Trojans persistans
nicolas du 65
-
nicolas du 65 -
nicolas du 65 -
Bonjour, j'utilise ( IE PRIVACY KEEPER ) pour la 2° fois en 1 semaine je nettoie mon cache de firefox+ie7 avast me trouve une multitude de trojan
merci beaucoup de m'aider pour ça je vous envois 1 rapport hijackthis+ le rapport avast: le rappoLogfile of HijackThis v1.99.1
Scan saved at 08:46:56, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WPP\WPP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Horloge\horloge mal voyants.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WPP.exe] C:\Program Files\WPP\WPP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Copie de horloge mal voyants.exe.lnk = C:\Program Files\Horloge\horloge mal voyants.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
rapport avast:
10/02/2008 06:01:30 1202619690 HP_Administrateur 3588 Sign of "Win32:Hupigon-EQE [Trj]" has been found in "C:\Program Files\a-squared HiJackFree\a2HiJackFree.exe" file.
10/02/2008 08:33:34 1202628814 HP_Administrateur 3588 Sign of "Win32:Hupigon-EQE [Trj]" has been found in "C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP145\A0030227.exe" file.
16/02/2008 08:08:28 1203145708 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\0B60EF6Ad01" file.
16/02/2008 08:09:22 1203145762 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\4559F4AEd01" file.
16/02/2008 08:09:41 1203145781 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\50139268d01" file.
16/02/2008 08:13:55 1203146035 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\51139268d01" file.
16/02/2008 08:14:00 1203146040 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\71F28030d01" file.
16/02/2008 08:14:04 1203146044 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\9A58975Bd01" file.
16/02/2008 08:14:07 1203146047 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\A294974Ed01" file.
16/02/2008 08:14:13 1203146053 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\B998E0BBd01" file.
16/02/2008 08:14:19 1203146059 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\CF41D1BBd01" file.
16/02/2008 08:14:27 1203146067 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\CF4391DEd01" file.
16/02/2008 08:14:32 1203146072 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\D9695C21d01" file.
16/02/2008 08:14:36 1203146076 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\DCF5A446d01" file.
16/02/2008 08:14:39 1203146079 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\DDD0FFB2d01" file.
16/02/2008 08:14:42 1203146082 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\F2A46F8Bd01" file.
16/02/2008 08:14:47 1203146087 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\FABB485Ed01" file.
16/02/2008 08:14:58 1203146098 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_001_" file.
16/02/2008 08:18:38 1203146318 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_002_" file.
16/02/2008 08:18:41 1203146321 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_003_" file.
16/02/2008 08:18:46 1203146326 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_MAP_" file.
16/02/2008 08:18:53 1203146333 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\DB0D5ISW\AAAAAAAAAAAAAA.AA" file.
16/02/2008 08:19:04 1203146344 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\DB0D5ISW\AAAAAAAAAAAAAA.AA" file.
16/02/2008 08:19:12 1203146352 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\EJ2BQD23\gg_mx[1].swf" file.
16/02/2008 08:19:24 1203146364 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\AAAAAAAAAAAAA.AAA" file.
16/02/2008 08:19:32 1203146372 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\AAAAAAAAAAAA.AA" file.
16/02/2008 08:19:36 1203146376 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\AAAAAAAAAAAA.AA" file.
16/02/2008 08:19:38 1203146378 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\welcome_screen_1.16.2.49[1].css" file.
16/02/2008 08:19:42 1203146382 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\Catalog[1].xml" file.
16/02/2008 08:19:46 1203146386 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\AAAAAAAAAAA.AAA.A.AAAAA.AA" file.
16/02/2008 08:19:49 1203146389 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\AAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:19:51 1203146391 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\AAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:19:57 1203146397 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:02 1203146402 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:10 1203146410 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:18 1203146418 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:21 1203146421 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:25 1203146425 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:27 1203146427 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAA.AAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:29 1203146429 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:31 1203146431 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:34 1203146434 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:38 1203146438 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAA.AAA" file.
16/02/2008 08:20:44 1203146444 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WPR.bmp" file.
16/02/2008 08:20:47 1203146447 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
16/02/2008 08:25:38 1203146738 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\055AD9CFd01" file.
16/02/2008 08:26:02 1203146762 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\86FB85C5d01" file.
16/02/2008 08:26:28 1203146788 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WPR.bmp" file.
16/02/2008 08:26:32 1203146792 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
16/02/2008 08:26:58 1203146818 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WPR.bmp" file.
16/02/2008 08:27:08 1203146828 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
16/02/2008 08:27:16 1203146836 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
merci beaucoup de m'aider pour ça je vous envois 1 rapport hijackthis+ le rapport avast: le rappoLogfile of HijackThis v1.99.1
Scan saved at 08:46:56, on 16/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\WPP\WPP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Horloge\horloge mal voyants.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand201013011.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WPP.exe] C:\Program Files\WPP\WPP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Copie de horloge mal voyants.exe.lnk = C:\Program Files\Horloge\horloge mal voyants.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O9 - Extra 'Tools' menuitem: IE Privacy Keeper - {D799B0E4-BEDE-41d2-AEE0-1E3A1C4EF918} - C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} -
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) -
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
rapport avast:
10/02/2008 06:01:30 1202619690 HP_Administrateur 3588 Sign of "Win32:Hupigon-EQE [Trj]" has been found in "C:\Program Files\a-squared HiJackFree\a2HiJackFree.exe" file.
10/02/2008 08:33:34 1202628814 HP_Administrateur 3588 Sign of "Win32:Hupigon-EQE [Trj]" has been found in "C:\System Volume Information\_restore{512DF77D-45B5-4AE1-9C2A-EC48B0F584C1}\RP145\A0030227.exe" file.
16/02/2008 08:08:28 1203145708 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\0B60EF6Ad01" file.
16/02/2008 08:09:22 1203145762 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\4559F4AEd01" file.
16/02/2008 08:09:41 1203145781 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\50139268d01" file.
16/02/2008 08:13:55 1203146035 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\51139268d01" file.
16/02/2008 08:14:00 1203146040 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\71F28030d01" file.
16/02/2008 08:14:04 1203146044 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\9A58975Bd01" file.
16/02/2008 08:14:07 1203146047 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\A294974Ed01" file.
16/02/2008 08:14:13 1203146053 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\B998E0BBd01" file.
16/02/2008 08:14:19 1203146059 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\CF41D1BBd01" file.
16/02/2008 08:14:27 1203146067 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\CF4391DEd01" file.
16/02/2008 08:14:32 1203146072 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\D9695C21d01" file.
16/02/2008 08:14:36 1203146076 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\DCF5A446d01" file.
16/02/2008 08:14:39 1203146079 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\DDD0FFB2d01" file.
16/02/2008 08:14:42 1203146082 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\F2A46F8Bd01" file.
16/02/2008 08:14:47 1203146087 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\FABB485Ed01" file.
16/02/2008 08:14:58 1203146098 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_001_" file.
16/02/2008 08:18:38 1203146318 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_002_" file.
16/02/2008 08:18:41 1203146321 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_003_" file.
16/02/2008 08:18:46 1203146326 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\_CACHE_MAP_" file.
16/02/2008 08:18:53 1203146333 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\DB0D5ISW\AAAAAAAAAAAAAA.AA" file.
16/02/2008 08:19:04 1203146344 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\DB0D5ISW\AAAAAAAAAAAAAA.AA" file.
16/02/2008 08:19:12 1203146352 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\EJ2BQD23\gg_mx[1].swf" file.
16/02/2008 08:19:24 1203146364 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\AAAAAAAAAAAAA.AAA" file.
16/02/2008 08:19:32 1203146372 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\AAAAAAAAAAAA.AA" file.
16/02/2008 08:19:36 1203146376 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\AAAAAAAAAAAA.AA" file.
16/02/2008 08:19:38 1203146378 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\U9URKXI3\welcome_screen_1.16.2.49[1].css" file.
16/02/2008 08:19:42 1203146382 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\Catalog[1].xml" file.
16/02/2008 08:19:46 1203146386 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\AAAAAAAAAAA.AAA.A.AAAAA.AA" file.
16/02/2008 08:19:49 1203146389 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\AAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:19:51 1203146391 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Mes documents\dossiers temporaire internet 7\Fichiers Internet temporaires\Content.IE5\WTABCDEZ\AAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:19:57 1203146397 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:02 1203146402 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:10 1203146410 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:18 1203146418 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:21 1203146421 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:25 1203146425 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:27 1203146427 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAA.AAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:29 1203146429 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:31 1203146431 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:34 1203146434 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAAAAAAAAAAA.AAA" file.
16/02/2008 08:20:38 1203146438 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\AAAAAAAA.AAA" file.
16/02/2008 08:20:44 1203146444 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WPR.bmp" file.
16/02/2008 08:20:47 1203146447 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
16/02/2008 08:25:38 1203146738 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\055AD9CFd01" file.
16/02/2008 08:26:02 1203146762 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Mozilla\Firefox\Profiles\j8bmk7ev.default\Cache\86FB85C5d01" file.
16/02/2008 08:26:28 1203146788 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WPR.bmp" file.
16/02/2008 08:26:32 1203146792 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
16/02/2008 08:26:58 1203146818 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\WPR.bmp" file.
16/02/2008 08:27:08 1203146828 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
16/02/2008 08:27:16 1203146836 HP_Administrateur 1516 Sign of "Win32:Nimosw-E [Trj]" has been found in "C:\Documents and Settings\HP_Administrateur\Local Settings\Temp\~DF67AC.tmp" file.
