Pbm virus a priori ADLoader-KB
Olivier-GRD
Messages postés
2
Statut
Membre
-
Olivier-GRD Messages postés 2 Statut Membre -
Olivier-GRD Messages postés 2 Statut Membre -
Bonjour, voici la copie du rapport HJT :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:31:58, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\#1\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphotos.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: printers - {6A934BE6-400A-4586-87CE-1FBA614BC280} - libcintles3.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:31:58, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Documents and Settings\#1\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphotos.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: printers - {6A934BE6-400A-4586-87CE-1FBA614BC280} - libcintles3.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
A voir également:
- Pbm virus a priori ADLoader-KB
- Virus mcafee - Accueil - Piratage
- Kb windows - Guide
- Kb en ko ✓ - Forum Réseaux sociaux
- Différence de valeur entre Ko et KB - Forum Téléchargement
- Softonic virus ✓ - Forum Virus
1 réponse
Me revoici...
Pourriez vous m'indiquer s'il me reste des virus... et la procédure à suivre pour les héradiquer !
j'ai fait un scan AVG AS en mode sans échec (c'est mieux !)
dont voici le rapport ci joint,
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:29:21 30/07/2007
+ Résultat de l'analyse:
C:\Documents and Settings\#1\Mes documents\Mes fichiers reçus\photos2007_46.zip/photos2007_46.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055407.exe -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album11.zip/album11.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album17.zip/album17.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album23.zip/album23.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album35.zip/album35.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album53.zip/album53.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album68.zip/album68.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album80.zip/album80.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album83.zip/album83.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album86.zip/album86.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album89.zip/album89.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album95.zip/album95.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image038.zip/image038.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image059.zip/image059.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image077.zip/image077.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image080.zip/image080.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image092.zip/image092.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images0.zip/images0.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images15.zip/images15.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images18.zip/images18.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images24.zip/images24.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images30.zip/images30.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images42.zip/images42.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images57.zip/images57.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images6.zip/images6.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images69.zip/images69.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images72.zip/images72.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images90.zip/images90.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images93.zip/images93.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo0.zip/photo0.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo18.zip/photo18.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo27.zip/photo27.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo30.zip/photo30.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo36.zip/photo36.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo39.zip/photo39.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo63.zip/photo63.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo72.zip/photo72.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo78.zip/photo78.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo96.zip/photo96.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album19.zip/photo_album19.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album34.zip/photo_album34.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album43.zip/photo_album43.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album55.zip/photo_album55.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album79.zip/photo_album79.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_1.zip/photos2007_1.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_10.zip/photos2007_10.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_16.zip/photos2007_16.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_19.zip/photos2007_19.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_52.zip/photos2007_52.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_55.zip/photos2007_55.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_61.zip/photos2007_61.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_64.zip/photos2007_64.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_67.zip/photos2007_67.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_70.zip/photos2007_70.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_76.zip/photos2007_76.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_85.zip/photos2007_85.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055725.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055726.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055727.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055728.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055729.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055730.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055724.exe -> Backdoor.SdBot.asd : Nettoyé.
:mozilla.100:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.101:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.102:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.103:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.104:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.442:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.70:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.71:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.72:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.73:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.74:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.75:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.76:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.802:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\#1\Cookies\#1@[10].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.655:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.656:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.723:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.724:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.747:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.748:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.749:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.750:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.751:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.150:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.151:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.178:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.179:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.180:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.181:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.182:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.34:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\#1\Cookies\#1@[6].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.27:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.821:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.823:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.824:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.825:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.412:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.413:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.414:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.24:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.26:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.451:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.452:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.454:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.423:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.730:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.803:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.384:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.385:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.386:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.477:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.342:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.343:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.664:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
:mozilla.105:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.106:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.64:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.65:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.652:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.202:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.777:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.778:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.661:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.662:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.268:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.269:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.270:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.271:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.272:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.273:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.130:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.131:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.650:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.38:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.39:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.40:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.589:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.590:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.591:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.592:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.203:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.204:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.205:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.206:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.123:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.124:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.77:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.78:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.79:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\#1\Cookies\#1@[7].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.374:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.10:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.11:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.12:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.9:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055723.dll -> Trojan.Agent.abd : Nettoyé.
Fin du rapport
Puis redémarrage normal et HJT dont voici le rapport :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:39:07, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\#1\Bureau\HiJackThis_v2.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphotos.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: printers - {6A934BE6-400A-4586-87CE-1FBA614BC280} - libcintles3.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Pourriez vous m'indiquer s'il me reste des virus... et la procédure à suivre pour les héradiquer !
j'ai fait un scan AVG AS en mode sans échec (c'est mieux !)
dont voici le rapport ci joint,
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 18:29:21 30/07/2007
+ Résultat de l'analyse:
C:\Documents and Settings\#1\Mes documents\Mes fichiers reçus\photos2007_46.zip/photos2007_46.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055407.exe -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album11.zip/album11.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album17.zip/album17.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album23.zip/album23.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album35.zip/album35.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album53.zip/album53.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album68.zip/album68.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album80.zip/album80.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album83.zip/album83.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album86.zip/album86.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album89.zip/album89.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\album95.zip/album95.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image038.zip/image038.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image059.zip/image059.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image077.zip/image077.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image080.zip/image080.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\image092.zip/image092.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images0.zip/images0.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images15.zip/images15.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images18.zip/images18.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images24.zip/images24.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images30.zip/images30.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images42.zip/images42.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images57.zip/images57.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images6.zip/images6.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images69.zip/images69.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images72.zip/images72.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images90.zip/images90.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\images93.zip/images93.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo0.zip/photo0.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo18.zip/photo18.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo27.zip/photo27.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo30.zip/photo30.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo36.zip/photo36.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo39.zip/photo39.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo63.zip/photo63.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo72.zip/photo72.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo78.zip/photo78.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo96.zip/photo96.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album19.zip/photo_album19.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album34.zip/photo_album34.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album43.zip/photo_album43.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album55.zip/photo_album55.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photo_album79.zip/photo_album79.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_1.zip/photos2007_1.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_10.zip/photos2007_10.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_16.zip/photos2007_16.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_19.zip/photos2007_19.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_52.zip/photos2007_52.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_55.zip/photos2007_55.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_61.zip/photos2007_61.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_64.zip/photos2007_64.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_67.zip/photos2007_67.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_70.zip/photos2007_70.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_76.zip/photos2007_76.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\WINDOWS\photos2007_85.zip/photos2007_85.scr -> Backdoor.IRCBot.acd : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055725.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055726.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055727.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055728.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055729.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055730.exe -> Backdoor.PoeBot.c : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055724.exe -> Backdoor.SdBot.asd : Nettoyé.
:mozilla.100:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.101:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.102:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.103:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.104:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.442:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.70:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.71:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.72:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.73:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.74:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.75:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.76:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.802:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\#1\Cookies\#1@[10].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.655:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.656:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.723:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.724:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adobe : Nettoyé.
:mozilla.747:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.748:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.749:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.750:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.751:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.150:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.151:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.178:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.179:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.180:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.181:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.182:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.34:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\#1\Cookies\#1@[6].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.27:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.821:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.823:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.824:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.825:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.412:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.413:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.414:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.24:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.26:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.451:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.452:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.454:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.423:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.730:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.803:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.384:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.385:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.386:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.477:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.342:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.343:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.664:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Information : Nettoyé.
:mozilla.105:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.106:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.64:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.65:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.652:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé.
:mozilla.202:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Planetactive : Nettoyé.
:mozilla.777:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.778:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.661:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.662:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Revenue : Nettoyé.
:mozilla.268:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.269:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.270:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.271:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.272:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.273:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.130:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.131:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Sextracker : Nettoyé.
:mozilla.650:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.38:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.39:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.40:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.589:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.590:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.591:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.592:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.203:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.204:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.205:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.206:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.123:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.124:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.77:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.78:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.79:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\#1\Cookies\#1@[7].txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.374:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.10:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.11:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.12:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.9:C:\Documents and Settings\#1\Application Data\Mozilla\Firefox\Profiles\099674x9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{A0E21B01-9A9F-4246-A562-DFCBDFC82670}\RP422\A0055723.dll -> Trojan.Agent.abd : Nettoyé.
Fin du rapport
Puis redémarrage normal et HJT dont voici le rapport :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:39:07, on 30/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\#1\Bureau\HiJackThis_v2.exe
C:\Program Files\LaCie\Backup Software\LaCieBackup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.incredimail.com/french
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Winspn] C:\Program Files\Winspn\winspn.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\#1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.3suissesphotos.fr/Components/Upload/ImageUploader3.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O21 - SSODL: printers - {6A934BE6-400A-4586-87CE-1FBA614BC280} - libcintles3.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
