3 rapports copiés suite à nettoyage de l'ordi
melusine2006
-
melusine2006 -
melusine2006 -
Bonjour,
mon ordi était infecté par je ne sais quoi. Mon antivirus ( AVG free edition ) me signalait tous les jours qu'il supprimait des fichiers infectés. Comme ces fichiers revenaient journalièrement j'ai suivi votre procédure.
Je vous poste les trois rapports à la suite comme conseillé sur votre notice, merci de m'aider :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 09:23:41 18/05/2008
+ Résultat de l'analyse:
D:\Documents and Settings\loulou\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.37:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.24:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.25:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.32:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.33:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.34:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.35:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.36:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
Pour bitdefender j'ai un lien sur lequel est enregistré le rapport :
D:\Documents and Settings\loulou\Bureau\rapportsvirus2.html
si le lien ne marche pas je vous met une copie qui donne une présentation moins jolie mais les éléments y sont :
BitDefender Online Scanner
Scan report generated at: Sun, May 18, 2008 - 14:21:16
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time 00:41:07
Files 244622
Folders 7733
Boot Sectors 4
Archives 18151
Packed Files 11247
Results
Identified Viruses 4
Infected Files 4
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 4
Engines Info
Virus Definitions 1197922
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 42
Unpack plugins 7
E-mail plugins 6
System plugins 5
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful Infected with: Generic.Peed.Eml.3E217C0C
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx Updated
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner! Infected with: Generic.Peed.Eml.1DAF8206
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner! Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner! Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx Updated
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member! Infected with: Generic.Peed.Eml.8A5411C8
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member! Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member! Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx Updated
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member! Infected with: Generic.Peed.Eml.AAC47868
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member! Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member! Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx Updated
et le dernier :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:04, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.bluemountain.com/help/index.pd
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
mon ordi était infecté par je ne sais quoi. Mon antivirus ( AVG free edition ) me signalait tous les jours qu'il supprimait des fichiers infectés. Comme ces fichiers revenaient journalièrement j'ai suivi votre procédure.
Je vous poste les trois rapports à la suite comme conseillé sur votre notice, merci de m'aider :
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 09:23:41 18/05/2008
+ Résultat de l'analyse:
D:\Documents and Settings\loulou\Local Settings\Temp\removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.37:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.24:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.25:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.26:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.27:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.28:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\loulou\Cookies\loulou@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.32:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.33:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.34:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.35:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.36:D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
Pour bitdefender j'ai un lien sur lequel est enregistré le rapport :
D:\Documents and Settings\loulou\Bureau\rapportsvirus2.html
si le lien ne marche pas je vous met une copie qui donne une présentation moins jolie mais les éléments y sont :
BitDefender Online Scanner
Scan report generated at: Sun, May 18, 2008 - 14:21:16
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time 00:41:07
Files 244622
Folders 7733
Boot Sectors 4
Archives 18151
Packed Files 11247
Results
Identified Viruses 4
Infected Files 4
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 4
Engines Info
Virus Definitions 1197922
Engine build AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins 16
Archive plugins 42
Unpack plugins 7
E-mail plugins 6
System plugins 5
Scan Settings
First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions
Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes
Scanned File Status
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful Infected with: Generic.Peed.Eml.3E217C0C
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 642): America the Beautiful Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx Updated
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner! Infected with: Generic.Peed.Eml.1DAF8206
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner! Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 656): You've received a greeting ecard from a partner! Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx Updated
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member! Infected with: Generic.Peed.Eml.8A5411C8
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member! Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx=>(message 664): You've received a postcard from a family member! Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\! Courriers indésirables (1).dbx Updated
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member! Infected with: Generic.Peed.Eml.AAC47868
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member! Disinfection failed
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 1199): You've received a postcard from a family member! Deleted
D:\Documents and Settings\loulou\Local Settings\Application Data\Identities\{D1F6721D-D324-44FE-AF64-81DB39B10319}\Microsoft\Outlook Express\Éléments supprimés.dbx Updated
et le dernier :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:04, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PoivY.com\PoivY\PoivY.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - https://www.bluemountain.com/help/index.pd
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:
- 3 rapports copiés suite à nettoyage de l'ordi
- Nettoyage pc lent - Guide
- Ai suite 3 - Télécharger - Optimisation
- Nettoyage mac - Guide
- Nettoyage de disque - Guide
- Comment reinitialiser un ordi - Guide
7 réponses
bonjour, tu as deux anti-virus avg et norton il faut en désinstaller un avant qu'il ne se mette en conflit et plante le pc
re bonjour, commence par passer malewarebytes suivi de ccleaner dans ses deux modes nettoyeur et registre et un scan anti -virus en ligne avec kaspersky en utilisant internet explorer et poste le rapport
1) malewarebytes : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
2) ccleaner : https://www.malekal.com/tutoriel-ccleaner/
3) scan en ligne : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
lis bien les tutoriels pour bien les appliquer tu les passes dans l'ordre merci
et essais de remettre un nouveau rapport hijackthis
1) malewarebytes : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
2) ccleaner : https://www.malekal.com/tutoriel-ccleaner/
3) scan en ligne : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
lis bien les tutoriels pour bien les appliquer tu les passes dans l'ordre merci
et essais de remettre un nouveau rapport hijackthis
Re bonjour :) et merci pour le temps que vous passez à me renseigner...
Pour Norton antivirus je l'ai désinstallé il y a de cela bien longtemps en passant par "ajout suppression de programmes". Seulement effectivement de temps en temps il me dit que telle ou telle opération est incompatible avec Norton qui a dû s'accrocher je ne sais comment au pc... Je ne sais pas faire autrement pour supprimer les résidus ? dois-je faire quelque-chose à ce propos ?
Les nouveaux rapports demandés :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 762
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 122178
Temps écoulé: 3 hour(s), 15 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP739\A0068520.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ccleaner
NETTOYAGE COMPLET - (2.200 secs)
------------------------------------------------------------------------------------------
33,2MB supprimés.
------------------------------------------------------------------------------------------
Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 258) 3,82MB
D:\Documents and Settings\loulou\Cookies\loulou@www.malekal[1].txt 361 bytes
D:\Documents and Settings\loulou\Cookies\loulou@xiti[2].txt 107 bytes
D:\Documents and Settings\loulou\Cookies\loulou@sdv[1].txt 83 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yourmedia[2].txt 99 bytes
D:\Documents and Settings\loulou\Cookies\loulou@windowsmarketplace[3].txt 263 bytes
D:\Documents and Settings\loulou\Cookies\loulou@live[3].txt 235 bytes
D:\Documents and Settings\loulou\Cookies\loulou@zune[3].txt 235 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yahoo[3].txt 164 bytes
D:\Documents and Settings\loulou\Cookies\loulou@msn[3].txt 233 bytes
D:\Documents and Settings\loulou\Cookies\loulou@32vegas[1].txt 102 bytes
D:\Documents and Settings\loulou\Cookies\loulou@advertising[1].txt 225 bytes
D:\Documents and Settings\loulou\Cookies\loulou@atdmt[1].txt 104 bytes
D:\Documents and Settings\loulou\Cookies\loulou@banner.32vegas[2].txt 187 bytes
D:\Documents and Settings\loulou\Cookies\loulou@bitdefender[1].txt 135 bytes
D:\Documents and Settings\loulou\Cookies\loulou@bluestreak[1].txt 140 bytes
D:\Documents and Settings\loulou\Cookies\loulou@chvideo[2].txt 347 bytes
D:\Documents and Settings\loulou\Cookies\loulou@commentcamarche[1].txt 119 bytes
D:\Documents and Settings\loulou\Cookies\loulou@cybermonitor[1].txt 93 bytes
D:\Documents and Settings\loulou\Cookies\loulou@doubleclick[1].txt 101 bytes
D:\Documents and Settings\loulou\Cookies\loulou@fl01.ct2.comclick[1].txt 288 bytes
D:\Documents and Settings\loulou\Cookies\loulou@live[2].txt 235 bytes
D:\Documents and Settings\loulou\Cookies\loulou@msn[2].txt 233 bytes
D:\Documents and Settings\loulou\Cookies\loulou@nostalgie[1].txt 76 bytes
D:\Documents and Settings\loulou\Cookies\loulou@sdv[2].txt 328 bytes
D:\Documents and Settings\loulou\Cookies\loulou@smartadserver[1].txt 402 bytes
D:\Documents and Settings\loulou\Cookies\loulou@specificclick[2].txt 378 bytes
D:\Documents and Settings\loulou\Cookies\loulou@ssl-hints.netflame[2].txt 164 bytes
D:\Documents and Settings\loulou\Cookies\loulou@statse.webtrendslive[1].txt 195 bytes
D:\Documents and Settings\loulou\Cookies\loulou@tradedoubler[2].txt 225 bytes
D:\Documents and Settings\loulou\Cookies\loulou@umain.homelinux[1].txt 98 bytes
D:\Documents and Settings\loulou\Cookies\loulou@windowsmarketplace[2].txt 263 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.alphacourses[2].txt 175 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.chvideo[2].txt 71 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.malekal[2].txt 360 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.regiecpm[1].txt 91 bytes
D:\Documents and Settings\loulou\Cookies\loulou@xiti[1].txt 106 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yahoo[2].txt 164 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yourmedia[1].txt 98 bytes
D:\Documents and Settings\loulou\Cookies\loulou@zune[2].txt 235 bytes
Marqué pour l'effacement: D:\Documents and Settings\loulou\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marqué pour l'effacement: D:\Documents and Settings\loulou\Cookies\index.dat
Marqué pour l'effacement: D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\index.dat
Marqué pour l'effacement: D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\MSHist012008051820080519\index.dat
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 260 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 15,81KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 700 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\setupapi.log 8,70KB
C:\WINDOWS\ntbtlog.txt 0,21MB
Cache Internet de Firefox/Mozilla (226 fichiers) 28,5MB
Cookie supprimé: cybermonitor.com
Cookie supprimé: estat.com
Cookie supprimé: doctissimo.fr
Cookie supprimé: forum.doctissimo.fr
Cookie supprimé: google.com
Cookie supprimé: atdmt.com
Cookie supprimé: hiboox.com
Cookie supprimé: sdv.fr
Cookie supprimé: www.hiboox.com
Cookie supprimé: adrevolver.com
Cookie supprimé: media.adrevolver.com
Cookie supprimé: youtube.com
Cookie supprimé: yahoo.com
Cookie supprimé: yourmedia.com
Cookie supprimé: m1.webstats.motigo.com
Cookie supprimé: motigo.com
Cookie supprimé: eas.apm.emediate.eu
Cookie supprimé: live.com
Cookie supprimé: bluestreak.com
Cookie supprimé: msn.com
Cookie supprimé: rad.live.com
Cookie supprimé: login.live.com
Cookie supprimé: p.live.com
Cookie supprimé: hotmail.msn.com
Cookie supprimé: c.msn.com
Cookie supprimé: ads.canalblog.com
Cookie supprimé: xiti.com
Cookie supprimé: stats.canalblog.com
Cookie supprimé: overture.com
Cookie supprimé: skyregie.com
Cookie supprimé: doubleclick.net
Cookie supprimé: smartadserver.com
Cookie supprimé: labospolivemarqueruby14avril.solution.weborama.fr
Cookie supprimé: weborama.fr
Cookie supprimé: fluctuat.net
Cookie supprimé: ados.fr
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\history.dat 81,92KB
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\GoogleToolbarData\searchhistory.xml 25 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\#SharedObjects\E5PND4PC\www.youtube.com\soundData.sol 58 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\#SharedObjects\E5PND4PC\www.youtube.com\timeDisplayConfig.sol 81 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 438 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 232 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\Avg7.log 723 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\history.log 2,39KB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\avg7info.id 74 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\avginfo.ctf 4,58KB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\download.nfo 129 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7avi1313u1293ty.bin 0,17MB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi1452u1443u0.bin 0,17MB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\update7.log 0,18MB
------------------------------------------------------------------------------------------
pour le mode registre je n'ai pas de rapport.
------------------------------------------------------------------------------------------
D:\Documents and Settings\loulou\Bureau\kapersky.html
KASPERSKY ON-LINE SCANNER REPORT
Sunday, May 18, 2008 11:18:52 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 18/05/2008
Enregistrements dans la base antivirus Kaspersky : 699127
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Statistiques de l'analyse
Total d'objets analysés 83330
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:45:11
Nom de l'objet infecté Nom du virus Dernière action
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\tracking.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini L'objet est verrouillé ignoré
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP752\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{A016FFD0-AA14-4761-9D12-032E2FAB7CC5}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cert8.db L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\history.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\key3.db L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\parent.lock L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\search.sqlite L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Cookies\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\MSHist012008051820080519\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\ntuser.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP752\change.log L'objet est verrouillé ignoré
Analyse terminée.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:09, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Pour Norton antivirus je l'ai désinstallé il y a de cela bien longtemps en passant par "ajout suppression de programmes". Seulement effectivement de temps en temps il me dit que telle ou telle opération est incompatible avec Norton qui a dû s'accrocher je ne sais comment au pc... Je ne sais pas faire autrement pour supprimer les résidus ? dois-je faire quelque-chose à ce propos ?
Les nouveaux rapports demandés :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 762
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 122178
Temps écoulé: 3 hour(s), 15 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 24
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP739\A0068520.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ccleaner
NETTOYAGE COMPLET - (2.200 secs)
------------------------------------------------------------------------------------------
33,2MB supprimés.
------------------------------------------------------------------------------------------
Détails des fichiers effacés
------------------------------------------------------------------------------------------
Fichiers Temporaires d'Internet Explorer (fichiers 258) 3,82MB
D:\Documents and Settings\loulou\Cookies\loulou@www.malekal[1].txt 361 bytes
D:\Documents and Settings\loulou\Cookies\loulou@xiti[2].txt 107 bytes
D:\Documents and Settings\loulou\Cookies\loulou@sdv[1].txt 83 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yourmedia[2].txt 99 bytes
D:\Documents and Settings\loulou\Cookies\loulou@windowsmarketplace[3].txt 263 bytes
D:\Documents and Settings\loulou\Cookies\loulou@live[3].txt 235 bytes
D:\Documents and Settings\loulou\Cookies\loulou@zune[3].txt 235 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yahoo[3].txt 164 bytes
D:\Documents and Settings\loulou\Cookies\loulou@msn[3].txt 233 bytes
D:\Documents and Settings\loulou\Cookies\loulou@32vegas[1].txt 102 bytes
D:\Documents and Settings\loulou\Cookies\loulou@advertising[1].txt 225 bytes
D:\Documents and Settings\loulou\Cookies\loulou@atdmt[1].txt 104 bytes
D:\Documents and Settings\loulou\Cookies\loulou@banner.32vegas[2].txt 187 bytes
D:\Documents and Settings\loulou\Cookies\loulou@bitdefender[1].txt 135 bytes
D:\Documents and Settings\loulou\Cookies\loulou@bluestreak[1].txt 140 bytes
D:\Documents and Settings\loulou\Cookies\loulou@chvideo[2].txt 347 bytes
D:\Documents and Settings\loulou\Cookies\loulou@commentcamarche[1].txt 119 bytes
D:\Documents and Settings\loulou\Cookies\loulou@cybermonitor[1].txt 93 bytes
D:\Documents and Settings\loulou\Cookies\loulou@doubleclick[1].txt 101 bytes
D:\Documents and Settings\loulou\Cookies\loulou@fl01.ct2.comclick[1].txt 288 bytes
D:\Documents and Settings\loulou\Cookies\loulou@live[2].txt 235 bytes
D:\Documents and Settings\loulou\Cookies\loulou@msn[2].txt 233 bytes
D:\Documents and Settings\loulou\Cookies\loulou@nostalgie[1].txt 76 bytes
D:\Documents and Settings\loulou\Cookies\loulou@sdv[2].txt 328 bytes
D:\Documents and Settings\loulou\Cookies\loulou@smartadserver[1].txt 402 bytes
D:\Documents and Settings\loulou\Cookies\loulou@specificclick[2].txt 378 bytes
D:\Documents and Settings\loulou\Cookies\loulou@ssl-hints.netflame[2].txt 164 bytes
D:\Documents and Settings\loulou\Cookies\loulou@statse.webtrendslive[1].txt 195 bytes
D:\Documents and Settings\loulou\Cookies\loulou@tradedoubler[2].txt 225 bytes
D:\Documents and Settings\loulou\Cookies\loulou@umain.homelinux[1].txt 98 bytes
D:\Documents and Settings\loulou\Cookies\loulou@windowsmarketplace[2].txt 263 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.alphacourses[2].txt 175 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.chvideo[2].txt 71 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.malekal[2].txt 360 bytes
D:\Documents and Settings\loulou\Cookies\loulou@www.regiecpm[1].txt 91 bytes
D:\Documents and Settings\loulou\Cookies\loulou@xiti[1].txt 106 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yahoo[2].txt 164 bytes
D:\Documents and Settings\loulou\Cookies\loulou@yourmedia[1].txt 98 bytes
D:\Documents and Settings\loulou\Cookies\loulou@zune[2].txt 235 bytes
Marqué pour l'effacement: D:\Documents and Settings\loulou\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Marqué pour l'effacement: D:\Documents and Settings\loulou\Cookies\index.dat
Marqué pour l'effacement: D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\index.dat
Marqué pour l'effacement: D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\MSHist012008051820080519\index.dat
C:\WINDOWS\system32\wbem\Logs\FrameWork.log 260 bytes
C:\WINDOWS\system32\wbem\Logs\wbemess.log 15,81KB
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 700 bytes
C:\WINDOWS\0.log 0 bytes
C:\WINDOWS\setupapi.log 8,70KB
C:\WINDOWS\ntbtlog.txt 0,21MB
Cache Internet de Firefox/Mozilla (226 fichiers) 28,5MB
Cookie supprimé: cybermonitor.com
Cookie supprimé: estat.com
Cookie supprimé: doctissimo.fr
Cookie supprimé: forum.doctissimo.fr
Cookie supprimé: google.com
Cookie supprimé: atdmt.com
Cookie supprimé: hiboox.com
Cookie supprimé: sdv.fr
Cookie supprimé: www.hiboox.com
Cookie supprimé: adrevolver.com
Cookie supprimé: media.adrevolver.com
Cookie supprimé: youtube.com
Cookie supprimé: yahoo.com
Cookie supprimé: yourmedia.com
Cookie supprimé: m1.webstats.motigo.com
Cookie supprimé: motigo.com
Cookie supprimé: eas.apm.emediate.eu
Cookie supprimé: live.com
Cookie supprimé: bluestreak.com
Cookie supprimé: msn.com
Cookie supprimé: rad.live.com
Cookie supprimé: login.live.com
Cookie supprimé: p.live.com
Cookie supprimé: hotmail.msn.com
Cookie supprimé: c.msn.com
Cookie supprimé: ads.canalblog.com
Cookie supprimé: xiti.com
Cookie supprimé: stats.canalblog.com
Cookie supprimé: overture.com
Cookie supprimé: skyregie.com
Cookie supprimé: doubleclick.net
Cookie supprimé: smartadserver.com
Cookie supprimé: labospolivemarqueruby14avril.solution.weborama.fr
Cookie supprimé: weborama.fr
Cookie supprimé: fluctuat.net
Cookie supprimé: ados.fr
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\history.dat 81,92KB
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\GoogleToolbarData\searchhistory.xml 25 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\#SharedObjects\E5PND4PC\www.youtube.com\soundData.sol 58 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\#SharedObjects\E5PND4PC\www.youtube.com\timeDisplayConfig.sol 81 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.youtube.com\settings.sol 85 bytes
D:\Documents and Settings\loulou\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 438 bytes
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\logfile.txt 232 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\Avg7.log 723 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\history.log 2,39KB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\avg7info.id 74 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\avginfo.ctf 4,58KB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\download.nfo 129 bytes
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7avi1313u1293ty.bin 0,17MB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\upd7bin\u7iavi1452u1443u0.bin 0,17MB
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7upd\update7.log 0,18MB
------------------------------------------------------------------------------------------
pour le mode registre je n'ai pas de rapport.
------------------------------------------------------------------------------------------
D:\Documents and Settings\loulou\Bureau\kapersky.html
KASPERSKY ON-LINE SCANNER REPORT
Sunday, May 18, 2008 11:18:52 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 18/05/2008
Enregistrements dans la base antivirus Kaspersky : 699127
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
Statistiques de l'analyse
Total d'objets analysés 83330
Nombre de virus trouvés 0
Nombre d'objets infectés 0 / 0
Nombre d'objets suspects 0
Durée de l'analyse 00:45:11
Nom de l'objet infecté Nom du virus Dernière action
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AGENT_LOG1.txt L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_AUDIO\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BINARY\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_BLOB\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_GLOBAL\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_IMAGE\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_MAIN\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_TV\CLML.db-journal L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db L'objet est verrouillé ignoré
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLML_VIDEO\CLML.db-journal L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\tracking.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\A0105070.ini L'objet est verrouillé ignoré
C:\System Volume Information\_restore{25852D5B-26E7-43F7-8BC8-B391CA633734}\RP96\change.log L'objet est verrouillé ignoré
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP752\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\EventCache\{A016FFD0-AA14-4761-9D12-032E2FAB7CC5}.bin L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\ODiag.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\OSession.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
D:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\cert8.db L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\history.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\key3.db L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\parent.lock L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\search.sqlite L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\urlclassifier2.sqlite L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Cookies\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Application Data\Mozilla\Firefox\Profiles\gbodekdm.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Historique\History.IE5\MSHist012008051820080519\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\ntuser.dat L'objet est verrouillé ignoré
D:\Documents and Settings\loulou\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\ntuser.dat L'objet est verrouillé ignoré
D:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP752\change.log L'objet est verrouillé ignoré
Analyse terminée.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:21:09, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ClickTray Calendar\ClickTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ClickTray Calendar.lnk = C:\Program Files\ClickTray Calendar\ClickTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
bon c'est tout bon tu n'as plus de trace d'infection je reprend le rapport pour te donner les ligne à fixer sinon pour désinstaller norton utilise l'outil de chez symantec http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
tu relances hijackthis et tu fixes ces lignes comme expliqué fixer les lignes: http://pageperso.aol.fr/balltrap34/demohijack.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
et puis tu déactives et tu réactives la restauration système afin de purger celle-ci des salopperies qui y sont http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924 et tu désinstalles tous les trucs qui on servi à la désinfection avec toolscleaner http://bibou0007.com/outils-specifiques-f78/tutorial-toolscleaner-2-t375.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww17.ads.eorezo.com/cgi-bin/advert/getads.cgi?x_format=redirect&x_dp_id=9
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Policies\Explorer\Run: [FSfP9PB5rD] D:\Documents and Settings\All Users\Application Data\wdyzgfsb\izglczib.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
et puis tu déactives et tu réactives la restauration système afin de purger celle-ci des salopperies qui y sont http://service1.symantec.com/support/inter/tsgeninfointl.Nsf/fr_docid/20020830101856924 et tu désinstalles tous les trucs qui on servi à la désinfection avec toolscleaner http://bibou0007.com/outils-specifiques-f78/tutorial-toolscleaner-2-t375.htm
