_a_nonstandard_network_protocol.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_appletalk_network_protocol.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_banyan_vines_network_protocol.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_nwlink_ipx.2f.spx_network_protocol.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_configure_a_client_to_use_the_via_network_library_(client_network_utility).htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_create_an_alias_for_a_specific_server_name_to_use_the_multi.2d.protocol_net.2d.library.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_delete_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_edit_a_network_protocol_configuration_.28.client_configuration_utility.29.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_set_db.2d.library_conversion_preference.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_set_db.2d.library_conversion_preference.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_how_to_start_the_sql_client_configuration_utility_.28.windows_nt.2d_.or_windows_95.2d_.based_client.29.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_managing_clients.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_managing_clients.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_multiprotocol_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_multiprotocol_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_named_pipes_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_named_pipes_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_nwlink_ipx!spx_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_nwlink_ipx!spx_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_sql_server_2000_copyright_and_disclaimer.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_sql_server_2000_copyright_and_disclaimer.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_tcp!ip_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_tcp!ip_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_topic_unavailable_in_help.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_topic_unavailable_in_help.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_via_protocol_default_value_setup.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_via_protocol_default_value_setup.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/_what_is_microsoft_sql_server_client_configurationy.htm	OK
C:\WINDOWS\system32\cliconf.chm=>/_what_is_microsoft_sql_server_client_configurationy.htm=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/plus.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coUA.css	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coUA_Ex.css	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coUA_Print.css	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto.css	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto.js	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto.js=>(JAVASCRIPT 1)	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto.js=>(JAVASCRIPT 2)	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto.js=>(JAVASCRIPT 3)	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/shared.js	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/banner.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/banner2.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/banner_.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/banner_2.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/caution.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coC.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coCb.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coE.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/coEb.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/elle.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/glossaryclick.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/glossaryCold.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/glossaryHot.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/important.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/keybrd.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto_.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/mailto_c.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/note.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/relglyph.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/relglyph_.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/relglyph_c.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/shortcutclick.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/shortcutcold.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/shortcuthot.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/spacer.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/tip.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/Basics/warning.gif	OK
C:\WINDOWS\system32\cliconf.chm=>/cliconf.hhc	OK
C:\WINDOWS\system32\cliconf.chm=>/#WINDOWS	OK
C:\WINDOWS\system32\cliconf.chm=>/#IVB	OK
C:\WINDOWS\system32\cliconf.chm=>/$WWKeywordLinks/Property	OK
C:\WINDOWS\system32\cliconf.chm=>/$WWAssociativeLinks/Property	OK
C:\WINDOWS\system32\cliconf.chm=>/$OBJINST	OK
C:\WINDOWS\system32\cliconf.chm=>/$FIftiMain	OK
C:\WINDOWS\system32\cliconf.chm=>/#IDXHDR	OK
C:\WINDOWS\system32\cliconf.chm=>/#TOCIDX	OK
C:\WINDOWS\system32\cliconf.chm=>/#TOPICS	OK
C:\WINDOWS\system32\cliconf.chm=>/#URLTBL	OK
C:\WINDOWS\system32\cliconf.chm=>/#URLSTR	OK
C:\WINDOWS\system32\cliconf.chm=>/#STRINGS	OK
C:\WINDOWS\system32\cliconfg.dll	OK
C:\WINDOWS\system32\cliconfg.exe	OK
C:\WINDOWS\system32\cliconfg.rll	OK
C:\WINDOWS\system32\clipbrd.exe	OK
C:\WINDOWS\system32\clipsrv.exe	OK
C:\WINDOWS\system32\clusapi.dll	OK
C:\WINDOWS\system32\cmcfg32.dll	OK
C:\WINDOWS\system32\cmd.exe	OK
C:\WINDOWS\system32\cmdial32.dll	OK
C:\WINDOWS\system32\cmdl32.exe	OK
C:\WINDOWS\system32\cmdlib.wsc	OK
C:\WINDOWS\system32\cmdlib.wsc=>(VBSCRIPT   1)	OK
C:\WINDOWS\system32\cmmgr32.hlp	OK
C:\WINDOWS\system32\cmmon32.exe	OK
C:\WINDOWS\system32\cmos.ram	OK
C:\WINDOWS\system32\cmpbk32.dll	OK
C:\WINDOWS\system32\cmprops.dll	OK
C:\WINDOWS\system32\cmsetACL.dll	OK
C:\WINDOWS\system32\cmstp.exe	OK
C:\WINDOWS\system32\cmutil.dll	OK
C:\WINDOWS\system32\cnbjmon.dll	OK
C:\WINDOWS\system32\cnetcfg.dll	OK
C:\WINDOWS\system32\cnvfat.dll	OK
C:\WINDOWS\system32\colbact.dll	OK
C:\WINDOWS\system32\Com\comadmin.dll	OK
C:\WINDOWS\system32\Com\comempty.dat	OK
C:\WINDOWS\system32\Com\comexp.msc	OK
C:\WINDOWS\system32\Com\comrepl.exe	OK
C:\WINDOWS\system32\Com\comrereg.exe	OK
C:\WINDOWS\system32\Com\mtsadmin.tlb	OK
C:\WINDOWS\system32\comaddin.dll	OK
C:\WINDOWS\system32\comcat.dll	OK
C:\WINDOWS\system32\comctl32.dll	OK
C:\WINDOWS\system32\comctl32.ocx	OK
C:\WINDOWS\system32\comdlg32.dll	OK
C:\WINDOWS\system32\comm.drv	OK
C:\WINDOWS\system32\command.com	OK
C:\WINDOWS\system32\commdlg.dll	OK
C:\WINDOWS\system32\comp.exe	OK
C:\WINDOWS\system32\compact.exe	OK
C:\WINDOWS\system32\compatUI.dll	OK
C:\WINDOWS\system32\compmgmt.msc	OK
C:\WINDOWS\system32\compobj.dll	OK
C:\WINDOWS\system32\compstui.dll	OK
C:\WINDOWS\system32\comrepl.dll	OK
C:\WINDOWS\system32\comres.dll	OK
C:\WINDOWS\system32\comsnap.dll	OK
C:\WINDOWS\system32\comsvcs.dll	OK
C:\WINDOWS\system32\comuid.dll	OK
C:\WINDOWS\system32\config\ACEEvent.evt	OK
C:\WINDOWS\system32\config\AppEvent.Evt	OK
C:\WINDOWS\system32\config\default	OK
C:\WINDOWS\system32\config\default.LOG	OK
C:\WINDOWS\system32\config\default.sav	OK
C:\WINDOWS\system32\config\IntelDH.evt	OK
C:\WINDOWS\system32\config\Internet.evt	OK
C:\WINDOWS\system32\config\Media Ce.evt	OK
C:\WINDOWS\system32\config\SAM	OK
C:\WINDOWS\system32\config\SAM.LOG	OK
C:\WINDOWS\system32\config\SecEvent.Evt	OK
C:\WINDOWS\system32\config\SECURITY	OK
C:\WINDOWS\system32\config\SECURITY.LOG	OK
C:\WINDOWS\system32\config\software	OK
C:\WINDOWS\system32\config\software.LOG	OK
C:\WINDOWS\system32\config\software.sav	OK
C:\WINDOWS\system32\config\SysEvent.Evt	OK
C:\WINDOWS\system32\config\system	OK
C:\WINDOWS\system32\config\system.LOG	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Address Book\Administrateur.wab	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Address Book\Administrateur.wab~	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.cch	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.0.3705\security.config.old	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BBA88436E92E1ABCED8E68D74DC5B38	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E04822AD18D472EA5B582E6E6F8C6B9A	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BBA88436E92E1ABCED8E68D74DC5B38	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E04822AD18D472EA5B582E6E6F8C6B9A	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.bak	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\brndlog.txt	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt=>(JAVASCRIPT 1)	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt=>(JAVASCRIPT 6)	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Bureau.scf	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Internet Explorer.lnk=>C:\Program Files\Internet Explorer\IEXPLORE.EXE	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk=>C:\WINDOWS\ehome\ehshell.exe	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\RealPlayer.lnk=>C:\Program Files\Real\RealPlayerealplay.exe	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\CREDHIST	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1409082233-1078081533-682003330-500\c6dea64b-c82a-4328-88bf-18a2280a2aa5	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Protect\S-1-5-21-1409082233-1078081533-682003330-500\Preferred	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Category.dat	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\Messages.dat	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\Msg\SCategory.dat	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Realnadminnsystem.dat	OK
C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec\PendingAlertsQueue.log	OK
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Desktop.ini	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Guide des stations de radio.url	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Hotmail.url	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Personnaliser les liens.url	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Windows Media.url	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\Liens\Windows.url	OK
C:\WINDOWS\system32\config\systemprofile\Favoris\MSN.com.url	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\MCInstaller.exe.c95982a.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory
gen.exe.2c05686e.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistoryegasm.exe.11f1da13.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegAsm.exe.ca35bcc8.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\RegisterMCEApp.exe.19d07aaf.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SetupMCL.exe.cacc9309.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\SL62.tmp.124d7965.ini	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\Profiles.xml	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\IconCache.db	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\1036.MST	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>other.zip	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>other.zip=>lib/charsets.pack	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>other.zip=>lib/ext/localedata.pack	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_de.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_es.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_fr.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_it.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_ja.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_ko.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_sv.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_zh_CN.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>LICENSE_zh_TW.rtf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>bin/eula.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/audio/soundbank.gm	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/cmm/PYCC.pf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaBrightDemiBold.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaBrightDemiItalic.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaBrightItalic.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaBrightRegular.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaSansDemiBold.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaTypewriterBold.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>extra.zip=>lib/fonts/LucidaTypewriterRegular.ttf	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/awt.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/axbridge.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/client/jvm.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/client/Xusage.txt	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/cmm.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/dcpr.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/deploy.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/dt_shmem.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/dt_socket.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/fontmanager.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/hpi.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/hprof.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded CAB)=>core1.zip=>bin/instrument.dll	OK
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150050}\J2SE Runtime Environment 5.0 Update 5.msi=>(Embedded C

philo2100 · Answer

Bien, encore des trucs pas nets de virer !

pas de CONFLICT.1 dans le log
cible ceci aussi,:
http://www.virustotal.com/en/virustotalx.html


C:\WINDOWS\Downloaded Program Files\CONFLICT.1

philo2100 · Answer

je t'explique 
tu fais parcourir (en haut de la page) avec le lien que je t'ai fourni 
ici---->
http://www.virustotal.com/en/virustotalx.html

en ciblant le fameux fichier "System.EnterpriseServices.Wrapper.dll "
avec le bouton "parcourir"
Tu vas le trouver dans 
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\
une fois que tu es dessus, tu l'envoyes en faisant clic sur send
Il envoye en fait une copie qui est analysée en ligne.
En fait ça permet d'analyser un seul fichier douteux par une série d'anti-virus en ligne.

steph77phane · Answer

RE

problème je ne trouve que :

C:\WINDOWS\assembly\     

 PAS LE       GAC_32

\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\               

ET NI CECI       
 System.EnterpriseServices.dll 


            CECI JE LE TROUVE OU ?
System.EnterpriseServices.Wrapper.dll 




http://www.virustotal.com/en/virustotalx.html 
(Parcourir/ en haut de la page) puis tu fais send/tu colles le rapport.

philo2100 · Answer

Bon, 
Cliquer sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Cocher « afficher les fichiers et dossiers cachés »
Décocher la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher « masquer les extensions dont le type est connu »
Puis faire «Ok» pour valider les changements.
--------------------------------
recherches avec explorer:
System.EnterpriseServices.Wrapper.dll

steph77phane · Answer

J'ai trouvé le fichier mais dans 2 endroits :

c:\windows\winsxs\x86_System.entreprisesServices_bO3f5f7f11d50a3a_2.0.0.0__x-ww_7d5f3790

ET

C/\windows\Microsoft.NET\Framework\v2.0.50727

Lequel je prends ??

Désolé, mais ça fatigue

steph77phane · Answer

RE


ma recherche pour  :

pas de CONFLICT.1 dans le log 
cible ceci aussi,: 
http://www.virustotal.com/en/virustotalx.html 


C:\WINDOWS\Downloaded Program Files\CONFLICT.1 

donne ceci pour l'instant:


C:\WINDOWS\Downloaded Program Files\       PLUS RIEN APRES

Quand je fais une recherche par explorer en demandant de trouver CONFLICT.1 =  il me donne comme réponse :

Symantec AntiVirus scanner 

et 

Symantec RuFSI Utility Class
dans C:\WINDOWS\Downloaded Program Files

Dans les Propriétés de ces deux fichier, il indique comme dépendance : Endommagé

philo2100 · Answer

Lequel je prends ?? 
test les deux..
sorry à demain

steph77phane · Answer

SALUT !!


RECHERCHE 1 à la base :
tu ciblera ceci: 
System.EnterpriseServices.Wrapper.dll 
dans  C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 

TROUVER 1
\windows\winsxs\x86_System.entreprisesServices_bO3f5f7f11d50a3a_2.0.0.0__x-ww_7d5f3790

RAPPORT 1 :
0 bytes size received / Se ha recibido un archivo vacio


TROUVER 2
C/\windows\Microsoft.NET\Framework\v2.0.50727

RAPPORT 2 :
PAS DE RAPPORT EMIS



MAIS APRES UNE RELECTURE JE L'AI RETROUVER DANS

le rapport hacktool rootkit du vendredi 18 mai 2007 à 19:39:31


HKLM\SECURITY\Policy\Secrets\SAC* 10/10/2005 14:47 0 bytes Key name contains embedded nulls (*) 
HKLM\SECURITY\Policy\Secrets\SAI* 10/10/2005 14:47 0 bytes Key name contains embedded nulls (*) 
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 18/05/2007 18:54 80 bytes Data mismatch between Windows API and raw hive data. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 18/05/2007 18:53 4 bytes Data mismatch between Windows API and raw hive data. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 18/05/2007 18:53 4 bytes Data mismatch between Windows API and raw hive data. 
C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070518.019\vscanmsx.dat 18/05/2007 19:17 2.02 KB Hidden from Windows API. 
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll 27/03/2007 23:20 252.00 KB Visible in Windows API, but not in MFT or directory index. 
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll 27/03/2007 23:20 111.50 KB Visible in Windows API, but not in MFT or directory index. 
C:\WINDOWS\Debug\UserMode\userenv.log 18/05/2007 19:15 214 bytes Hidden from Windows API. 
D: 01/01/1601 02:00 0 bytes Error mounting volume







RECHERCHE 2 à la base :
pas de CONFLICT.1 dans le log 
cible ceci aussi,: 
http://www.virustotal.com/en/virustotalx.html 
C:\WINDOWS\Downloaded Program Files\CONFLICT.1 

RESULTAT DE LA RECHERCHE :
C:\WINDOWS\Downloaded Program Files\CONFLICT.1

donne ceci pour l'instant: 
C:\WINDOWS\Downloaded Program Files\                PLUS RIEN APRES 

Quand je fais une recherche par explorer en demandant de trouver CONFLICT.1 = il me donne comme réponse : 

Symantec AntiVirus scanner 
et 
Symantec RuFSI Utility Class 
dans C:\WINDOWS\Downloaded Program Files 

Dans les Propriétés de ces deux fichier, il indique comme dépendance : Endommagé


TROUVER 1
Symantec AntiVirus scanner 
RAPPORT 1 :
PAS DE RAPPORT EMIS


TROUVER 2
Symantec RuFSI Utility Class 
RAPPORT 2 :
PAS DE RAPPORT EMIS

steph77phane · Answer

RE !!!


A TOUT A L'HEURE J'ESPERE !!

VOICI MON DERNIER     HJT    ET JE VAIS ME COUCHER

A + TARD  ET MERCI ENCORE POUR TON AIDE PRECIEUSE !!!!!!



Logfile of HijackThis v1.99.1
Scan saved at 00:19:10, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

philo2100 · Answer

pour faire cour
deux anti-virus sur ton PC ?
----------------------------
jamais deux anti-virus dans un PC, si on a un doute sur l'éfficacité d'un antivirus, soit on désinstalle et on réinstalle l'autre, soit on fait des scan en ligne en + , mais jamais installer deux antivirus.
-----------------------------------------------------------------------
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdswitch.exe 
---------------------------------------------------------------
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe 
---------------------------------------
* Télécharge MSNFix.zip de !aur3n7 sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire tout) et double clique sur le fichier MSNFix.bat.
- Choisis l'option R.
- Si l'infection est détectée, exécutes l'option N.

Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum,

steph77phane · Answer

RE 

MOINS NOVICE  MAIS IL ME SEMBLAIT BIEN QU4IL FALLAIT QUE 1 ANTI VIRUS 



JE ME D2BARRASSE DE BIT DEFENDER ALORS ?

steph77phane · Answer

RE !!!


BON JE T'AI REFAIT UN HJT EN ESPERANT QU'IL NE SOIT PAS MOCHE ! AU CAS OU TU ME LE DEMANDE! JE SAIS MAIS SEULEMENT POUR CELA J'ANTICIPE




Logfile of HijackThis v1.99.1
Scan saved at 11:08:29, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

steph77phane · Answer

RE

BON JE SUIS ALLER DANS AJOUT/SUPPRESSION DE PROGRAMME ET J'AI DESINSTALLE ANTI VIRUS BIT DEFENDER

QUE ME PRECONISEZ VOUS MAINTENANT ?

steph77phane · Answer

HELLO 


DOIS JE FAIRE UN SCAN CCLEANER ???

philo2100 · Answer

salut Steph,
enlèves le caps-lock de ton clavier stp.
Ne pas écrire en lettre majuscule sur le Net...ça équivaut à crier. ok ? Merci.
------------------------------------------------------------

coches+fixer ceci:dans hijackthis

O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" 
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) 
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 

--------------------------------------------------------
vas dans Exécuter/tapes services.msc
arrêtes ce service:
BitDefender Scan Server
BitDefender Communicator 
 Google Updater Service 
------------------------------------

steph77phane · Answer

Désolé pour les majuscules, je ne savais pas. ce n'était pas mon intention 

Je vais faire ce que tu me conseille

A toute

philo2100 · Answer

Pas de soucis...ce sont des petites choses qui peuvent échapper quand on débute...t'en fait pas pour ça !

steph77phane · Answer

voici ce que tu ma demandé


coches+fixer ceci:dans hijackthis 

O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe" 
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" 
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) 
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) 
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 

-------------------------------------------------------- 
vas dans Exécuter/tapes services.msc 
arrêtes ce service: 
BitDefender Scan Server 
BitDefender Communicator 
Google Updater Service 


j'avais désinstaller bit defender donc je n'ai rien trouver dans les 2 étapes sur lui.

dans Exécuter/tapes services.msc 
arrêtes service: 

BitDefender Scan Server 
BitDefender Communicator 
Google Updater Service                            il ne paraissait pas en service

philo2100 · Answer

ok,
repostes un log Hijackthis
-----------------------------------
ensuite fais ceci: (avec Internet Explorer)
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

steph77phane · Answer

re

je te prie de m'excuser mais je dois m'en aller car je suis inviter !

je serais peut être là dans la soirée mais demain c sur que je serais sur le site .

si tu as des mainupaltions à me donner que je puisse les appliquer dès mon retour n'hésite pas .

bon je te souhaite une bonne après midi 

à+ stephane

philo2100 · Answer

ok, relis le 111
tu feras un scan ici:
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

philo2100 · Answer

relis le 113+111

steph77phane · Answer

tiens voici le HJT demandé 


aller j'y vais car comme d'hab je suis en retard mais c tellement prenant et j'aime un peu cela aussi je dois avouer .

merci pour tout 

à +





Logfile of HijackThis v1.99.1
Scan saved at 12:31:34, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

philo2100 · Answer

ok, j'attends le résultat du scan.
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

steph77phane · Answer

voici le rapport du scan demandé 




                                                        
This action will cancel the scan
Are you sure you want to cancel the scan?

If you want to continue using the Internet, just open another window in your browser.
  Español | English  Searching for 882,724 viruses, spyware

This action normally takes about 1 minute (depending on the characteristics of your PC and the speed of your Internet connection).

 

Searching for running malicious processes...

 
 
Congratulations!
NanoScan has not detected any viruses, spyware, Trojans, or any other ACTIVE threats on your PC.

(Scan completed in 28 seconds)
We have detected that Norton Internet Security 2006 is enabled and up-to-date.

An error occurred during the scan. We advise you to scan again.

 Scan details 
  High danger level (  )

  Medium danger level (  )

  Low danger level (  )

  Suspicious files (  )

 
We recommend you use TotalScan
To ensure that your PC is clean we advise you to scan with the new TotalScan, which detects and disinfects ACTIVE and LATENT malicious software 

 
NanoScan TotalScan 
Detection 882,724
 962,116
 
Disinfection No
 Yes
 
Size ~ 400k
 ~ 20MB
 
Scan time ~ 1 minute
 ~ 5 minutes
 
Types of viruses Active
 Active + Latent
 


Home | What is NanoScan? | Blog | Your opinion | FAQ 
Use of NanoScan is subject to acceptance of the Terms and conditions of use
This is a Panda project

steph77phane · Answer

bon aller j'y vais vraiment 

je suis encore désoler  et te remerci encore pour tout

à + tard

philo2100 · Answer

Ok, ensuite tu feras un:
We recommend you use TotalScan 
Il faudra t'enregistrer pour désinfecter.

steph77phane · Answer

bonsoir philo 2100,

voici le rapport total scan après désinfection (90 objets trouvés et infectés)




;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-05-19 21:45:44
PROTECTIONS: 1
MALWARE: 18
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description                                  Version                       Active    Updated
;===================================================================================================================================================================================
Norton Internet Security 2006                2006                          Yes       Yes
;===================================================================================================================================================================================
MALWARE
Id        Description                        Type                Active    Severity  Disinfectable  Disinfected Location
;===================================================================================================================================================================================
00101555  Application/KillApp.B              HackTools           No        0         Yes            No           C:\hp\bin\KillIt.exe
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@doubleclick[1].txt
00139061  Cookie/Doubleclick                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\VIRGINIE\Cookies\virginie@doubleclick[1].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\VIRGINIE\Cookies\virginie@atdmt[2].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[3].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@atdmt[2].txt
00139064  Cookie/Atlas DMT                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\STEPHANE\Cookies\stephane@atdmt[1].txt
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012920.exe
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0013037.exe
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Bureau\MSNFix.zip[MSNFix/incl/Process.exe]
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\Anti-Virus (tous)\MSNFix\incl\Process.exe
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\WINDOWS\system32\Process.exe
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\Program Files\Navilog1\Process.exe
00139535  Application/Processor              HackTools           No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\X7YTRTKS\MSNFix[1].zip[MSNFix/incl/Process.exe]
00145405  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@247realmedia[2].txt
00145405  Cookie/RealMedia                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@247realmedia[1].txt
00145460  Cookie/2o7                         TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[2].txt
00145460  Cookie/2o7                         TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@2o7[3].txt
00145731  Cookie/Tribalfusion                TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@tribalfusion[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[2].txt
00145738  Cookie/Mediaplex                   TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@mediaplex[1].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@xiti[1].txt
00167704  Cookie/Xiti                        TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@xiti[2].txt
00168090  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\VIRGINIE\Cookies\virginie@serving-sys[2].txt
00168093  Cookie/Serving-sys                 TrackingCookie      No        0         Yes            No           C:\Documents and Settings\VIRGINIE\Cookies\virginie@bs.serving-sys[1].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\VIRGINIE\Cookies\virginie@weborama[2].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[1].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@weborama[2].txt
00168106  Cookie/Weborama                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\STEPHANE\Cookies\stephane@weborama[1].txt
00172449  Cookie/MetriWeb                    TrackingCookie      No        0         Yes            No           C:\Documents and Settings\VIRGINIE\Cookies\virginie@metriweb[1].txt
00173520  Cookie/Bluestreak                  TrackingCookie      No        0         Yes            No           C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@bluestreak[2].txt
00238695  Application/Pskill.K               HackTools           No        0         Yes            No           C:\Hijackthis\clean\pskill.exe
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0011412.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP68\A0013230.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012411.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0011411.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP68\A0013229.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012460.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP70\A0013406.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP68\A0013201.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012412.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012991.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012499.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012502.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012512.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012513.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012520.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012551.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012554.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012555.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012557.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012560.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012562.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012564.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012566.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012572.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012573.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012574.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012604.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012606.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012611.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP63\A0012669.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP63\A0012689.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP63\A0012691.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP63\A0012721.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP63\A0012723.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP63\A0012725.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012933.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012731.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012757.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012777.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012779.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012809.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012811.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012813.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012461.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012875.sys
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012876.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012912.scr
00529859  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\Anti-Virus (tous)\MSNFix\19052007_10442384.zip[backup/svchost.exe]
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012932.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP64\A0012730.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012497.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0011410.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP68\A0013200.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP67\A0012874.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012459.exe
00529861  Rootkit/Oddysee.B                  HackTools           No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012410.exe
00529864  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012492.exe
00529864  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP62\A0012487.exe
00529864  W32/Fotcel.A.worm                  Virus/Worm          No        0         Yes            No           C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP70\A0013405.exe
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

steph77phane · Answer

Bonjour philo 2100,

à la suite du totalscan , je t'ai affiché le hjt .
en espérant que mon pc ce porte mieux.




Logfile of HijackThis v1.99.1
Scan saved at 09:18:19, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe






modif que je viens d'effectuer  renommer mon fichier c:/Hijacthis\scanner.exe.exe en : 
c:/Hijacthis\scanner.exe

philo2100 · Answer

Bien,
tapes ceci dans Démarrer/Exécuter/
%SystemRoot%\System32\restore\rstrui.exe
tu as une fenêtre qui s'ouvre.
en bas à droite du clic sur le lien paramètres de Paramètre de la restauration du système.
Coches "Désactiver la restauration du système sur tous les lecteurs".
Reboot ta machine
refaits l'inverse, recoche.

--------------------------------------------------------------------
(90 objets trouvés et infectés) 
il faut t'inscrire, je crois pour désinfecté ?
l'as tu fais ?

philo2100 · Answer

Bien,
donnes-moi un bilan du comportement de ta machine.

philo2100 · Answer

Si tu as recoché c'est bon.
Comment va ta machine ?

steph77phane · Answer

voici donc le hjt

je crois que tu l'auras 2 fois


Logfile of HijackThis v1.99.1
Scan saved at 10:20:52, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Hijackthis\scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Hijackthis\AVG Anti- Spyware\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk.disabled
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?3950fb765cb6428fac4784cd56b6ac2e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?3950fb765cb6428fac4784cd56b6ac2e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://stephanebayard.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

philo2100 · Answer

pour moi rien de méchant dans ce log
comment va ton PC ?

philo2100 · Answer

ok, j'espère ...qu'amélioration il y aura...LOL

steph77phane · Answer

RE 

tout parait ok ! c'est super !


maintenant je vais me renseigner sur les produits existants. abonné à norton encore pendant 225 jours, je vais voir ce que je peux mettre en défense complémentaire pour l'efficaciter avant de pouvoir changer d'anti virus.

je tiens encore à te remercier pour tout, entre autre, ta patience et ton efficaciter.

je tiens encore à m'excuser pour t'avoir paru insultant. ce qui n'était vraiment pas mon intention . 
merci de nous le rappeler courtoisement à nous novice qu'il existe une politesse comment dire, informatique je ne sais pas si c'est le terme exact 

je tiens aussi à remercier toute les personnes sur ce site qui se  mettent à notre disponibilité sur leurs temps personnel pour nous sauvez des mauvaises griffes 

ayant découvert ce site que je trouve très très bien. j'ai déjà fait passer l'info à une partie de mon entourage.

encore merci pour toute ton aide. 

si avant de se  quitter tu as des suggestions à me faire


stephane

steph77phane · Answer

re 

est ce que je peux garder anti spyware sur le pc

ah . je viens de m'apercevoir que le bouclier de anti spy ware est inactif . 

je vais aller voir pour le remettre actif .est ce que je fais bien?

philo2100 · Answer

;-)
"je tiens encore à m'excuser pour t'avoir paru insultant. ce qui n'était vraiment pas mon intention . "
là tu y vas un peu fort de posphore !
C'est effectivement à nous (plus anciens) de montrer l'exemple, mais jamais tu n'as été insultant !
Tout au plus de petits impair de jeunesse (sur le Net), ce qui est normal !!!!
Donc, don't worry about that !
ceci étant dit:
----------------------------------------------------
Je te conseille skype, plus efficace que Messenger en live/webcam.
https://www.skype.com/fr/
---------------------------------------------
ça, ça être long !
"abonné à norton encore pendant 225 jours,"
Je n'irais pas 4 chemins, je te conseille ceci:
http://www.f-secure.fr/home_user/buyonline/fsis2007.html
j'ai essayé toute la game des trucs connus, tu peux me croire que ça...c'est du valable.
La config du fire-wall, est d'une facilité...déconcertante, par rapport à certain produit.
Rien ne passe depuis deux ans....mise à jour chaque jour du produit.
Bien, sûr il est possible que d'autres soit d'un avis différent...LOL, c'est ça le Net aussi .
--------------------------------------------------
Ceci dit download ceci:
http://www.atribune.org/ccount/click.php?id=1
utilises-le, chaque fois que tu as sur le Net.( y compris mot de pass)
Si tu vas 5 fois par jour/tu le passes 5 fois par jour.
Une fois par semaine, CCleaner/+Spybot.
--------------------------------------------------
Si tu as encore un soucis n'hésites pas ...et réflèchis bien avec ton Norton, ;-)
A+
cordialement
Philo2100

philo2100 · Answer

ok, message bien reçu.
bonne journée
je mets problème comme résolu.

philo2100 · Answer

ok, post terminé.
merci à tous

mehdi · Answer

salut a tous on ma dit de telecharger hijackthis pr sacanner mon ordi pour savoir si j'ai un virus et j'ai fait un copier coller de mon log est ce que kelkun poure me dire coment je fais aprés s'il vous plait merci de me repondre.    


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:29, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

philo2100 · Answer

mehdi, le mercredi 26 septembre 2007 à 16h42:07
tu as vu et lu le <140>  ???
relis le...

regardes attentivement ceci:
http://leblogdeclaude.blogspot.com/2007/07/crer-un-nouveau-messgage-sur-ccm.html
bonne soirée.

XP D VIRUS hacktool.rootkit [WINDOWS/syst32]

99 réponses

Newsletters