Cid sur vista Aidez moi svp Rapport fait
Fermé
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
-
21 avril 2008 à 23:47
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 10 mai 2008 à 00:11
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 - 10 mai 2008 à 00:11
A voir également:
- Cid sur vista Aidez moi svp Rapport fait
- Windows vista - Télécharger - Divers Utilitaires
- Plan rapport de stage - Guide
- Windows Vista SP1 - Télécharger - Divers Utilitaires
- On vous a donné accès à un fichier rapport. il est partagé avec plusieurs personnes sur cet espace pix cloud. répondez aux questions - Forum Cloud
- Mise en forme conditionnelle excel par rapport à une autre cellule - Guide
22 réponses
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 00:07
22 avril 2008 à 00:07
tu es tres tres infecté
pour suivre up
pour suivre up
Utilisateur anonyme
22 avril 2008 à 00:21
22 avril 2008 à 00:21
Bonjour/Bonsoir
Effectivement, multiples infections
• Ne pas surfer ailleurs que sur le site
• Couper MSN ou tout autre connexion hormis celle sur le site
• Appliquer exactement et dans l'ordre les procédures indiquées.
• Au cas ou plusieurs intervenants se manifestent, en choisir un et un seul.
• Rester devant la machine en rafraichissant souvent le forum pour voir les nouvelles réponses.
• Répondre sans attendre à toutes les questions posées dans l'ordre ou elles ont étés posées
• Etre précis dans les réponses. Ne s'en tenir qu'au sujet et rien qu'au sujet.
• A proscrire : le language SMS.
• Ne pas quitter tant qu'il n'est pas dit explicitement que le problème est résolu ou qu'il dépasse les compétences de celui ou ceux qui vous aident.
• Ne pas ouvrir plusieurs discussions sur le même sujet sauf si on vous le demande (Problème non résolu. Ca arrive)
• Ne pas s'impatienter. L'analyse d'un rapport et la recherche de solutions appropriées prends un certain temps. Inutile donc de reposter le même message. Nous ne vous oublions pas, nous vous cherchons une solution
• Ne pas oublier : nous sommes bénévoles. Nous mangeons, nous dormons, nous travaillons, nous avons une vie de famille aussi.
• Les procédures qui vont suivre, bien que largement éprouvées, sont mises en oeuvre aux risques et périls du possesseur de la machine.
Préparation de la machine
• Vider la corbeille
• Fermer toutes les applications
================ PareFeu XP - Vista ===================
• Si un autre pare-feu que celui de windows est installé, vérifier qu'il est actif et passer à l'étape CCleaner
• Sinon
pour activer/désactiver le Pare-feu Vista
pour activer/désactiver le Pare-feu Xp le Pare-feu XP
• Activer le pare-Feu si ce n'est déjà fait
===================== CCLEANER ========================
Pour le petit coup de polish.
• Appliquer la procédure ci-dessous.
• l'outil pourra être conservé pour faire le ménage de temps en temps en appliquant la même procédure.
• Télécharger CCLeaner et l'installer sur le bureau en refusant l'installation de la barre Yahoo.
• Fermer toutes les applications
• Lancer CCLeaner
S'il n'est pas en Français cliquer sur Options, Setting, Language et sélectionner Français
• cocher dans le menu Nettoyeur - onglet Windows :
Internet Explorer: Fichiers Internet Temporaires, Cookies
• Système: Vider la Poubelle, Fichiers Temporaires, Presse-papiers
• Avancé: Vieilles données du Prefetch
• Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures
• Cocher dans le menu Nettoyeur - onglet Applications : Internet: Sun Java
• Cocher , si cela est possible, dans le menu Nettoyeur - onglet Applications :
Firefox/Mozilla: Cache Internet, Cookies
• Click sur Analyse
• Click sur le bouton Lancer le nettoyage dans le menu Nettoyeur.
• Click sur Registre
• Sélectionner tout
• Click sur Chercher des erreurs (En bas)
Une fois le scan terminé sélectionner tout
• Click sur Réparer les erreurs sélectionnées
================== MalwareBytes =====================
Telecharger MalwareBytes
Le Tutorial
Attention à ce que l'option Executer un examen complet soit cochée
Ne pas oublier de supprimer tout ce que MalwaresByte trouve. Bouton Supprimer la sélection après avoir tout sélectionné
Poster le rapport
==================== HIJACKTHIS ======================
HijackThis
Désinstaller celui présent sur la machine qui est mal installé puis :
• Télécharger HijackThis
• Installer HijackThis en se laissant guider (Accepter le répertoire proposé sans rien changer)
• Fermer HijackThis
• Télécharger sur le bureau HJTNew (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
• Fermer toutes les applications
• Se débrancher d'Internet (Enlever le cable, c'est encore la meilleure solution)
• Lancer HJTNew.exe (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
Ne pas s'étonner pour HJTNew, rien ne s'affiche, juste une fenêtre qui s'ouvre et se ferme aussitôt. C'est normal.
• Click sur Do a system scan and save a logfile
• Copier/Coller le rapport dans le prochain message
• Supprimer HJTNew.exe (sinon l'Anti-virus risque de se manifester souvent) puis
• Attendre les instructions
_
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 17:24
22 avril 2008 à 17:24
Bonjour bouddha
Un grand merci pour votre aide...
J'ai bien activé le pare feu vista, j'ai bien scanné et réparré les erreurs avec CCLEANER, et voici le rapport obtenu avec malwarebytes.
Je vais donc maintenant télécharger hijackThis.
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
Un grand merci pour votre aide...
J'ai bien activé le pare feu vista, j'ai bien scanné et réparré les erreurs avec CCLEANER, et voici le rapport obtenu avec malwarebytes.
Je vais donc maintenant télécharger hijackThis.
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 17:41
22 avril 2008 à 17:41
boodha,
Je n'ai pas trouver comment désinstallé hijackthis avant de télécharger le tiens mais cela à fonctionner convenablement. Je ne trouve pas non plus comment supprimer HJTNew.exe
Voici le rapport fait avec hijackthis
J'attend donc vos prochaines instructions
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:26, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [awnhkm] c:\users\eric\appdata\local\awnhkm.exe awnhkm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Je n'ai pas trouver comment désinstallé hijackthis avant de télécharger le tiens mais cela à fonctionner convenablement. Je ne trouve pas non plus comment supprimer HJTNew.exe
Voici le rapport fait avec hijackthis
J'attend donc vos prochaines instructions
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:26, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [awnhkm] c:\users\eric\appdata\local\awnhkm.exe awnhkm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 01:09
22 avril 2008 à 01:09
salut Booddha dis lui de fermer son autre topic pour le meme sujet car doublon
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 01:09
22 avril 2008 à 01:09
voila le lien :
http://www.commentcamarche.net/forum/affich 6056458 pub intempestive cid
http://www.commentcamarche.net/forum/affich 6056458 pub intempestive cid
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 17:28
22 avril 2008 à 17:28
salut pour avancer Booddha
dans ton rapport il y a No action taken
ça veut dire que tu n as peut etre pas suppimé les infection
si non fais le
si oui regarde dans rapport/log
et poste le rapport apres suppression
puis envoi un rapport hijackthis stp
dans ton rapport il y a No action taken
ça veut dire que tu n as peut etre pas suppimé les infection
si non fais le
si oui regarde dans rapport/log
et poste le rapport apres suppression
puis envoi un rapport hijackthis stp
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 17:44
22 avril 2008 à 17:44
slt cédric
Sorry mais je n'ai rien compris à ton message :-/
Sorry mais je n'ai rien compris à ton message :-/
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 17:43
22 avril 2008 à 17:43
pour maleware byte t as supprimé les infcertions ??
t as le rapport stp ??
t as le rapport stp ??
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 17:47
22 avril 2008 à 17:47
Voilà Cédric
Petite question est ce que je dois supprimer les sélections?
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
Petite question est ce que je dois supprimer les sélections?
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 17:46
22 avril 2008 à 17:46
Apes le scan maleware byte
as tu supprimé les infections ??
si oui regarde dans l onglet rapport/log
Le rapport devrait y etre
as tu supprimé les infections ??
si oui regarde dans l onglet rapport/log
Le rapport devrait y etre
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 17:50
22 avril 2008 à 17:50
Je n'avais pas supprimer
voici donc le nouveau rapport,
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
voici donc le nouveau rapport,
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
cedric241
Messages postés
3367
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
23 avril 2008
119
22 avril 2008 à 17:49
22 avril 2008 à 17:49
oui justement supprime les selections
et poste le rapport apres suppression stp
et poste le rapport apres suppression stp
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 17:52
22 avril 2008 à 17:52
voici le rapport après suppression
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 18:24
22 avril 2008 à 18:24
Bonjour,
pour continuer, 2 choses :
1) Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
(si nécessaire, clic droit sur SmitfraufFix.exe et exécuter en tant qu'administrateur)
2) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Windows\system32\dmxbl.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
En 2 mots, on a vu que tu es infecté par CID (et tu l'as dit) ainsi que par Navipromo MBAM n'a probablemenyt pas tout enlevé).
Mais tu as une infection plus gênante, avec détournement de DNS. On a un outil mais il ne fonctionne pas sous Vista. Aussi, on va devoir travailler pour trouver toutes les composantes de ton infection.
pour continuer, 2 choses :
1) Ouvre ce lien (merci a S!RI pour ce programme). http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.
Regarde le tuto
Exécute le en choisissant l’option 1, il va générer un rapport
Copie/colle le sur le poste stp.
(si nécessaire, clic droit sur SmitfraufFix.exe et exécuter en tant qu'administrateur)
2) Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ce fichier : C:\Windows\system32\dmxbl.exe
Clique sur Send File.
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre la taille du fichier envoyé.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant.
En 2 mots, on a vu que tu es infecté par CID (et tu l'as dit) ainsi que par Navipromo MBAM n'a probablemenyt pas tout enlevé).
Mais tu as une infection plus gênante, avec détournement de DNS. On a un outil mais il ne fonctionne pas sous Vista. Aussi, on va devoir travailler pour trouver toutes les composantes de ton infection.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 20:39
22 avril 2008 à 20:39
Bonsoir Lyonnais,
Merci de m'aider...
Voici le premier rapport fait avec SmitfraudFix.exe.
Est-ce normal qu'a la fin du rapport cette phrase apparait????
!!!Attention, following keys are not inevitably infected!!!
SmitFraudFix v2.316
Scan done at 20:34:11,66, mar. 22/04/2008
Run from C:\Users\eric\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
Merci de m'aider...
Voici le premier rapport fait avec SmitfraudFix.exe.
Est-ce normal qu'a la fin du rapport cette phrase apparait????
!!!Attention, following keys are not inevitably infected!!!
SmitFraudFix v2.316
Scan done at 20:34:11,66, mar. 22/04/2008
Run from C:\Users\eric\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 20:43
22 avril 2008 à 20:43
Et voici le rapport que me donne virustotal
Fichier dmxbl.exe reçu le 2008.03.09 11:29:44 (CET)
Situation actuelle: terminé
Résultat: 8/32 (25.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - Win32/PolyCrypt
BitDefender - - MemScan:Trojan.Downloader.Zlob.ABLC
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - Heur.Trojan.Generic
McAfee - - -
Microsoft - - Trojan:Win32/Alureon.gen!H
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying EXE
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Information additionnelle
MD5: 3cb967bc82c74084cf4e323b8a45202c
SHA1: 287510e01fb9a2a9b903bb786f2471226e43d5a8
SHA256: 2ffd54aecbcd16202af36347b819b12f498dd89c4d371a0bf304686bacec9a62
SHA512: 702fa7776dd46b8250d499064df2232fe1b34f1583f27de1183d65bfc1eaa9d79ce05fbe47ee34d0ba7e3a10805aa8c3dafc7e737ca7c76903d5dcc6e508f7d9
Fichier dmxbl.exe reçu le 2008.03.09 11:29:44 (CET)
Situation actuelle: terminé
Résultat: 8/32 (25.00%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - Win32/PolyCrypt
BitDefender - - MemScan:Trojan.Downloader.Zlob.ABLC
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - -
FileAdvisor - - -
Fortinet - - -
Ikarus - - -
Kaspersky - - Heur.Trojan.Generic
McAfee - - -
Microsoft - - Trojan:Win32/Alureon.gen!H
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Self Modifying EXE
Rising - - -
Sophos - - -
Sunbelt - - VIPRE.Suspicious
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - Trojan.Crypt.XPACK.Gen
Information additionnelle
MD5: 3cb967bc82c74084cf4e323b8a45202c
SHA1: 287510e01fb9a2a9b903bb786f2471226e43d5a8
SHA256: 2ffd54aecbcd16202af36347b819b12f498dd89c4d371a0bf304686bacec9a62
SHA512: 702fa7776dd46b8250d499064df2232fe1b34f1583f27de1183d65bfc1eaa9d79ce05fbe47ee34d0ba7e3a10805aa8c3dafc7e737ca7c76903d5dcc6e508f7d9
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 21:25
22 avril 2008 à 21:25
Re,
le rapport de smitfraudfix est incomplet.
Le mieux est de recommencer la maneuvre et de reposter le rapport.
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Clique droit sur OAD et exécuter en tant qu'administrateur pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de : dmxbl
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
le rapport de smitfraudfix est incomplet.
Le mieux est de recommencer la maneuvre et de reposter le rapport.
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Clique droit sur OAD et exécuter en tant qu'administrateur pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de : dmxbl
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Note importante : Suivant la taille des disques dur cette recherche peut prendre plusieurs minutes. Sois patient(e)
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 21:40
22 avril 2008 à 21:40
Re :-)
J'ai bien (du moins je pense) suivi tes instructions, mais il me dit que le fichier est introuvable ensuite il a rechercher des fichier enregistré mais il n'en a pas trové. Il me donne donc un rapport vide.
En regardant en peu dans les rapports que j'ai posté, j'ai lu fichier infecté qu'il parlait de game box quelque chose du genre (désolé pour la précision) mais j'ai justement supprimer et désinstallé ce programme télécharger d'internet il y a 2 ou 3 jours, je n'y connais pas grand chose mais c'est peu être ça qu'il ne trouve pas, non?
J'ai bien (du moins je pense) suivi tes instructions, mais il me dit que le fichier est introuvable ensuite il a rechercher des fichier enregistré mais il n'en a pas trové. Il me donne donc un rapport vide.
En regardant en peu dans les rapports que j'ai posté, j'ai lu fichier infecté qu'il parlait de game box quelque chose du genre (désolé pour la précision) mais j'ai justement supprimer et désinstallé ce programme télécharger d'internet il y a 2 ou 3 jours, je n'y connais pas grand chose mais c'est peu être ça qu'il ne trouve pas, non?
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 21:42
22 avril 2008 à 21:42
C'est dans ce rapport que j'ai vu ça, dans les fichiers infectés
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 669
Type de recherche: Examen complet (C:\|E:\|F:\|)
Eléments examinés: 168773
Temps écoulé: 55 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 13
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\internetgamebox (Adware.EGDAccess) -> No action taken.
HKEY_CURRENT_USER\Software\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\SearchPorn (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchPorn (Trojan.DNSChanger) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\InternetGameBox (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn (Trojan.DNSChanger) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\InternetGameBox\InternetGameBox.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\language (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\uninst.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOff.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\AttenteOn.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_en.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_es.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\configv2_fr.xml (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\NoS2F.bin (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\ressources\favoris\defaultv2.swf (Adware.EGDAccess) -> No action taken.
C:\Program Files\InternetGameBox\skins\skinv2.skn (Adware.EGDAccess) -> No action taken.
C:\Program Files\SearchPorn\Uninstall.exe (Trojan.DNSChanger) -> No action taken.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> No action taken.
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 22:03
22 avril 2008 à 22:03
Re,
poste le rapport de OAD.
Refais tourner SmitfraudFix et poste le rapport.
poste le rapport de OAD.
Refais tourner SmitfraudFix et poste le rapport.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 22:25
22 avril 2008 à 22:25
Voici déja le rapprot SmitfraudFix que je viens de refaire
Celui de OAD est entrain de tourner
SmitFraudFix v2.316
Scan done at 22:17:41,52, mar. 22/04/2008
Run from C:\Users\eric\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Broadcom NetLink (TM) Gigabit Ethernet
DNS Server Search Order: 85.255.114.58
DNS Server Search Order: 85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Celui de OAD est entrain de tourner
SmitFraudFix v2.316
Scan done at 22:17:41,52, mar. 22/04/2008
Run from C:\Users\eric\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\eric\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="APSHook.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Broadcom NetLink (TM) Gigabit Ethernet
DNS Server Search Order: 85.255.114.58
DNS Server Search Order: 85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 22:31
22 avril 2008 à 22:31
Pour OAD de nouveau pareil
il m'ouvrfe une page sans titre-Bloc-note et une petite fenêtre devant avec un sigle attention, qui me dit que le fichier C:/resultat.txt est introuvable.
il m'ouvrfe une page sans titre-Bloc-note et une petite fenêtre devant avec un sigle attention, qui me dit que le fichier C:/resultat.txt est introuvable.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 22:39
22 avril 2008 à 22:39
Il y a quelque chose qui me semble bizzard, lorsque je clique sur le lien ici en dessous, une fenêtre OAD sur fond bleu s'ouvre directement. Je ne sais donc pas suivre les premières étape de tes instructions :-/
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Clique droit sur OAD et exécuter en tant qu'administrateur pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de : dmxbl
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau
Clique droit sur OAD et exécuter en tant qu'administrateur pour le lancer
- nom de fichier à rechercher tape ou fais un copier coller de : dmxbl
- Type de recherche : sélectionne l'option 6 puis valide [entree]
OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.
- Fais un copier / coller de ce rapport dans ton prochain post.
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 22:36
22 avril 2008 à 22:36
Re,
après OAD,
relance Smitfraud Fix, choisis l'option 5.
Poste le rapport avec un nouveau rapport Hijackthis.
après OAD,
relance Smitfraud Fix, choisis l'option 5.
Poste le rapport avec un nouveau rapport Hijackthis.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 22:42
22 avril 2008 à 22:42
Voici le rapport Smith FraudFix
SmitFraudFix v2.316
Scan done at 22:40:26,92, mar. 22/04/2008
Run from C:\Users\eric\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Broadcom NetLink (TM) Gigabit Ethernet
DNS Server Search Order: 85.255.114.58
DNS Server Search Order: 85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
Description: Broadcom NetLink (TM) Gigabit Ethernet
DNS Server Search Order: 212.68.193.110
DNS Server Search Order: 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
SmitFraudFix v2.316
Scan done at 22:40:26,92, mar. 22/04/2008
Run from C:\Users\eric\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Broadcom NetLink (TM) Gigabit Ethernet
DNS Server Search Order: 85.255.114.58
DNS Server Search Order: 85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: DhcpNameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer=85.255.114.58,85.255.112.222
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.58 85.255.112.222
»»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix
Description: Broadcom NetLink (TM) Gigabit Ethernet
DNS Server Search Order: 212.68.193.110
DNS Server Search Order: 212.68.193.196
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: DhcpNameServer=212.68.193.110 212.68.193.196
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 22:47
22 avril 2008 à 22:47
Et voici le nouveau rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:26, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [awnhkm] c:\users\eric\appdata\local\awnhkm.exe awnhkm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:26, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [awnhkm] c:\users\eric\appdata\local\awnhkm.exe awnhkm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 22:51
22 avril 2008 à 22:51
Re,
on abandonne OAD.
Relance HijackThis.
Choisis Do a scan only
Coche la case devant les lignes suivantes
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.
Clique sur fix checked.
Ferme Hijackthis.
Ouvre l'explorateur Windows, cherche C:\Windows\system32\dmxbl.exe, clic droit et supprimer.
Redémarre l'ordi et remets un rapport Hijackthis.
on abandonne OAD.
Relance HijackThis.
Choisis Do a scan only
Coche la case devant les lignes suivantes
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
Ferme toutes les fenêtres (hormis HijackThis), y compris ton navigateur.
Clique sur fix checked.
Ferme Hijackthis.
Ouvre l'explorateur Windows, cherche C:\Windows\system32\dmxbl.exe, clic droit et supprimer.
Redémarre l'ordi et remets un rapport Hijackthis.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 23:15
22 avril 2008 à 23:15
Voilà je viens de redémarré mon pc mais lorsque j'ouvre hijjackThis, j'ai une fen$etre qui s'ouvre et qui me dit: hijjackThis is already running
??????
??????
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 23:17
22 avril 2008 à 23:17
Re,
redémarre à nouveau
et réessaye
redémarre à nouveau
et réessaye
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
22 avril 2008 à 23:28
22 avril 2008 à 23:28
re,
Voilà,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:26, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [awnhkm] c:\users\eric\appdata\local\awnhkm.exe awnhkm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Voilà,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:26, on 22/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\eric\AppData\Local\awnhkm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [dmxbl.exe] C:\Windows\system32\dmxbl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [awnhkm] c:\users\eric\appdata\local\awnhkm.exe awnhkm
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8337EA4-74B5-48C6-8BF9-BB8C7944F652}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{C42A6795-9995-4787-8F7F-530B8925F39F}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{EC000849-ECEC-47D3-A4E2-5DB967200F2C}: NameServer = 85.255.114.58,85.255.112.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.58 85.255.112.222
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
22 avril 2008 à 23:36
22 avril 2008 à 23:36
Re,
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter
en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
Télécharge maintenant Navilog1 depuis-ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter
en tant qu'administrateur".
Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche le blocnote va s'ouvrir.
Copie-colle l'intégralité du rapport dans une réponse.
Referme le blocnote
Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
Bonjour Lyonnais,
Voilà je pense avoir bien suivi ce que vous m'avez dit. Je peux réactiver les comptes utilisateurs?
Merci encore
Search Navipromo version 3.5.4 commencé le jeu. 24/04/2008 à 7:47:44,18
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "eric"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Executé en mode normal
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" ***
*** Recherche dossiers dans "c:\users\eric\appdata\roaming\microsoft\windows\start menu\programs" ***
*** Recherche dossiers dans "C:\Users\eric\AppData\Local\virtualstore\Program Files" ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans "C:\Users\eric\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\eric\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\eric\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\eric\AppData\Local\Microsoft" :
* Dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\eric\AppData\Local" :
awnhkm_navup.dat trouvé !
edrjfleg.dat trouvé !
edrjfleg_nav.dat trouvé !
edrjfleg_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le jeu. 24/04/2008 à 7:57:40,78 ***
Voilà je pense avoir bien suivi ce que vous m'avez dit. Je peux réactiver les comptes utilisateurs?
Merci encore
Search Navipromo version 3.5.4 commencé le jeu. 24/04/2008 à 7:47:44,18
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "eric"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Executé en mode normal
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" ***
*** Recherche dossiers dans "c:\users\eric\appdata\roaming\microsoft\windows\start menu\programs" ***
*** Recherche dossiers dans "C:\Users\eric\AppData\Local\virtualstore\Program Files" ***
...\InternetGameBox trouvé !
*** Recherche dossiers dans "C:\Users\eric\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\eric\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" *
* Recherche dans "C:\Users\eric\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
HKEY_CURRENT_USER\Software\Lanconfig trouvé !
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\eric\AppData\Local\Microsoft" :
* Dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" :
* Dans "C:\Users\eric\AppData\Local" :
awnhkm_navup.dat trouvé !
edrjfleg.dat trouvé !
edrjfleg_nav.dat trouvé !
edrjfleg_navps.dat trouvé !
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le jeu. 24/04/2008 à 7:57:40,78 ***
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
24 avril 2008 à 08:43
24 avril 2008 à 08:43
Bonjour,
Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".
Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaître
Réactive le contrôle des comptes utilisateurs (UAC)
PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau
Poste le rapport (cleannavi.txt) dans ta réponse avec un nouveau rapport Hijackthis.
Pour l'UAC, on attend la fin de la dsinfection.
Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".
Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaître
Réactive le contrôle des comptes utilisateurs (UAC)
PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau
Poste le rapport (cleannavi.txt) dans ta réponse avec un nouveau rapport Hijackthis.
Pour l'UAC, on attend la fin de la dsinfection.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
24 avril 2008 à 13:42
24 avril 2008 à 13:42
Re,
Voici le rapport fait avec Novilog 1 que je viens de faire en tant qu'administrateur
Clean Navipromo version 3.5.4 commencé le jeu. 24/04/2008 à 13:28:48,76
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "eric"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\Windows\System32" *
* Suppression dans "C:\Users\eric\AppData\Local\Microsoft" *
* Suppression dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" *
* Suppression dans "C:\Users\eric\AppData\Local" *
*** Suppression dossiers dans "C:\Windows" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\ProgramData" ***
*** Suppression dossiers dans "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" ***
*** Suppression dossiers dans c:\users\eric\appdata\roaming\microsoft\windows\start menu\programs ***
*** Suppression dossiers dans "C:\Users\eric\AppData\Local\virtualstore\Program Files" ***
...\InternetGameBox ...suppression...
...\InternetGameBox supprimé !
*** Suppression dossiers dans "C:\Users\eric\AppData\Roaming" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\eric\AppData\Local\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\Windows\system32" *
* Dans "C:\Users\eric\AppData\Local\Microsoft" *
* Dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" *
* Dans "C:\Users\eric\AppData\Local" *
edrjfleg.dat trouvé !
Copie edrjfleg.dat réalisée avec succès !
edrjfleg.dat supprimé !
edrjfleg_nav.dat trouvé !
Copie edrjfleg_nav.dat réalisée avec succès !
edrjfleg_nav.dat supprimé !
edrjfleg_navps.dat trouvé !
Copie edrjfleg_navps.dat réalisée avec succès !
edrjfleg_navps.dat supprimé !
awnhkm_navup.dat trouvé !
Copie awnhkm_navup.dat réalisée avec succès !
awnhkm_navup.dat supprimé !
edrjfleg.exe trouvé !
Copie edrjfleg.exe réalisée avec succès !
edrjfleg.exe supprimé !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le jeu. 24/04/2008 à 13:34:37,47 ***
Et voici le rapport hijackthis mais je l'ai fait sans avoir réactiver les comptes utilisateurs. Cela change-t-il quelque chose pour le rapport?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:13, on 24/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Voici le rapport fait avec Novilog 1 que je viens de faire en tant qu'administrateur
Clean Navipromo version 3.5.4 commencé le jeu. 24/04/2008 à 13:28:48,76
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "eric"
Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16609
Système de fichiers : NTFS
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\Windows\System32" *
* Suppression dans "C:\Users\eric\AppData\Local\Microsoft" *
* Suppression dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" *
* Suppression dans "C:\Users\eric\AppData\Local" *
*** Suppression dossiers dans "C:\Windows" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\ProgramData" ***
*** Suppression dossiers dans "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" ***
*** Suppression dossiers dans c:\users\eric\appdata\roaming\microsoft\windows\start menu\programs ***
*** Suppression dossiers dans "C:\Users\eric\AppData\Local\virtualstore\Program Files" ***
...\InternetGameBox ...suppression...
...\InternetGameBox supprimé !
*** Suppression dossiers dans "C:\Users\eric\AppData\Roaming" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\eric\AppData\Local\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\Windows\system32" *
* Dans "C:\Users\eric\AppData\Local\Microsoft" *
* Dans "C:\Users\eric\AppData\Local\virtualstore\windows\system32" *
* Dans "C:\Users\eric\AppData\Local" *
edrjfleg.dat trouvé !
Copie edrjfleg.dat réalisée avec succès !
edrjfleg.dat supprimé !
edrjfleg_nav.dat trouvé !
Copie edrjfleg_nav.dat réalisée avec succès !
edrjfleg_nav.dat supprimé !
edrjfleg_navps.dat trouvé !
Copie edrjfleg_navps.dat réalisée avec succès !
edrjfleg_navps.dat supprimé !
awnhkm_navup.dat trouvé !
Copie awnhkm_navup.dat réalisée avec succès !
awnhkm_navup.dat supprimé !
edrjfleg.exe trouvé !
Copie edrjfleg.exe réalisée avec succès !
edrjfleg.exe supprimé !
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !
*** Nettoyage terminé le jeu. 24/04/2008 à 13:34:37,47 ***
Et voici le rapport hijackthis mais je l'ai fait sans avoir réactiver les comptes utilisateurs. Cela change-t-il quelque chose pour le rapport?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:13, on 24/04/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Windows\system32\conime.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
>
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
29 avril 2008 à 14:27
29 avril 2008 à 14:27
A
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
24 avril 2008 à 13:51
24 avril 2008 à 13:51
Bonjour,
garde l'UAC désactivé
Ouvre ce lien :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
pour télécharger lopxp de moe.
Enregistre le fichier Lopxpsetup.exe sur ton bureau.
Double clic sur son icône pour lancer l'installation
Sur ton bureau, une nouvelle icône est apparue : lopxp (avec une petite roue dentée).
Clic droit sur lopxp. et choisir exécuter en tant qu'administrateur.
Au menu, choisir l'option 1
Patiente jusqu'à que l'on demande d'appuyer sur une touche. Appuye !
Le bloc-notes s'ouvre. Copie/colle le contenu dans ta réponse.
garde l'UAC désactivé
Ouvre ce lien :
http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe
pour télécharger lopxp de moe.
Enregistre le fichier Lopxpsetup.exe sur ton bureau.
Double clic sur son icône pour lancer l'installation
Sur ton bureau, une nouvelle icône est apparue : lopxp (avec une petite roue dentée).
Clic droit sur lopxp. et choisir exécuter en tant qu'administrateur.
Au menu, choisir l'option 1
Patiente jusqu'à que l'on demande d'appuyer sur une touche. Appuye !
Le bloc-notes s'ouvre. Copie/colle le contenu dans ta réponse.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
24 avril 2008 à 14:16
24 avril 2008 à 14:16
Re,
Lorsque je double cic sur l'icône la fenêtre s'ouvre et me dit: "Version non supportée. Nécessite Windows XP."
Il me demande d'appuyer sur une touche mais lorsque j'appuie, la fenêtre ce ferme.
Je pense que c'est parce que j'ai vista non?
Lorsque je double cic sur l'icône la fenêtre s'ouvre et me dit: "Version non supportée. Nécessite Windows XP."
Il me demande d'appuyer sur une touche mais lorsque j'appuie, la fenêtre ce ferme.
Je pense que c'est parce que j'ai vista non?
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
24 avril 2008 à 14:34
24 avril 2008 à 14:34
Re,
oui, c'est un problème Vista.
Supprime tout ce que tu as téléchargé de lopxp.
On va utiliser un outil qui est compatible mais que je connais beaucoup moins.
Ouvre ce lien :
https://sites.google.com/site/eric71mespages/lop.sd.exe
Descend dans la page jusqu'à Installation de l'outil.
La, tu suis le tuto jusqu'à l'obtention du rapport de l'option 1.
Tu ne fais pas l'option de nettoyage ( 2 ou 3).
Tu postes le rapport dans ta réponse.
oui, c'est un problème Vista.
Supprime tout ce que tu as téléchargé de lopxp.
On va utiliser un outil qui est compatible mais que je connais beaucoup moins.
Ouvre ce lien :
https://sites.google.com/site/eric71mespages/lop.sd.exe
Descend dans la page jusqu'à Installation de l'outil.
La, tu suis le tuto jusqu'à l'obtention du rapport de l'option 1.
Tu ne fais pas l'option de nettoyage ( 2 ou 3).
Tu postes le rapport dans ta réponse.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
29 avril 2008 à 14:30
29 avril 2008 à 14:30
Bonjour Lyonnais,
J'ai bien désinstallé lopxp et télécharger lop.sd.exe voici le rapport
-----------------------[ Lop S&D 4.1.1-8 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : eric ] [ "C:\Lop SD" ]
[ mar. 29/04/2008 | 14:17:39,94 ] [ PC : PC-DE-ERIC ]
[ MAJ : 23-04-2008 | 20:06 ]
[ UAC => 0 ]
-------------[ Listing des dossiers dans Application Data ]------------
[15/02/2008|16:14] C:\Users\eric\AppData\Roaming\Fuzzy Games\Fab Fashion
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\..
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\.
[12/02/2008|16:56] C:\Users\eric\AppData\Roaming\Gaijin Ent\StandOFood
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\..
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\.
[11/04/2008|17:16] C:\Users\eric\AppData\Roaming\Gamelab\Jojos Fashion Show
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\..
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\.
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-dgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-brown-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-pink-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-purple-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lblue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-blue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-yellow-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-orange-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-red-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gem-fragments.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gems.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-particles.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\bonusfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-empty-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\boardfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\.
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\..
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-black-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-white-processed.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\highscoregems.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\fonts.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-processed.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-loadingwindow.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\numerics.frc
[21/04/2008|16:33] C:\Users\eric\AppData\Roaming\Google\Local Search History
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\..
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\.
[08/01/2008|18:01] C:\Users\eric\AppData\Roaming\Hewlett-Packard\HP Software UI
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUL}
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-49D7-2630EVQ4IVUQ}
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVE}
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-MTNQ-25MJ2E7T6VV0}
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVA}
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVV0}
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVU8}
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VT8}
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-QNSB-2186AUNB4VVQ}
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-AKDG-25VJ1BMCQVVJ}
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVVF}
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVUU}
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4CGG-25UBCLN2KVV1}
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUR}
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-QFBF-21L0MSNVAVVA}
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTH}
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Identities\{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVRU}
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVVO}
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVG}
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VU6}
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRF}
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-C4D7-2608OHPQ6VV3}
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVH}
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-LM58-24TAN8K5GVVI}
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU2}
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUJ}
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVP}
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-LCDK-256UOEQ6SVVA}
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVV9}
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-7EUN-25M9PALU0VVP}
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-KO19-25DIJFDG6VUK}
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-OIBL-25SSVB6LMVVP}
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVVH}
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUR}
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVV3}
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVUJ}
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-9VJM-21SJ3RB1CVVM}
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Identities\{016F961B-3D2E-4E2E-9A01-C511613C37D5}
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\..
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\ISEngine12.0
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\.
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\..
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\WinDVD
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\.
[09/02/2008|12:46] C:\Users\eric\AppData\Roaming\Jane s Hotel\profile.ini
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\..
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\.
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\Flash Player
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\.
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\..
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\.
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Office
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Templates
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\..
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Proof
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\.
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Document Building Blocks
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Word
[02/04/2008|22:34] C:\Users\eric\AppData\Roaming\Microsoft\Windows Photo Gallery
[28/02/2008|20:01] C:\Users\eric\AppData\Roaming\Microsoft\Internet Explorer
[05/02/2008|22:25] C:\Users\eric\AppData\Roaming\Microsoft\Crypto
[31/01/2008|11:44] C:\Users\eric\AppData\Roaming\Microsoft\WLTB Custom Buttons
[30/01/2008|10:10] C:\Users\eric\AppData\Roaming\Microsoft\IdentityCRL
[30/01/2008|10:00] C:\Users\eric\AppData\Roaming\Microsoft\Credentials
[29/01/2008|23:42] C:\Users\eric\AppData\Roaming\Microsoft\MSN Messenger
[14/01/2008|19:41] C:\Users\eric\AppData\Roaming\Microsoft\Speech
[02/01/2008|00:11] C:\Users\eric\AppData\Roaming\Microsoft\Windows
[25/12/2007|13:27] C:\Users\eric\AppData\Roaming\Microsoft\Excel
[25/12/2007|13:23] C:\Users\eric\AppData\Roaming\Microsoft\UProof
[25/12/2007|03:45] C:\Users\eric\AppData\Roaming\Microsoft\OIS
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\HTML Help
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\AddIns
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Microsoft\CLR Security Config
[30/10/2007|23:48] C:\Users\eric\AppData\Roaming\Microsoft\Protect
[30/10/2007|23:47] C:\Users\eric\AppData\Roaming\Microsoft\SystemCertificates
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\..
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\PuzzleLab
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\.
[11/03/2008|11:47] C:\Users\eric\AppData\Roaming\Nero\Nero8
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\..
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\..
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\.
[19/02/2008|13:55] C:\Users\eric\AppData\Roaming\PlayFirst\plantasia
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\..
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\.
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\PlayFirst\dreamchronicles
[15/02/2008|23:34] C:\Users\eric\AppData\Roaming\PlayFirst\dinerdashfloonthego
[08/02/2008|09:01] C:\Users\eric\AppData\Roaming\PlayFirst\chocolatier
[06/02/2008|15:06] C:\Users\eric\AppData\Roaming\PlayFirst\weddingdash
[01/02/2008|11:54] C:\Users\eric\AppData\Roaming\PlayFirst\PiratePoppers
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\..
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\.
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\Burger Island
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\..
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\.
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\..
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\.
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\hiscore.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\records.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\profiles.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\settings.dat
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\..
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\.
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\Savegame
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\..
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\UserTile.png\UserTile.png
[28/04/2008|07:07] C:\Users\eric\AppData\Roaming\vlc\vlcrc
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\cache
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\..
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\2168
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Zylom\2151
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Zylom\2159
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Zylom\2125
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Zylom\2154
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Zylom\2161
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Zylom\2158
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Zylom\2031
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Zylom\21
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Zylom\2142
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Zylom\2145
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Zylom\2098
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Zylom\2144
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Zylom\46
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Zylom\2015
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Zylom\2105
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Zylom\2071
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Zylom\169
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Zylom\2110
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Zylom\2076
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Zylom\2062
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Zylom\2141
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Zylom\2113
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Zylom\2094
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Zylom\2099
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Zylom\2115
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Zylom\2132
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Zylom\2116
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Zylom\2140
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Zylom\170
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Zylom\2101
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Zylom\2143
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Zylom\2129
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Zylom\2107
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Zylom\2124
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Zylom\152
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\132
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\ZylomGamesPlayer
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[29/04/2008 13:46][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[08/04/2008 18:28][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - eric.job
[29/04/2008 13:34][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{9919838F-968B-4539-B07C-5AF8C18469C6}.job
[29/04/2008 14:15][--ah-----] C:\Windows\tasks\SA.DAT
[29/04/2008 14:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[22/04/2008|16:07] C:\ProgramData\.
[22/04/2008|16:07] C:\ProgramData\..
[11/07/2007|01:41] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[27/12/2007|14:30] C:\ProgramData\Age of Empires 3
[14/02/2008|14:46] C:\ProgramData\Aliasworlds
[02/11/2006|15:02] C:\ProgramData\Application Data
[01/02/2008|12:32] C:\ProgramData\Arcade Lab
[14/04/2008|22:00] C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr
[11/04/2008|15:24] C:\ProgramData\Awem
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.1eit9
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.fta0c5
[09/11/2006|21:34] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/04/2008|22:00] C:\ProgramData\each new axis love
[29/01/2008|14:29] C:\ProgramData\eMule
[09/11/2006|21:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[30/10/2007|23:54] C:\ProgramData\Google
[11/07/2007|01:31] C:\ProgramData\Hewlett-Packard
[08/02/2008|15:35] C:\ProgramData\HipSoft
[30/10/2007|23:52] C:\ProgramData\InstallShield
[11/03/2008|00:01] C:\ProgramData\LightScribe
[22/04/2008|16:07] C:\ProgramData\Malwarebytes
[09/11/2006|21:34] C:\ProgramData\Menu D‚marrer
[14/04/2008|21:59] C:\ProgramData\Messenger Plus!
[25/12/2007|03:09] C:\ProgramData\Microsoft
[25/04/2008|13:26] C:\ProgramData\Microsoft Help
[09/11/2006|21:34] C:\ProgramData\ModŠles
[04/03/2008|14:53] C:\ProgramData\My Games
[22/02/2008|15:39] C:\ProgramData\MythPeople
[08/02/2008|21:54] C:\ProgramData\NannyMania
[10/03/2008|23:44] C:\ProgramData\Nero
[17/02/2008|13:11] C:\ProgramData\PlayFirst
[17/02/2008|22:16] C:\ProgramData\Real
[11/07/2007|01:49] C:\ProgramData\Roxio
[11/07/2007|01:43] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[25/03/2008|19:17] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[14/04/2008|22:00] C:\ProgramData\THUNK TRUST ACTIVE
[20/02/2008|19:51] C:\ProgramData\Zylom
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[24/04/2008|14:07] C:\Program Files\.
[24/04/2008|14:07] C:\Program Files\..
[11/07/2007|01:41] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[01/02/2008|15:30] C:\Program Files\Alice Greenfingers
[11/07/2007|01:21] C:\Program Files\Analog Devices
[24/04/2008|13:22] C:\Program Files\AskTBar
[09/02/2008|21:17] C:\Program Files\Build-a-lot
[22/04/2008|15:33] C:\Program Files\CCleaner
[14/04/2008|21:58] C:\Program Files\Circle Developement
[10/03/2008|23:44] C:\Program Files\Common Files
[29/01/2008|17:42] C:\Program Files\desktop.ini
[28/12/2007|12:24] C:\Program Files\EA GAMES
[29/01/2008|14:29] C:\Program Files\eMule
[09/11/2006|21:34] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[11/07/2007|02:21] C:\Program Files\Fingerprint Sensor
[29/01/2008|17:38] C:\Program Files\Google
[30/10/2007|23:52] C:\Program Files\Hewlett-Packard
[11/07/2007|02:23] C:\Program Files\Hp
[11/07/2007|01:57] C:\Program Files\HPQ
[30/01/2008|22:20] C:\Program Files\IKEA HomePlanner
[04/01/2008|23:40] C:\Program Files\InstallShield Installation Information
[11/07/2007|01:13] C:\Program Files\Intel
[25/04/2008|23:44] C:\Program Files\Internet Explorer
[30/10/2007|23:51] C:\Program Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Java
[24/04/2008|14:07] C:\Program Files\Lopxp
[30/10/2007|23:52] C:\Program Files\Macrovision Corp
[22/04/2008|16:07] C:\Program Files\Malwarebytes' Anti-Malware
[02/04/2008|21:17] C:\Program Files\Media Markt
[14/04/2008|21:58] C:\Program Files\Messenger Plus! Live
[02/01/2008|00:31] C:\Program Files\Microsoft Games
[11/07/2007|01:40] C:\Program Files\Microsoft Office
[11/07/2007|01:41] C:\Program Files\Microsoft Small Business
[31/01/2008|04:20] C:\Program Files\Microsoft SQL Server
[11/07/2007|01:36] C:\Program Files\Microsoft Visual Studio
[11/07/2007|01:37] C:\Program Files\Microsoft Works
[11/07/2007|01:39] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[14/04/2008|21:58] C:\Program Files\MSN Messenger
[29/01/2008|17:19] C:\Program Files\MSXML 4.0
[24/04/2008|13:34] C:\Program Files\Navilog1
[10/03/2008|23:44] C:\Program Files\Nero
[12/02/2008|09:32] C:\Program Files\Norton Internet Security
[11/07/2007|01:42] C:\Program Files\PDF Complete
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[11/07/2007|01:45] C:\Program Files\Roxio
[04/01/2008|21:05] C:\Program Files\Sierra
[06/02/2008|13:19] C:\Program Files\SuperCow
[04/01/2008|23:36] C:\Program Files\Surreal
[29/01/2008|18:53] C:\Program Files\Symantec
[11/07/2007|01:52] C:\Program Files\Synaptics
[22/04/2008|17:29] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/01/2008|21:33] C:\Program Files\VideoLAN
[30/10/2007|23:55] C:\Program Files\WIDCOMM
[29/01/2008|17:39] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[11/07/2007|01:17] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[14/04/2008|21:58] C:\Program Files\Windows Live
[31/01/2008|04:07] C:\Program Files\Windows Live Toolbar
[25/04/2008|23:44] C:\Program Files\Windows Mail
[29/01/2008|17:39] C:\Program Files\Windows Media Player
[09/11/2006|21:34] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[29/01/2008|17:39] C:\Program Files\Windows Sidebar
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/03/2008|23:44] C:\Program Files\Common Files\.
[10/03/2008|23:44] C:\Program Files\Common Files\..
[11/07/2007|01:36] C:\Program Files\Common Files\DESIGNER
[30/10/2007|23:52] C:\Program Files\Common Files\InstallShield
[30/10/2007|23:49] C:\Program Files\Common Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Common Files\Java
[11/07/2007|01:57] C:\Program Files\Common Files\LightScribe
[10/03/2008|23:40] C:\Program Files\Common Files\microsoft shared
[10/03/2008|23:47] C:\Program Files\Common Files\Nero
[11/07/2007|01:48] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[11/07/2007|01:50] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11/07/2007|01:45] C:\Program Files\Common Files\SureThing Shared
[12/02/2008|09:32] C:\Program Files\Common Files\Symantec Shared
[29/01/2008|17:39] C:\Program Files\Common Files\System
[30/01/2008|22:19] C:\Program Files\Common Files\Wise Installation Wizard
----------------------[ Recherche avec S_Lop ]---------------------
C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\ProgramData\Each New Axis Love
C:\ProgramData\Each New Axis Love\Dumb Platform.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 14:18:07
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:13][Doss:10] C:\Users\eric\AppData\Local\Temp
/!\ [Fich:182][Doss:1] C:\Users\eric\AppData\Roaming\MICROS~1\Windows\Cookies
/!\ [Fich:2664][Doss:4] C:\Users\eric\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[ UAC => 1 ]
--------------------[ Fin du rapport a 14:23:34,26 ]----------------------
D'avance merci
J'ai bien désinstallé lopxp et télécharger lop.sd.exe voici le rapport
-----------------------[ Lop S&D 4.1.1-8 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : eric ] [ "C:\Lop SD" ]
[ mar. 29/04/2008 | 14:17:39,94 ] [ PC : PC-DE-ERIC ]
[ MAJ : 23-04-2008 | 20:06 ]
[ UAC => 0 ]
-------------[ Listing des dossiers dans Application Data ]------------
[15/02/2008|16:14] C:\Users\eric\AppData\Roaming\Fuzzy Games\Fab Fashion
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\..
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\.
[12/02/2008|16:56] C:\Users\eric\AppData\Roaming\Gaijin Ent\StandOFood
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\..
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\.
[11/04/2008|17:16] C:\Users\eric\AppData\Roaming\Gamelab\Jojos Fashion Show
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\..
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\.
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-dgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-brown-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-pink-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-purple-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lblue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-blue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-yellow-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-orange-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-red-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gem-fragments.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gems.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-particles.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\bonusfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-empty-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\boardfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\.
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\..
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-black-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-white-processed.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\highscoregems.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\fonts.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-processed.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-loadingwindow.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\numerics.frc
[21/04/2008|16:33] C:\Users\eric\AppData\Roaming\Google\Local Search History
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\..
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\.
[08/01/2008|18:01] C:\Users\eric\AppData\Roaming\Hewlett-Packard\HP Software UI
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUL}
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-49D7-2630EVQ4IVUQ}
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVE}
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-MTNQ-25MJ2E7T6VV0}
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVA}
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVV0}
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVU8}
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VT8}
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-QNSB-2186AUNB4VVQ}
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-AKDG-25VJ1BMCQVVJ}
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVVF}
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVUU}
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4CGG-25UBCLN2KVV1}
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUR}
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-QFBF-21L0MSNVAVVA}
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTH}
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Identities\{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVRU}
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVVO}
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVG}
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VU6}
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRF}
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-C4D7-2608OHPQ6VV3}
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVH}
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-LM58-24TAN8K5GVVI}
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU2}
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUJ}
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVP}
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-LCDK-256UOEQ6SVVA}
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVV9}
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-7EUN-25M9PALU0VVP}
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-KO19-25DIJFDG6VUK}
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-OIBL-25SSVB6LMVVP}
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVVH}
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUR}
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVV3}
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVUJ}
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-9VJM-21SJ3RB1CVVM}
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Identities\{016F961B-3D2E-4E2E-9A01-C511613C37D5}
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\..
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\ISEngine12.0
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\.
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\..
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\WinDVD
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\.
[09/02/2008|12:46] C:\Users\eric\AppData\Roaming\Jane s Hotel\profile.ini
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\..
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\.
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\Flash Player
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\.
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\..
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\.
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Office
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Templates
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\..
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Proof
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\.
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Document Building Blocks
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Word
[02/04/2008|22:34] C:\Users\eric\AppData\Roaming\Microsoft\Windows Photo Gallery
[28/02/2008|20:01] C:\Users\eric\AppData\Roaming\Microsoft\Internet Explorer
[05/02/2008|22:25] C:\Users\eric\AppData\Roaming\Microsoft\Crypto
[31/01/2008|11:44] C:\Users\eric\AppData\Roaming\Microsoft\WLTB Custom Buttons
[30/01/2008|10:10] C:\Users\eric\AppData\Roaming\Microsoft\IdentityCRL
[30/01/2008|10:00] C:\Users\eric\AppData\Roaming\Microsoft\Credentials
[29/01/2008|23:42] C:\Users\eric\AppData\Roaming\Microsoft\MSN Messenger
[14/01/2008|19:41] C:\Users\eric\AppData\Roaming\Microsoft\Speech
[02/01/2008|00:11] C:\Users\eric\AppData\Roaming\Microsoft\Windows
[25/12/2007|13:27] C:\Users\eric\AppData\Roaming\Microsoft\Excel
[25/12/2007|13:23] C:\Users\eric\AppData\Roaming\Microsoft\UProof
[25/12/2007|03:45] C:\Users\eric\AppData\Roaming\Microsoft\OIS
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\HTML Help
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\AddIns
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Microsoft\CLR Security Config
[30/10/2007|23:48] C:\Users\eric\AppData\Roaming\Microsoft\Protect
[30/10/2007|23:47] C:\Users\eric\AppData\Roaming\Microsoft\SystemCertificates
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\..
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\PuzzleLab
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\.
[11/03/2008|11:47] C:\Users\eric\AppData\Roaming\Nero\Nero8
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\..
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\..
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\.
[19/02/2008|13:55] C:\Users\eric\AppData\Roaming\PlayFirst\plantasia
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\..
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\.
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\PlayFirst\dreamchronicles
[15/02/2008|23:34] C:\Users\eric\AppData\Roaming\PlayFirst\dinerdashfloonthego
[08/02/2008|09:01] C:\Users\eric\AppData\Roaming\PlayFirst\chocolatier
[06/02/2008|15:06] C:\Users\eric\AppData\Roaming\PlayFirst\weddingdash
[01/02/2008|11:54] C:\Users\eric\AppData\Roaming\PlayFirst\PiratePoppers
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\..
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\.
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\Burger Island
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\..
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\.
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\..
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\.
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\hiscore.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\records.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\profiles.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\settings.dat
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\..
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\.
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\Savegame
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\..
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\UserTile.png\UserTile.png
[28/04/2008|07:07] C:\Users\eric\AppData\Roaming\vlc\vlcrc
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\cache
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\..
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\2168
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Zylom\2151
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Zylom\2159
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Zylom\2125
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Zylom\2154
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Zylom\2161
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Zylom\2158
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Zylom\2031
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Zylom\21
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Zylom\2142
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Zylom\2145
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Zylom\2098
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Zylom\2144
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Zylom\46
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Zylom\2015
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Zylom\2105
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Zylom\2071
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Zylom\169
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Zylom\2110
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Zylom\2076
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Zylom\2062
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Zylom\2141
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Zylom\2113
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Zylom\2094
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Zylom\2099
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Zylom\2115
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Zylom\2132
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Zylom\2116
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Zylom\2140
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Zylom\170
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Zylom\2101
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Zylom\2143
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Zylom\2129
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Zylom\2107
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Zylom\2124
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Zylom\152
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\132
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\ZylomGamesPlayer
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[29/04/2008 13:46][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[08/04/2008 18:28][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - eric.job
[29/04/2008 13:34][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{9919838F-968B-4539-B07C-5AF8C18469C6}.job
[29/04/2008 14:15][--ah-----] C:\Windows\tasks\SA.DAT
[29/04/2008 14:13][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[22/04/2008|16:07] C:\ProgramData\.
[22/04/2008|16:07] C:\ProgramData\..
[11/07/2007|01:41] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[27/12/2007|14:30] C:\ProgramData\Age of Empires 3
[14/02/2008|14:46] C:\ProgramData\Aliasworlds
[02/11/2006|15:02] C:\ProgramData\Application Data
[01/02/2008|12:32] C:\ProgramData\Arcade Lab
[14/04/2008|22:00] C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr
[11/04/2008|15:24] C:\ProgramData\Awem
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.1eit9
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.fta0c5
[09/11/2006|21:34] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[14/04/2008|22:00] C:\ProgramData\each new axis love
[29/01/2008|14:29] C:\ProgramData\eMule
[09/11/2006|21:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[30/10/2007|23:54] C:\ProgramData\Google
[11/07/2007|01:31] C:\ProgramData\Hewlett-Packard
[08/02/2008|15:35] C:\ProgramData\HipSoft
[30/10/2007|23:52] C:\ProgramData\InstallShield
[11/03/2008|00:01] C:\ProgramData\LightScribe
[22/04/2008|16:07] C:\ProgramData\Malwarebytes
[09/11/2006|21:34] C:\ProgramData\Menu D‚marrer
[14/04/2008|21:59] C:\ProgramData\Messenger Plus!
[25/12/2007|03:09] C:\ProgramData\Microsoft
[25/04/2008|13:26] C:\ProgramData\Microsoft Help
[09/11/2006|21:34] C:\ProgramData\ModŠles
[04/03/2008|14:53] C:\ProgramData\My Games
[22/02/2008|15:39] C:\ProgramData\MythPeople
[08/02/2008|21:54] C:\ProgramData\NannyMania
[10/03/2008|23:44] C:\ProgramData\Nero
[17/02/2008|13:11] C:\ProgramData\PlayFirst
[17/02/2008|22:16] C:\ProgramData\Real
[11/07/2007|01:49] C:\ProgramData\Roxio
[11/07/2007|01:43] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[25/03/2008|19:17] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[14/04/2008|22:00] C:\ProgramData\THUNK TRUST ACTIVE
[20/02/2008|19:51] C:\ProgramData\Zylom
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[24/04/2008|14:07] C:\Program Files\.
[24/04/2008|14:07] C:\Program Files\..
[11/07/2007|01:41] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[01/02/2008|15:30] C:\Program Files\Alice Greenfingers
[11/07/2007|01:21] C:\Program Files\Analog Devices
[24/04/2008|13:22] C:\Program Files\AskTBar
[09/02/2008|21:17] C:\Program Files\Build-a-lot
[22/04/2008|15:33] C:\Program Files\CCleaner
[14/04/2008|21:58] C:\Program Files\Circle Developement
[10/03/2008|23:44] C:\Program Files\Common Files
[29/01/2008|17:42] C:\Program Files\desktop.ini
[28/12/2007|12:24] C:\Program Files\EA GAMES
[29/01/2008|14:29] C:\Program Files\eMule
[09/11/2006|21:34] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[11/07/2007|02:21] C:\Program Files\Fingerprint Sensor
[29/01/2008|17:38] C:\Program Files\Google
[30/10/2007|23:52] C:\Program Files\Hewlett-Packard
[11/07/2007|02:23] C:\Program Files\Hp
[11/07/2007|01:57] C:\Program Files\HPQ
[30/01/2008|22:20] C:\Program Files\IKEA HomePlanner
[04/01/2008|23:40] C:\Program Files\InstallShield Installation Information
[11/07/2007|01:13] C:\Program Files\Intel
[25/04/2008|23:44] C:\Program Files\Internet Explorer
[30/10/2007|23:51] C:\Program Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Java
[24/04/2008|14:07] C:\Program Files\Lopxp
[30/10/2007|23:52] C:\Program Files\Macrovision Corp
[22/04/2008|16:07] C:\Program Files\Malwarebytes' Anti-Malware
[02/04/2008|21:17] C:\Program Files\Media Markt
[14/04/2008|21:58] C:\Program Files\Messenger Plus! Live
[02/01/2008|00:31] C:\Program Files\Microsoft Games
[11/07/2007|01:40] C:\Program Files\Microsoft Office
[11/07/2007|01:41] C:\Program Files\Microsoft Small Business
[31/01/2008|04:20] C:\Program Files\Microsoft SQL Server
[11/07/2007|01:36] C:\Program Files\Microsoft Visual Studio
[11/07/2007|01:37] C:\Program Files\Microsoft Works
[11/07/2007|01:39] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[14/04/2008|21:58] C:\Program Files\MSN Messenger
[29/01/2008|17:19] C:\Program Files\MSXML 4.0
[24/04/2008|13:34] C:\Program Files\Navilog1
[10/03/2008|23:44] C:\Program Files\Nero
[12/02/2008|09:32] C:\Program Files\Norton Internet Security
[11/07/2007|01:42] C:\Program Files\PDF Complete
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[11/07/2007|01:45] C:\Program Files\Roxio
[04/01/2008|21:05] C:\Program Files\Sierra
[06/02/2008|13:19] C:\Program Files\SuperCow
[04/01/2008|23:36] C:\Program Files\Surreal
[29/01/2008|18:53] C:\Program Files\Symantec
[11/07/2007|01:52] C:\Program Files\Synaptics
[22/04/2008|17:29] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/01/2008|21:33] C:\Program Files\VideoLAN
[30/10/2007|23:55] C:\Program Files\WIDCOMM
[29/01/2008|17:39] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[11/07/2007|01:17] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[14/04/2008|21:58] C:\Program Files\Windows Live
[31/01/2008|04:07] C:\Program Files\Windows Live Toolbar
[25/04/2008|23:44] C:\Program Files\Windows Mail
[29/01/2008|17:39] C:\Program Files\Windows Media Player
[09/11/2006|21:34] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[29/01/2008|17:39] C:\Program Files\Windows Sidebar
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/03/2008|23:44] C:\Program Files\Common Files\.
[10/03/2008|23:44] C:\Program Files\Common Files\..
[11/07/2007|01:36] C:\Program Files\Common Files\DESIGNER
[30/10/2007|23:52] C:\Program Files\Common Files\InstallShield
[30/10/2007|23:49] C:\Program Files\Common Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Common Files\Java
[11/07/2007|01:57] C:\Program Files\Common Files\LightScribe
[10/03/2008|23:40] C:\Program Files\Common Files\microsoft shared
[10/03/2008|23:47] C:\Program Files\Common Files\Nero
[11/07/2007|01:48] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[11/07/2007|01:50] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11/07/2007|01:45] C:\Program Files\Common Files\SureThing Shared
[12/02/2008|09:32] C:\Program Files\Common Files\Symantec Shared
[29/01/2008|17:39] C:\Program Files\Common Files\System
[30/01/2008|22:19] C:\Program Files\Common Files\Wise Installation Wizard
----------------------[ Recherche avec S_Lop ]---------------------
C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
C:\ProgramData\Each New Axis Love
C:\ProgramData\Each New Axis Love\Dumb Platform.exe
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
----------------------[ Verification du Registre ]----------------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 14:18:07
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:13][Doss:10] C:\Users\eric\AppData\Local\Temp
/!\ [Fich:182][Doss:1] C:\Users\eric\AppData\Roaming\MICROS~1\Windows\Cookies
/!\ [Fich:2664][Doss:4] C:\Users\eric\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[ UAC => 1 ]
--------------------[ Fin du rapport a 14:23:34,26 ]----------------------
D'avance merci
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
2 mai 2008 à 23:16
2 mai 2008 à 23:16
Bonsoir,
relance lop S&D et choisiis l'option 3.
Poste le rapport avec un nouveau rapport Hijackthis.
relance lop S&D et choisiis l'option 3.
Poste le rapport avec un nouveau rapport Hijackthis.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
5 mai 2008 à 00:01
5 mai 2008 à 00:01
Bonsoir,
<gras>J'èspère que mes réponses ne sont as trop espacée mais la vie familiale fait que... :-)
<gras>Voici le rapport lopR ainsi que que le nouveau rapport hijackthis
-----------------------[ Lop S&D 4.1.1-8 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : eric ] [ "C:\Lop SD" ]
[ dim. 04/05/2008 | 23:41:43,17 ] [ PC : PC-DE-ERIC ]
[ MAJ : 23-04-2008 | 20:06 ]
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\ProgramData\Each New Axis Love\Dumb Platform.exe
Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
Supprimé! - C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr
Supprimé! - C:\ProgramData\Each New Axis Love
Supprimé! - C:\Program Files\Circle Developement
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[15/02/2008|16:14] C:\Users\eric\AppData\Roaming\Fuzzy Games\Fab Fashion
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\..
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\.
[12/02/2008|16:56] C:\Users\eric\AppData\Roaming\Gaijin Ent\StandOFood
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\..
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\.
[11/04/2008|17:16] C:\Users\eric\AppData\Roaming\Gamelab\Jojos Fashion Show
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\..
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\.
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-dgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-brown-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-pink-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-purple-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lblue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-blue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-yellow-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-orange-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-red-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gem-fragments.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gems.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-particles.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\bonusfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-empty-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\boardfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\.
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\..
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-black-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-white-processed.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\highscoregems.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\fonts.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-processed.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-loadingwindow.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\numerics.frc
[21/04/2008|16:33] C:\Users\eric\AppData\Roaming\Google\Local Search History
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\..
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\.
[08/01/2008|18:01] C:\Users\eric\AppData\Roaming\Hewlett-Packard\HP Software UI
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUL}
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-49D7-2630EVQ4IVUQ}
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVE}
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-MTNQ-25MJ2E7T6VV0}
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVA}
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVV0}
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVU8}
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VT8}
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-QNSB-2186AUNB4VVQ}
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-AKDG-25VJ1BMCQVVJ}
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVVF}
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVUU}
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4CGG-25UBCLN2KVV1}
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUR}
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-QFBF-21L0MSNVAVVA}
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTH}
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Identities\{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVRU}
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVVO}
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVG}
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VU6}
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRF}
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-C4D7-2608OHPQ6VV3}
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVH}
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-LM58-24TAN8K5GVVI}
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU2}
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUJ}
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVP}
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-LCDK-256UOEQ6SVVA}
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVV9}
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-7EUN-25M9PALU0VVP}
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-KO19-25DIJFDG6VUK}
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-OIBL-25SSVB6LMVVP}
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVVH}
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUR}
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVV3}
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVUJ}
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-9VJM-21SJ3RB1CVVM}
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Identities\{016F961B-3D2E-4E2E-9A01-C511613C37D5}
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\..
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\ISEngine12.0
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\.
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\..
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\WinDVD
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\.
[09/02/2008|12:46] C:\Users\eric\AppData\Roaming\Jane s Hotel\profile.ini
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\..
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\.
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\Flash Player
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\.
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\..
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\.
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Office
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Templates
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\..
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Proof
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\.
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Document Building Blocks
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Word
[02/04/2008|22:34] C:\Users\eric\AppData\Roaming\Microsoft\Windows Photo Gallery
[28/02/2008|20:01] C:\Users\eric\AppData\Roaming\Microsoft\Internet Explorer
[05/02/2008|22:25] C:\Users\eric\AppData\Roaming\Microsoft\Crypto
[31/01/2008|11:44] C:\Users\eric\AppData\Roaming\Microsoft\WLTB Custom Buttons
[30/01/2008|10:10] C:\Users\eric\AppData\Roaming\Microsoft\IdentityCRL
[30/01/2008|10:00] C:\Users\eric\AppData\Roaming\Microsoft\Credentials
[29/01/2008|23:42] C:\Users\eric\AppData\Roaming\Microsoft\MSN Messenger
[14/01/2008|19:41] C:\Users\eric\AppData\Roaming\Microsoft\Speech
[02/01/2008|00:11] C:\Users\eric\AppData\Roaming\Microsoft\Windows
[25/12/2007|13:27] C:\Users\eric\AppData\Roaming\Microsoft\Excel
[25/12/2007|13:23] C:\Users\eric\AppData\Roaming\Microsoft\UProof
[25/12/2007|03:45] C:\Users\eric\AppData\Roaming\Microsoft\OIS
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\HTML Help
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\AddIns
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Microsoft\CLR Security Config
[30/10/2007|23:48] C:\Users\eric\AppData\Roaming\Microsoft\Protect
[30/10/2007|23:47] C:\Users\eric\AppData\Roaming\Microsoft\SystemCertificates
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\..
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\PuzzleLab
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\.
[11/03/2008|11:47] C:\Users\eric\AppData\Roaming\Nero\Nero8
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\..
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\..
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\.
[19/02/2008|13:55] C:\Users\eric\AppData\Roaming\PlayFirst\plantasia
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\..
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\.
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\PlayFirst\dreamchronicles
[15/02/2008|23:34] C:\Users\eric\AppData\Roaming\PlayFirst\dinerdashfloonthego
[08/02/2008|09:01] C:\Users\eric\AppData\Roaming\PlayFirst\chocolatier
[06/02/2008|15:06] C:\Users\eric\AppData\Roaming\PlayFirst\weddingdash
[01/02/2008|11:54] C:\Users\eric\AppData\Roaming\PlayFirst\PiratePoppers
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\..
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\.
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\Burger Island
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\..
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\.
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\..
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\.
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\hiscore.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\records.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\profiles.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\settings.dat
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\..
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\.
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\Savegame
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\..
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\UserTile.png\UserTile.png
[02/05/2008|09:06] C:\Users\eric\AppData\Roaming\vlc\vlcrc
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\cache
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\..
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\2168
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Zylom\2151
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Zylom\2159
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Zylom\2125
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Zylom\2154
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Zylom\2161
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Zylom\2158
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Zylom\2031
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Zylom\21
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Zylom\2142
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Zylom\2145
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Zylom\2098
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Zylom\2144
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Zylom\46
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Zylom\2015
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Zylom\2105
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Zylom\2071
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Zylom\169
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Zylom\2110
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Zylom\2076
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Zylom\2062
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Zylom\2141
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Zylom\2113
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Zylom\2094
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Zylom\2099
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Zylom\2115
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Zylom\2132
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Zylom\2116
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Zylom\2140
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Zylom\170
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Zylom\2101
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Zylom\2143
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Zylom\2129
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Zylom\2107
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Zylom\2124
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Zylom\152
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\132
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\ZylomGamesPlayer
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[04/05/2008 22:46][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[08/04/2008 18:28][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - eric.job
[04/05/2008 19:05][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{9919838F-968B-4539-B07C-5AF8C18469C6}.job
[04/05/2008 23:39][--ah-----] C:\Windows\tasks\SA.DAT
[04/05/2008 23:37][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[04/05/2008|23:42] C:\ProgramData\.
[04/05/2008|23:42] C:\ProgramData\..
[11/07/2007|01:41] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[27/12/2007|14:30] C:\ProgramData\Age of Empires 3
[14/02/2008|14:46] C:\ProgramData\Aliasworlds
[02/11/2006|15:02] C:\ProgramData\Application Data
[01/02/2008|12:32] C:\ProgramData\Arcade Lab
[11/04/2008|15:24] C:\ProgramData\Awem
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.1eit9
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.fta0c5
[09/11/2006|21:34] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[29/01/2008|14:29] C:\ProgramData\eMule
[09/11/2006|21:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[30/10/2007|23:54] C:\ProgramData\Google
[11/07/2007|01:31] C:\ProgramData\Hewlett-Packard
[08/02/2008|15:35] C:\ProgramData\HipSoft
[30/10/2007|23:52] C:\ProgramData\InstallShield
[11/03/2008|00:01] C:\ProgramData\LightScribe
[22/04/2008|16:07] C:\ProgramData\Malwarebytes
[09/11/2006|21:34] C:\ProgramData\Menu D‚marrer
[14/04/2008|21:59] C:\ProgramData\Messenger Plus!
[25/12/2007|03:09] C:\ProgramData\Microsoft
[25/04/2008|13:26] C:\ProgramData\Microsoft Help
[09/11/2006|21:34] C:\ProgramData\ModŠles
[04/03/2008|14:53] C:\ProgramData\My Games
[22/02/2008|15:39] C:\ProgramData\MythPeople
[08/02/2008|21:54] C:\ProgramData\NannyMania
[10/03/2008|23:44] C:\ProgramData\Nero
[17/02/2008|13:11] C:\ProgramData\PlayFirst
[17/02/2008|22:16] C:\ProgramData\Real
[11/07/2007|01:49] C:\ProgramData\Roxio
[11/07/2007|01:43] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[25/03/2008|19:17] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[14/04/2008|22:00] C:\ProgramData\THUNK TRUST ACTIVE
[20/02/2008|19:51] C:\ProgramData\Zylom
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[04/05/2008|23:42] C:\Program Files\.
[04/05/2008|23:42] C:\Program Files\..
[11/07/2007|01:41] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[01/02/2008|15:30] C:\Program Files\Alice Greenfingers
[11/07/2007|01:21] C:\Program Files\Analog Devices
[24/04/2008|13:22] C:\Program Files\AskTBar
[09/02/2008|21:17] C:\Program Files\Build-a-lot
[22/04/2008|15:33] C:\Program Files\CCleaner
[10/03/2008|23:44] C:\Program Files\Common Files
[29/01/2008|17:42] C:\Program Files\desktop.ini
[28/12/2007|12:24] C:\Program Files\EA GAMES
[29/01/2008|14:29] C:\Program Files\eMule
[09/11/2006|21:34] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[11/07/2007|02:21] C:\Program Files\Fingerprint Sensor
[29/01/2008|17:38] C:\Program Files\Google
[30/10/2007|23:52] C:\Program Files\Hewlett-Packard
[11/07/2007|02:23] C:\Program Files\Hp
[11/07/2007|01:57] C:\Program Files\HPQ
[30/01/2008|22:20] C:\Program Files\IKEA HomePlanner
[04/01/2008|23:40] C:\Program Files\InstallShield Installation Information
[11/07/2007|01:13] C:\Program Files\Intel
[25/04/2008|23:44] C:\Program Files\Internet Explorer
[30/10/2007|23:51] C:\Program Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Java
[24/04/2008|14:07] C:\Program Files\Lopxp
[30/10/2007|23:52] C:\Program Files\Macrovision Corp
[22/04/2008|16:07] C:\Program Files\Malwarebytes' Anti-Malware
[02/04/2008|21:17] C:\Program Files\Media Markt
[14/04/2008|21:58] C:\Program Files\Messenger Plus! Live
[02/01/2008|00:31] C:\Program Files\Microsoft Games
[11/07/2007|01:40] C:\Program Files\Microsoft Office
[11/07/2007|01:41] C:\Program Files\Microsoft Small Business
[31/01/2008|04:20] C:\Program Files\Microsoft SQL Server
[11/07/2007|01:36] C:\Program Files\Microsoft Visual Studio
[11/07/2007|01:37] C:\Program Files\Microsoft Works
[11/07/2007|01:39] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[14/04/2008|21:58] C:\Program Files\MSN Messenger
[29/01/2008|17:19] C:\Program Files\MSXML 4.0
[24/04/2008|13:34] C:\Program Files\Navilog1
[10/03/2008|23:44] C:\Program Files\Nero
[12/02/2008|09:32] C:\Program Files\Norton Internet Security
[11/07/2007|01:42] C:\Program Files\PDF Complete
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[11/07/2007|01:45] C:\Program Files\Roxio
[04/01/2008|21:05] C:\Program Files\Sierra
[06/02/2008|13:19] C:\Program Files\SuperCow
[04/01/2008|23:36] C:\Program Files\Surreal
[29/01/2008|18:53] C:\Program Files\Symantec
[11/07/2007|01:52] C:\Program Files\Synaptics
[22/04/2008|17:29] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/01/2008|21:33] C:\Program Files\VideoLAN
[30/10/2007|23:55] C:\Program Files\WIDCOMM
[29/01/2008|17:39] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[11/07/2007|01:17] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[14/04/2008|21:58] C:\Program Files\Windows Live
[31/01/2008|04:07] C:\Program Files\Windows Live Toolbar
[25/04/2008|23:44] C:\Program Files\Windows Mail
[29/01/2008|17:39] C:\Program Files\Windows Media Player
[09/11/2006|21:34] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[29/01/2008|17:39] C:\Program Files\Windows Sidebar
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/03/2008|23:44] C:\Program Files\Common Files\.
[10/03/2008|23:44] C:\Program Files\Common Files\..
[11/07/2007|01:36] C:\Program Files\Common Files\DESIGNER
[30/10/2007|23:52] C:\Program Files\Common Files\InstallShield
[30/10/2007|23:49] C:\Program Files\Common Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Common Files\Java
[11/07/2007|01:57] C:\Program Files\Common Files\LightScribe
[10/03/2008|23:40] C:\Program Files\Common Files\microsoft shared
[10/03/2008|23:47] C:\Program Files\Common Files\Nero
[11/07/2007|01:48] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[11/07/2007|01:50] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11/07/2007|01:45] C:\Program Files\Common Files\SureThing Shared
[12/02/2008|09:32] C:\Program Files\Common Files\Symantec Shared
[29/01/2008|17:39] C:\Program Files\Common Files\System
[30/01/2008|22:19] C:\Program Files\Common Files\Wise Installation Wizard
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 23:42:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:19][Doss:11] C:\Users\eric\AppData\Local\Temp
/!\ [Fich:202][Doss:1] C:\Users\eric\AppData\Roaming\MICROS~1\Windows\Cookies
/!\ [Fich:4216][Doss:8] C:\Users\eric\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[ UAC => 1 ]
--------------------[ Fin du rapport a 23:49:08,49 ]----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:15, on 4/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
<gras>J'èspère que mes réponses ne sont as trop espacée mais la vie familiale fait que... :-)
<gras>Voici le rapport lopR ainsi que que le nouveau rapport hijackthis
-----------------------[ Lop S&D 4.1.1-8 XP/Vista ]---------------------
[ Windows 'Longhorn' (NT 6.0) Workstation Build 6000 ]
[ USER : eric ] [ "C:\Lop SD" ]
[ dim. 04/05/2008 | 23:41:43,17 ] [ PC : PC-DE-ERIC ]
[ MAJ : 23-04-2008 | 20:06 ]
[ UAC => 0 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////
Supprimé! - C:\ProgramData\Each New Axis Love\Dumb Platform.exe
Supprimé! - C:\Program Files\Circle Developement\Uninstall.exe
Supprimé! - C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr
Supprimé! - C:\ProgramData\Each New Axis Love
Supprimé! - C:\Program Files\Circle Developement
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des dossiers dans Application Data ]------------
[15/02/2008|16:14] C:\Users\eric\AppData\Roaming\Fuzzy Games\Fab Fashion
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\..
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Fuzzy Games\.
[12/02/2008|16:56] C:\Users\eric\AppData\Roaming\Gaijin Ent\StandOFood
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\..
[12/02/2008|16:54] C:\Users\eric\AppData\Roaming\Gaijin Ent\.
[11/04/2008|17:16] C:\Users\eric\AppData\Roaming\Gamelab\Jojos Fashion Show
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\..
[11/04/2008|17:00] C:\Users\eric\AppData\Roaming\Gamelab\.
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-dgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-brown-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-pink-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-purple-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lblue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-blue-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-yellow-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-orange-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-red-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-lgreen-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gem-fragments.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\gems.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-particles.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\bonusfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-empty-processed.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\boardfonts.frc
[04/03/2008|15:27] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\.
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\..
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-black-processed.frc
[04/03/2008|15:10] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\board-white-processed.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\highscoregems.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\fonts.frc
[04/03/2008|14:54] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-processed.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\resources-loadingwindow.frc
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\gemsweeperextractedgfx\numerics.frc
[21/04/2008|16:33] C:\Users\eric\AppData\Roaming\Google\Local Search History
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\..
[29/01/2008|14:18] C:\Users\eric\AppData\Roaming\Google\.
[08/01/2008|18:01] C:\Users\eric\AppData\Roaming\Hewlett-Packard\HP Software UI
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Hewlett-Packard\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVUL}
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Identities\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-49D7-2630EVQ4IVUQ}
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVVE}
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-MTNQ-25MJ2E7T6VV0}
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-CB1H-264U84BSAVVA}
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-Q64S-2675H2E5QVV0}
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVU8}
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VT8}
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-QNSB-2186AUNB4VVQ}
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG1-AKDG-25VJ1BMCQVVJ}
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-90CN-262FTCDKSVVF}
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVUU}
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-4CGG-25UBCLN2KVV1}
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUR}
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-QFBF-21L0MSNVAVVA}
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTH}
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Identities\{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVRU}
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVVO}
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVG}
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VU6}
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRF}
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG2-C4D7-2608OHPQ6VV3}
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG7-9H53-25QU2TIGSVVH}
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-LM58-24TAN8K5GVVI}
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU2}
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUJ}
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-NGIN-25I8KVHMGVVP}
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Identities\{00013KEU-UKQE-K6V0-LCDK-256UOEQ6SVVA}
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVV9}
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-7EUN-25M9PALU0VVP}
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG5-KO19-25DIJFDG6VUK}
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-OIBL-25SSVB6LMVVP}
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-2N9K-25RNCPIUKVVH}
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG6-L514-25CJ6NICMVUR}
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG3-VK8A-25GG67KOIVV3}
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVUJ}
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Identities\{000HQ7FF-AD7A-3FG4-9VJM-21SJ3RB1CVVM}
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Identities\{016F961B-3D2E-4E2E-9A01-C511613C37D5}
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\..
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\ISEngine12.0
[30/10/2007|23:49] C:\Users\eric\AppData\Roaming\InstallShield\.
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\..
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\WinDVD
[10/03/2008|22:24] C:\Users\eric\AppData\Roaming\InterVideo\.
[09/02/2008|12:46] C:\Users\eric\AppData\Roaming\Jane s Hotel\profile.ini
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\..
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Jane s Hotel\.
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\Flash Player
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\..
[30/10/2007|23:58] C:\Users\eric\AppData\Roaming\Macromedia\.
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\..
[22/04/2008|16:07] C:\Users\eric\AppData\Roaming\Malwarebytes\.
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Office
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Templates
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\..
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\Proof
[28/04/2008|19:32] C:\Users\eric\AppData\Roaming\Microsoft\.
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Document Building Blocks
[28/04/2008|19:31] C:\Users\eric\AppData\Roaming\Microsoft\Word
[02/04/2008|22:34] C:\Users\eric\AppData\Roaming\Microsoft\Windows Photo Gallery
[28/02/2008|20:01] C:\Users\eric\AppData\Roaming\Microsoft\Internet Explorer
[05/02/2008|22:25] C:\Users\eric\AppData\Roaming\Microsoft\Crypto
[31/01/2008|11:44] C:\Users\eric\AppData\Roaming\Microsoft\WLTB Custom Buttons
[30/01/2008|10:10] C:\Users\eric\AppData\Roaming\Microsoft\IdentityCRL
[30/01/2008|10:00] C:\Users\eric\AppData\Roaming\Microsoft\Credentials
[29/01/2008|23:42] C:\Users\eric\AppData\Roaming\Microsoft\MSN Messenger
[14/01/2008|19:41] C:\Users\eric\AppData\Roaming\Microsoft\Speech
[02/01/2008|00:11] C:\Users\eric\AppData\Roaming\Microsoft\Windows
[25/12/2007|13:27] C:\Users\eric\AppData\Roaming\Microsoft\Excel
[25/12/2007|13:23] C:\Users\eric\AppData\Roaming\Microsoft\UProof
[25/12/2007|03:45] C:\Users\eric\AppData\Roaming\Microsoft\OIS
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\HTML Help
[25/12/2007|02:50] C:\Users\eric\AppData\Roaming\Microsoft\AddIns
[31/10/2007|00:05] C:\Users\eric\AppData\Roaming\Microsoft\CLR Security Config
[30/10/2007|23:48] C:\Users\eric\AppData\Roaming\Microsoft\Protect
[30/10/2007|23:47] C:\Users\eric\AppData\Roaming\Microsoft\SystemCertificates
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\..
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\PuzzleLab
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\My Games\.
[11/03/2008|11:47] C:\Users\eric\AppData\Roaming\Nero\Nero8
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\..
[10/03/2008|23:49] C:\Users\eric\AppData\Roaming\Nero\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\..
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\PeerNetworking\.
[19/02/2008|13:55] C:\Users\eric\AppData\Roaming\PlayFirst\plantasia
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\..
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\PlayFirst\.
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\PlayFirst\dreamchronicles
[15/02/2008|23:34] C:\Users\eric\AppData\Roaming\PlayFirst\dinerdashfloonthego
[08/02/2008|09:01] C:\Users\eric\AppData\Roaming\PlayFirst\chocolatier
[06/02/2008|15:06] C:\Users\eric\AppData\Roaming\PlayFirst\weddingdash
[01/02/2008|11:54] C:\Users\eric\AppData\Roaming\PlayFirst\PiratePoppers
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\..
[25/12/2007|04:45] C:\Users\eric\AppData\Roaming\SampleView\.
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\Burger Island
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\..
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Sandlot Games\.
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\..
[03/03/2008|12:01] C:\Users\eric\AppData\Roaming\SMov\.
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\hiscore.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\records.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\profiles.dat
[07/02/2008|12:40] C:\Users\eric\AppData\Roaming\Super-Cow\settings.dat
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\..
[06/02/2008|00:11] C:\Users\eric\AppData\Roaming\Super-Cow\.
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\Savegame
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\..
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\TheScruffs\.
[24/01/2008|21:19] C:\Users\eric\AppData\Roaming\UserTile.png\UserTile.png
[02/05/2008|09:06] C:\Users\eric\AppData\Roaming\vlc\vlcrc
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\cache
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\..
[29/01/2008|23:37] C:\Users\eric\AppData\Roaming\vlc\.
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\2168
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\..
[11/04/2008|16:59] C:\Users\eric\AppData\Roaming\Zylom\.
[11/04/2008|15:24] C:\Users\eric\AppData\Roaming\Zylom\2151
[07/04/2008|14:00] C:\Users\eric\AppData\Roaming\Zylom\2159
[07/04/2008|13:52] C:\Users\eric\AppData\Roaming\Zylom\2125
[07/04/2008|11:28] C:\Users\eric\AppData\Roaming\Zylom\2154
[07/04/2008|10:06] C:\Users\eric\AppData\Roaming\Zylom\2161
[18/03/2008|16:36] C:\Users\eric\AppData\Roaming\Zylom\2158
[04/03/2008|16:21] C:\Users\eric\AppData\Roaming\Zylom\2031
[04/03/2008|16:16] C:\Users\eric\AppData\Roaming\Zylom\21
[04/03/2008|15:58] C:\Users\eric\AppData\Roaming\Zylom\2142
[04/03/2008|14:53] C:\Users\eric\AppData\Roaming\Zylom\2145
[25/02/2008|17:21] C:\Users\eric\AppData\Roaming\Zylom\2098
[22/02/2008|15:38] C:\Users\eric\AppData\Roaming\Zylom\2144
[20/02/2008|19:51] C:\Users\eric\AppData\Roaming\Zylom\46
[20/02/2008|10:14] C:\Users\eric\AppData\Roaming\Zylom\2015
[19/02/2008|14:54] C:\Users\eric\AppData\Roaming\Zylom\2105
[19/02/2008|13:49] C:\Users\eric\AppData\Roaming\Zylom\2071
[17/02/2008|22:15] C:\Users\eric\AppData\Roaming\Zylom\169
[17/02/2008|13:11] C:\Users\eric\AppData\Roaming\Zylom\2110
[16/02/2008|11:36] C:\Users\eric\AppData\Roaming\Zylom\2076
[15/02/2008|17:14] C:\Users\eric\AppData\Roaming\Zylom\2062
[15/02/2008|16:10] C:\Users\eric\AppData\Roaming\Zylom\2141
[14/02/2008|14:46] C:\Users\eric\AppData\Roaming\Zylom\2113
[12/02/2008|16:53] C:\Users\eric\AppData\Roaming\Zylom\2094
[12/02/2008|15:50] C:\Users\eric\AppData\Roaming\Zylom\2099
[12/02/2008|15:43] C:\Users\eric\AppData\Roaming\Zylom\2115
[09/02/2008|11:48] C:\Users\eric\AppData\Roaming\Zylom\2132
[08/02/2008|21:51] C:\Users\eric\AppData\Roaming\Zylom\2116
[08/02/2008|15:35] C:\Users\eric\AppData\Roaming\Zylom\2140
[06/02/2008|15:01] C:\Users\eric\AppData\Roaming\Zylom\170
[06/02/2008|12:08] C:\Users\eric\AppData\Roaming\Zylom\2101
[06/02/2008|00:04] C:\Users\eric\AppData\Roaming\Zylom\2143
[01/02/2008|23:49] C:\Users\eric\AppData\Roaming\Zylom\2129
[01/02/2008|14:26] C:\Users\eric\AppData\Roaming\Zylom\2107
[01/02/2008|12:32] C:\Users\eric\AppData\Roaming\Zylom\2124
[31/01/2008|22:57] C:\Users\eric\AppData\Roaming\Zylom\152
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\132
[29/01/2008|23:51] C:\Users\eric\AppData\Roaming\Zylom\ZylomGamesPlayer
----------------[ Tâches planifiées dans C:\Windows\tasks ]---------------
[04/05/2008 22:46][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[08/04/2008 18:28][--a------] C:\Windows\tasks\Norton Internet Security - Analyse systŠme complŠte - eric.job
[04/05/2008 19:05][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{9919838F-968B-4539-B07C-5AF8C18469C6}.job
[04/05/2008 23:39][--ah-----] C:\Windows\tasks\SA.DAT
[04/05/2008 23:37][--a------] C:\Windows\tasks\SCHEDLGU.TXT
------[ Listing des dossiers dans C:\ProgramData ]------
[04/05/2008|23:42] C:\ProgramData\.
[04/05/2008|23:42] C:\ProgramData\..
[11/07/2007|01:41] C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[27/12/2007|14:30] C:\ProgramData\Age of Empires 3
[14/02/2008|14:46] C:\ProgramData\Aliasworlds
[02/11/2006|15:02] C:\ProgramData\Application Data
[01/02/2008|12:32] C:\ProgramData\Arcade Lab
[11/04/2008|15:24] C:\ProgramData\Awem
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.1eit9
[14/04/2008|21:59] C:\ProgramData\BarbIntraIntra.fta0c5
[09/11/2006|21:34] C:\ProgramData\Bureau
[02/11/2006|15:02] C:\ProgramData\Desktop
[02/11/2006|15:02] C:\ProgramData\Documents
[29/01/2008|14:29] C:\ProgramData\eMule
[09/11/2006|21:34] C:\ProgramData\Favoris
[02/11/2006|15:02] C:\ProgramData\Favorites
[30/10/2007|23:54] C:\ProgramData\Google
[11/07/2007|01:31] C:\ProgramData\Hewlett-Packard
[08/02/2008|15:35] C:\ProgramData\HipSoft
[30/10/2007|23:52] C:\ProgramData\InstallShield
[11/03/2008|00:01] C:\ProgramData\LightScribe
[22/04/2008|16:07] C:\ProgramData\Malwarebytes
[09/11/2006|21:34] C:\ProgramData\Menu D‚marrer
[14/04/2008|21:59] C:\ProgramData\Messenger Plus!
[25/12/2007|03:09] C:\ProgramData\Microsoft
[25/04/2008|13:26] C:\ProgramData\Microsoft Help
[09/11/2006|21:34] C:\ProgramData\ModŠles
[04/03/2008|14:53] C:\ProgramData\My Games
[22/02/2008|15:39] C:\ProgramData\MythPeople
[08/02/2008|21:54] C:\ProgramData\NannyMania
[10/03/2008|23:44] C:\ProgramData\Nero
[17/02/2008|13:11] C:\ProgramData\PlayFirst
[17/02/2008|22:16] C:\ProgramData\Real
[11/07/2007|01:49] C:\ProgramData\Roxio
[11/07/2007|01:43] C:\ProgramData\Sonic
[02/11/2006|15:02] C:\ProgramData\Start Menu
[25/03/2008|19:17] C:\ProgramData\Symantec
[02/11/2006|15:02] C:\ProgramData\Templates
[14/04/2008|22:00] C:\ProgramData\THUNK TRUST ACTIVE
[20/02/2008|19:51] C:\ProgramData\Zylom
---------------[ Listing des dossiers dans C:\Program Files ]--------------
[04/05/2008|23:42] C:\Program Files\.
[04/05/2008|23:42] C:\Program Files\..
[11/07/2007|01:41] C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[01/02/2008|15:30] C:\Program Files\Alice Greenfingers
[11/07/2007|01:21] C:\Program Files\Analog Devices
[24/04/2008|13:22] C:\Program Files\AskTBar
[09/02/2008|21:17] C:\Program Files\Build-a-lot
[22/04/2008|15:33] C:\Program Files\CCleaner
[10/03/2008|23:44] C:\Program Files\Common Files
[29/01/2008|17:42] C:\Program Files\desktop.ini
[28/12/2007|12:24] C:\Program Files\EA GAMES
[29/01/2008|14:29] C:\Program Files\eMule
[09/11/2006|21:34] C:\Program Files\Fichiers communs [c:\Program Files\Common Files]
[11/07/2007|02:21] C:\Program Files\Fingerprint Sensor
[29/01/2008|17:38] C:\Program Files\Google
[30/10/2007|23:52] C:\Program Files\Hewlett-Packard
[11/07/2007|02:23] C:\Program Files\Hp
[11/07/2007|01:57] C:\Program Files\HPQ
[30/01/2008|22:20] C:\Program Files\IKEA HomePlanner
[04/01/2008|23:40] C:\Program Files\InstallShield Installation Information
[11/07/2007|01:13] C:\Program Files\Intel
[25/04/2008|23:44] C:\Program Files\Internet Explorer
[30/10/2007|23:51] C:\Program Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Java
[24/04/2008|14:07] C:\Program Files\Lopxp
[30/10/2007|23:52] C:\Program Files\Macrovision Corp
[22/04/2008|16:07] C:\Program Files\Malwarebytes' Anti-Malware
[02/04/2008|21:17] C:\Program Files\Media Markt
[14/04/2008|21:58] C:\Program Files\Messenger Plus! Live
[02/01/2008|00:31] C:\Program Files\Microsoft Games
[11/07/2007|01:40] C:\Program Files\Microsoft Office
[11/07/2007|01:41] C:\Program Files\Microsoft Small Business
[31/01/2008|04:20] C:\Program Files\Microsoft SQL Server
[11/07/2007|01:36] C:\Program Files\Microsoft Visual Studio
[11/07/2007|01:37] C:\Program Files\Microsoft Works
[11/07/2007|01:39] C:\Program Files\Microsoft.NET
[02/11/2006|14:42] C:\Program Files\Movie Maker
[02/11/2006|14:37] C:\Program Files\MSBuild
[02/11/2006|14:37] C:\Program Files\MSN
[14/04/2008|21:58] C:\Program Files\MSN Messenger
[29/01/2008|17:19] C:\Program Files\MSXML 4.0
[24/04/2008|13:34] C:\Program Files\Navilog1
[10/03/2008|23:44] C:\Program Files\Nero
[12/02/2008|09:32] C:\Program Files\Norton Internet Security
[11/07/2007|01:42] C:\Program Files\PDF Complete
[02/11/2006|14:37] C:\Program Files\Reference Assemblies
[11/07/2007|01:45] C:\Program Files\Roxio
[04/01/2008|21:05] C:\Program Files\Sierra
[06/02/2008|13:19] C:\Program Files\SuperCow
[04/01/2008|23:36] C:\Program Files\Surreal
[29/01/2008|18:53] C:\Program Files\Symantec
[11/07/2007|01:52] C:\Program Files\Synaptics
[22/04/2008|17:29] C:\Program Files\Trend Micro
[02/11/2006|15:01] C:\Program Files\Uninstall Information
[29/01/2008|21:33] C:\Program Files\VideoLAN
[30/10/2007|23:55] C:\Program Files\WIDCOMM
[29/01/2008|17:39] C:\Program Files\Windows Calendar
[02/11/2006|14:42] C:\Program Files\Windows Collaboration
[11/07/2007|01:17] C:\Program Files\Windows Defender
[02/11/2006|14:42] C:\Program Files\Windows Journal
[14/04/2008|21:58] C:\Program Files\Windows Live
[31/01/2008|04:07] C:\Program Files\Windows Live Toolbar
[25/04/2008|23:44] C:\Program Files\Windows Mail
[29/01/2008|17:39] C:\Program Files\Windows Media Player
[09/11/2006|21:34] C:\Program Files\Windows NT
[02/11/2006|14:42] C:\Program Files\Windows Photo Gallery
[29/01/2008|17:39] C:\Program Files\Windows Sidebar
------[ Listing des dossiers dans C:\Program Files\Common Files ]------
[10/03/2008|23:44] C:\Program Files\Common Files\.
[10/03/2008|23:44] C:\Program Files\Common Files\..
[11/07/2007|01:36] C:\Program Files\Common Files\DESIGNER
[30/10/2007|23:52] C:\Program Files\Common Files\InstallShield
[30/10/2007|23:49] C:\Program Files\Common Files\InterVideo
[11/07/2007|02:11] C:\Program Files\Common Files\Java
[11/07/2007|01:57] C:\Program Files\Common Files\LightScribe
[10/03/2008|23:40] C:\Program Files\Common Files\microsoft shared
[10/03/2008|23:47] C:\Program Files\Common Files\Nero
[11/07/2007|01:48] C:\Program Files\Common Files\Roxio Shared
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[11/07/2007|01:50] C:\Program Files\Common Files\Sonic Shared
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[11/07/2007|01:45] C:\Program Files\Common Files\SureThing Shared
[12/02/2008|09:32] C:\Program Files\Common Files\Symantec Shared
[29/01/2008|17:39] C:\Program Files\Common Files\System
[30/01/2008|22:19] C:\Program Files\Common Files\Wise Installation Wizard
----------------------[ Recherche avec S_Lop ]---------------------
Aucun fichier / dossier Lop trouvé !
-----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------
Aucun fichier / dossier Lop trouvé !
----------------------[ Verification du Registre ]----------------------
..... OK !
--------------------[ Verification du fichier Hosts ]---------------------
Fichier Hosts PROPRE
----------------[ Recherche de fichiers avec Catchme ]-----------------
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 23:42:24
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
Aucune autre infection trouvée !
/!\ [Fich:19][Doss:11] C:\Users\eric\AppData\Local\Temp
/!\ [Fich:202][Doss:1] C:\Users\eric\AppData\Roaming\MICROS~1\Windows\Cookies
/!\ [Fich:4216][Doss:8] C:\Users\eric\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[ UAC => 1 ]
--------------------[ Fin du rapport a 23:49:08,49 ]----------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:15, on 4/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www8.hp.com/fr/fr/home.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www8.hp.com/fr/fr/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.fr.msn.be/0SEFRBE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [long nurb] "C:\ProgramData\BarbIntraIntra.fta0c5"
O4 - HKCU\..\Run: [axis love poll lite] "C:\ProgramData\AUDIO TEAM DRIVE.l3fyjr"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Lyonnais92
Messages postés
25159
Date d'inscription
vendredi 23 juin 2006
Statut
Contributeur sécurité
Dernière intervention
16 septembre 2016
1 536
5 mai 2008 à 00:54
5 mai 2008 à 00:54
Bonjour,
pas de soucis pour le rythme.
Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/ de Bibi26
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
pas de soucis pour le rythme.
Télécharge BTFix de Bibi26
http://cluster1.easy-hebergement.net/ de Bibi26
Dézippe l'archive sur ton Bureau.
Ouvre le dossier BTFix.
Double clique sur BTFix.exe.
Clique sur Rechercher.
Un rapport va apparaître, copie/colle-le dans ta prochaine réponse.
Gwen-2509
Messages postés
28
Date d'inscription
lundi 21 avril 2008
Statut
Membre
Dernière intervention
14 octobre 2008
9 mai 2008 à 13:45
9 mai 2008 à 13:45
Bonjour,
Lorsque j'essaye d'ouvrir BTFix.exe il me dit ceci: "Une référence à été envoyé par le serveur".
J'ai essayé de l'ouvrir en retirant mon pare feu mais cela ne fonctionne pas non plus!
Que dois-je faire?
Lorsque j'essaye d'ouvrir BTFix.exe il me dit ceci: "Une référence à été envoyé par le serveur".
J'ai essayé de l'ouvrir en retirant mon pare feu mais cela ne fonctionne pas non plus!
Que dois-je faire?
22 avril 2008 à 01:29
pour suivre aussi (Wareout sous Vista, et un vrai)
22 avril 2008 à 01:31
Yep. J'espère que tu n'hésiteras pas à intervenir ;)
C'est ma soirée :-/
22 avril 2008 à 15:23
Un grand merci pour ta réponse
J'attend de tes news pour m'aider à retirer ce virus à la c...!