Google redirigé + Trojan.Spy.Bzub.NGP

Résolu
thalietigrou Messages postés 18 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,

j'ai découvert hier un truc bizarre sur l'ordi de ma mère,
à chaque recherche sur google une "barre" à gauche s'ouvre avec pour titre "sponsoring links"
et tous les liens google me redirige sur d'autre sites donc l'adresse commence par des chiffres comme une adresse IP

du coup j'ai essayé plusieurs choses :
C cleaner
Avast
Spybot serach et Destroy
ad Aware
Bit diffender en ligne ...

et celui ci me detecte un Trojan : Trojan.Spy.Bzub.NGP dans le fichier WINDOWS\system32\admpars.dll\
mais ne peut pas le supprimer !!

que dois je faire...
j'ai vu des problèmes similaires dans le forum... mais j'ai un peu de mal à comprendre comment faire toute seule !!!

merci d'avance pour votre aide..
Configuration: Windows XP
Internet Explorer 7.0

31 réponses

  • 1
  • 2
  1. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    Peux-tu éditer un rapport Hijackthis ?

    FillPCA
    0
  2. thalietigrou Messages postés 18 Statut Membre
     
    merci de ton aide..

    mais comment je fais en pratique ??
    0
  3. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Désolé.

    Télécharge le logiciel et fais un scan.

    http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
    Démo en image
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Fais un scan et poste l'analyse.

    FillPCA
    0
  4. thalietigrou Messages postés 18 Statut Membre
     
    voici le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:10:28, on 19/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: (no name) - {3A362368-C1A0-4CF7-9CA1-069FFD0F122C} - C:\WINDOWS\system32\admpars.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe https://support.norton.com/sp/fr/fr/home/current/solutions/kb20090121104844EN?a=00000082.0000001f.0000004b&abproduct=SymNRT&abversion=2008.0.1.14&b=00000082.0000001f.0000005e&build=Symantec&c=00000082.00000049.000000bb&ced=true&entsrc=CED_pubweb&error=0&module=2007&src=_mi
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D06F86A1-434A-4FFA-9638-7AF2D6D38134}: NameServer = 80.10.246.130 80.10.246.3
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    Edite aussi un nouveau rapport Hijackthis.

    FillPCA
    0
  7. thalietigrou Messages postés 18 Statut Membre
     
    réponse (merci pour l'aide)

    rapport combofix

    ComboFix 07-12-19.2 - HP_Administrateur 2007-12-19 20:18:48.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.308 [GMT 1:00]
    Running from: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\nsa135.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-19 20:08 . 2007-12-19 20:08 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-19 19:44 . 2007-12-19 19:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-19 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-19 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-19 12:24 . 2007-12-19 19:44 <REP> d-------- C:\WINDOWS\LastGood
    2007-12-19 12:16 . 2007-12-19 12:16 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-19 11:33 . 2007-12-19 14:00 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-19 11:33 . 2007-12-19 11:33 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-19 11:33 . 2007-12-19 11:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-18 22:38 . 2007-12-18 22:40 14,336 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2007-12-18 21:51 . 2007-12-19 19:39 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-18 20:51 . 2007-12-18 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-18 20:16 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-12-18 20:15 . 2007-12-18 20:15 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-12-18 20:05 . 2007-12-18 20:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-18 20:04 . 2007-12-18 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-17 17:30 . 19,456 C:\WINDOWS\system32\drivers\abwmcsfx.dat
    2007-12-16 18:46 . 2006-11-07 03:26 84,992 --a------ C:\WINDOWS\system32\admpars.dll
    2007-12-16 18:42 . 2007-12-16 18:42 59,223 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-16 18:41 . 2007-12-16 18:47 40,737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-16 18:27 . 2007-12-16 18:27 860 --a------ C:\WINDOWS\Bbt97.INI
    2007-12-16 18:26 . 2007-12-16 18:27 <REP> d-------- C:\Program Files\Belote Bridgée
    2007-12-16 18:26 . 1994-08-28 18:33 398,416 -ra------ C:\WINDOWS\system32\VBRUN300.DLL
    2007-12-16 18:17 . 2007-12-19 13:56 <REP> d-------- C:\Program Files\tarot4_eval 1.4
    2007-12-16 18:17 . 2007-12-16 18:17 290,816 --------- C:\WINDOWS\Setup1.exe
    2007-12-16 18:17 . 2007-12-16 18:17 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2007-12-10 19:52 . 2007-12-10 19:52 303,104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll
    2007-11-24 17:12 . 2007-12-16 18:05 <REP> d-------- C:\Program Files\LeTarot
    2007-11-24 17:02 . 2007-12-19 13:57 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Shared
    2007-11-24 17:02 . 2007-12-19 14:05 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Incomplete
    2007-11-24 17:02 . 2007-12-19 13:57 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
    2007-11-24 17:01 . 2007-12-19 13:57 <REP> d-------- C:\Program Files\LimeWire
    2007-11-24 17:00 . 2007-12-16 18:04 386 --a------ C:\WINDOWS\3DBELOTE2.INI
    2007-11-24 16:47 . 2007-11-24 16:47 <REP> d-------- C:\SCATLAWS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-19 18:37 --------- d-----w C:\Program Files\Wanadoo
    2007-12-19 13:02 --------- d-----w C:\Program Files\CCleaner
    2007-12-18 19:16 --------- d-----w C:\Program Files\Windows Live
    2007-12-18 19:13 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-29 22:36 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2007-10-28 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-10-28 08:29 --------- d-----w C:\Program Files\Alwil Software
    2007-10-28 08:13 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-10-28 08:13 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
    2007-10-28 08:13 --------- d-----w C:\Program Files\Microsoft Works
    2007-10-28 08:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-28 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
    2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
    2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
    2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
    2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
    2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
    2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
    2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
    2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
    2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-09 15:13 92,344 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2007-12-10 19:52 303104 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A362368-C1A0-4CF7-9CA1-069FFD0F122C}]
    2006-11-07 03:26 84992 --a------ C:\WINDOWS\system32\admpars.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 13:18]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "@"="C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe" [2004-11-15 17:58]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34]
    "ftutil2"="ftutil2.dll" [2004-06-07 13:05 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 C:\WINDOWS\RTHDCPL.EXE]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 01:59]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-10 12:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-06-21 01:06 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-19 05:19]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="" []

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    R0 boeakntr;boeakntr;C:\WINDOWS\system32\drivers\abwmcsfx.dat []
    R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
    S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c57cf48b-928d-11db-95c6-806d6172696f}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

    *Newly Created Service* - AAWSERVICE
    *Newly Created Service* - AD-WATCH_CONNECT_FILTER
    *Newly Created Service* - AD-WATCH_REAL-TIME_SCANNER
    *Newly Created Service* - AD-WATCH_REGISTRY_FILTER
    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-07 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - HP_Administrateur.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-19 20:20:34
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-19 20:21:00
    .
    2007-12-19 13:40:35 --- E O F ---
    0
  8. thalietigrou Messages postés 18 Statut Membre
     
    rapport hijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:24:02, on 19/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Wanadoo\Watch.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\HP\KBD\KBD.EXE
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Adssite Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\adssite_sidebar.dll
    O2 - BHO: (no name) - {3A362368-C1A0-4CF7-9CA1-069FFD0F122C} - C:\WINDOWS\system32\admpars.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe https://support.norton.com/sp/fr/fr/home/current/solutions/kb20090121104844EN?a=00000082.0000001f.0000004b&abproduct=SymNRT&abversion=2008.0.1.14&b=00000082.0000001f.0000005e&build=Symantec&c=00000082.00000049.000000bb&ced=true&entsrc=CED_pubweb&error=0&module=2007&src=_mi
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D06F86A1-434A-4FFA-9638-7AF2D6D38134}: NameServer = 80.10.246.1 80.10.246.132
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  9. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    * Sélectionne le texte suivant :

    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    Driver::
    boeakntr

    Registry::
    [-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A362368-C1A0-4CF7-9CA1-069FFD0F122C}]
    [-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

    File::
    C:\WINDOWS\system32\admpars.dll
    C:\WINDOWS\system32\drivers\abwmcsfx.dat
    C:\WINDOWS\system32\adssite_sidebar.dll

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    Edite aussi un nouveau rapport Hijackthis.

    FillPCA
    0
  10. thalietigrou Messages postés 18 Statut Membre
     
    rapport ComboFix

    (il a redemarré l'ordi entre temps .. ça doit etre normal??)

    ComboFix 07-12-19.2 - HP_Administrateur 2007-12-19 20:35:28.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.320 [GMT 1:00]
    Running from: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\WINDOWS\system32\admpars.dll
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\drivers\abwmcsfx.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\admpars.dll
    C:\WINDOWS\system32\adssite_sidebar.dll
    C:\WINDOWS\system32\drivers\abwmcsfx.dat

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_BOEAKNTR
    -------\boeakntr

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-19 to 2007-12-19 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-19 20:08 . 2007-12-19 20:08 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-19 19:44 . 2007-12-19 19:44 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2007-12-19 14:59 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-19 14:59 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-19 12:16 . 2007-12-19 12:16 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-12-19 11:33 . 2007-12-19 14:00 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-19 11:33 . 2007-12-19 11:33 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-19 11:33 . 2007-12-19 11:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-18 22:38 . 2007-12-18 22:40 14,336 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2007-12-18 21:51 . 2007-12-19 19:39 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-12-18 20:51 . 2007-12-18 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-12-18 20:16 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-12-18 20:15 . 2007-12-18 20:15 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
    2007-12-18 20:05 . 2007-12-18 20:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-18 20:04 . 2007-12-18 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-16 18:42 . 2007-12-16 18:42 59,223 --a------ C:\WINDOWS\system32\adssite_sidebar_uninstall.exe
    2007-12-16 18:41 . 2007-12-16 18:47 40,737 --a------ C:\WINDOWS\system32\rightonadz-uninst.exe
    2007-12-16 18:27 . 2007-12-16 18:27 860 --a------ C:\WINDOWS\Bbt97.INI
    2007-12-16 18:26 . 2007-12-16 18:27 <REP> d-------- C:\Program Files\Belote Bridg‚e
    2007-12-16 18:26 . 1994-08-28 18:33 398,416 -ra------ C:\WINDOWS\system32\VBRUN300.DLL
    2007-12-16 18:17 . 2007-12-19 13:56 <REP> d-------- C:\Program Files\tarot4_eval 1.4
    2007-12-16 18:17 . 2007-12-16 18:17 290,816 --------- C:\WINDOWS\Setup1.exe
    2007-12-16 18:17 . 2007-12-16 18:17 74,752 --a------ C:\WINDOWS\ST6UNST.EXE
    2007-11-24 17:12 . 2007-12-16 18:05 <REP> d-------- C:\Program Files\LeTarot
    2007-11-24 17:02 . 2007-12-19 13:57 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Shared
    2007-11-24 17:02 . 2007-12-19 14:05 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Incomplete
    2007-11-24 17:02 . 2007-12-19 13:57 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\LimeWire
    2007-11-24 17:01 . 2007-12-19 13:57 <REP> d-------- C:\Program Files\LimeWire
    2007-11-24 17:00 . 2007-12-16 18:04 386 --a------ C:\WINDOWS\3DBELOTE2.INI
    2007-11-24 16:47 . 2007-11-24 16:47 <REP> d-------- C:\SCATLAWS

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-19 19:38 --------- d-----w C:\Program Files\Wanadoo
    2007-12-19 13:02 --------- d-----w C:\Program Files\CCleaner
    2007-12-18 19:16 --------- d-----w C:\Program Files\Windows Live
    2007-12-18 19:13 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-16 17:27 --------- d-----w C:\Program Files\Belote Bridgée
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-10-28 16:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2007-10-28 08:29 --------- d-----w C:\Program Files\Alwil Software
    2007-10-28 08:13 --------- d-----w C:\Program Files\Windows Media Connect 2
    2007-10-28 08:13 --------- d-----w C:\Program Files\PC-Doctor 5 for Windows
    2007-10-28 08:13 --------- d-----w C:\Program Files\Microsoft Works
    2007-10-28 08:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-28 08:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
    2007-06-09 15:13 92,344 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-19_20.20.39,12 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
    + 2007-12-19 19:38:18 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_608.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WOOKIT"="C:\Program Files\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 13:18]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "@"="C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe" [2004-11-15 17:58]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34]
    "ftutil2"="ftutil2.dll" [2004-06-07 13:05 C:\WINDOWS\system32\ftutil2.dll]
    "RTHDCPL"="RTHDCPL.EXE" [2006-07-22 00:56 C:\WINDOWS\RTHDCPL.EXE]
    "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 01:59]
    "NvCplDaemon"="RUNDLL32.exe" [2004-08-10 12:00 C:\WINDOWS\system32\rundll32.exe]
    "nwiz"="nwiz.exe" [2006-06-21 01:06 C:\WINDOWS\system32\nwiz.exe]
    "DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05]
    "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14]
    "PCDrProfiler"="" []
    "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 21:34]
    "Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 01:23]
    "HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-11 23:12]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-19 05:19]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-12-14 18:51]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="" []

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
    R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
    S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
    S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" []
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-07 19:00:00 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - HP_Administrateur.job"
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-19 20:38:55
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-19 20:40:21 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-19 20:21
    .
    2007-12-19 13:40:35 --- E O F ---
    0
  11. thalietigrou Messages postés 18 Statut Membre
     
    rapport HijackThis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:44:00, on 19/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Wanadoo\GestionnaireInternet.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Wanadoo\ComComp.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\Program Files\Wanadoo\Watch.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HP\KBD\KBD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [] C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe https://support.norton.com/sp/fr/fr/home/current/solutions/kb20090121104844EN?a=00000082.0000001f.0000004b&abproduct=SymNRT&abversion=2008.0.1.14&b=00000082.0000001f.0000005e&build=Symantec&c=00000082.00000049.000000bb&ced=true&entsrc=CED_pubweb&error=0&module=2007&src=_mi
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D06F86A1-434A-4FFA-9638-7AF2D6D38134}: NameServer = 80.10.246.1 80.10.246.132
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  12. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Avant qu'on ne termine le nettoyage, peux-tu me dire si ça va mieux avec google ?

    FillPCA
    0
  13. thalietigrou Messages postés 18 Statut Membre
     
    ja vais voir ça ...

    merci pour tout pour le moment...
    car tout ce language informatique c'est pas trop mon truc!!!

    Thalietigrou
    0
  14. thalietigrou Messages postés 18 Statut Membre
     
    wa trop bien !!!

    pour Google ça marche!!!

    merci FillPCA

    alors qu'est ce qu'on fait comme nettoyage maintenant?? :-)
    0
  15. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Cela prend du temps mais c'est nécessaire, pour s'assurer qu'il n'y a rien d'autre.

    1/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

    Ouvre Ccleaner, clique sur "lancer le nettoyage".

    2/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
    Tu l'installes.
    Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    3/ * Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

    Edite le rapport AVGantispyware et Kaspersky.

    FillPCA
    0
  16. thalietigrou Messages postés 18 Statut Membre
     
    CCleaner.?.. y en a pas 36 differents?? j'utilse celui que j'ai dejà sur mon ordi ??
    0
  17. thalietigrou Messages postés 18 Statut Membre
     
    j'ai repondu moi même à ma question ... ma version n'etait pas récente je telecharge donc comme tu me l'as dit

    Thalietigrou
    0
  18. thalietigrou Messages postés 18 Statut Membre
     
    rapport AVGantispyware

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 21:41:25 19/12/2007

    + Résultat de l'analyse:

    C:\Documents and Settings\HP_Administrateur\Cookies\hp_administrateur@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.

    Fin du rapport

    L'analyse avec Kaspersky .. va bientot se faire.. il fait d'abord les mises à jour...

    encore merci de ton aide!!!

    Thalietigrou
    0
  19. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Cela prend du temps. Je regarderai cela demain car un scan peut prendre de 45 min à plusieurs heures.

    Le rapport AVGantispyware est encourageant.

    FillPCA
    0
  20. thalietigrou Messages postés 18 Statut Membre
     
    ...

    c'est super encourageant ton truc... :-(

    j'vais pas rester toute la nuit devant l'ordi moi !!! :-(

    merci pour tout !! :-) :-)

    à+

    Thalietigrou
    0
  21. thalietigrou Messages postés 18 Statut Membre
     
    rapport Kaspersky

    (j'sais pas ce qu'il faut que je fasse maintenant)

    Wednesday, December 19, 2007 11:45:51 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 19/12/2007
    Kaspersky Anti-Virus database records: 489302

    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan Statistics
    Total number of scanned objects 70931
    Number of viruses found 3
    Number of infected objects 16
    Number of suspicious objects 0
    Duration of the scan process 00:48:02

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Historique\History.IE5\MSHist012007121920071220\index.dat Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\hpodvd09.log Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~ROMFN_00000DCC Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\HP_Administrateur\Shared\belote 2000 hentai anime.zip/setup.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\Documents and Settings\HP_Administrateur\Shared\belote 2000 hentai anime.zip/setup.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\Documents and Settings\HP_Administrateur\Shared\belote 2000 hentai anime.zip/setup.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\Documents and Settings\HP_Administrateur\Shared\belote 2000 hentai anime.zip/setup.exe Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\Documents and Settings\HP_Administrateur\Shared\belote 2000 hentai anime.zip ZIP: infected - 4 skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

    C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\abwmcsfx.dat.vir Object is locked skipped

    C:\qoobox\Quarantine\catchme2007-12-19_203834.78.zip/admpars.dll Infected: Trojan.Win32.BHO.abo skipped

    C:\qoobox\Quarantine\catchme2007-12-19_203834.78.zip/abwmcsfx.dat Infected: Rootkit.Win32.Agent.ql skipped

    C:\qoobox\Quarantine\catchme2007-12-19_203834.78.zip ZIP: infected - 2 skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000122.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000122.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000122.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP1\A0000122.exe NSIS: infected - 3 skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP12\change.log Object is locked skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000265.exe/data0009/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000265.exe/data0009/stream Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000265.exe/data0009 Infected: not-a-virus:AdWare.Win32.NewWeb.ay skipped

    C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP3\A0000265.exe NSIS: infected - 3 skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{0F379916-916B-4E38-A51F-292E2C7030BE}.crmlog Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\IntelDH.evt Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_608.dat Object is locked skipped

    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP12\change.log Object is locked skipped

    Scan process completed.
    0
  • 1
  • 2