Infection récente avec trojan.popuper....

Résolu/Fermé
toupitte - 29 mai 2008 à 10:33
 toupitte - 13 juin 2008 à 10:11
Bonjour,


J'ai été infecté hier par un virus TROJAN.POPUPER d'après le rapport d'Avast et de Spydoctor.

Les capacités de mon ordi sont diminuées et je souhaiterais bien évidement m'en débarrasser...
Pas de connaissances sur les moyens pour y parvenir, j'aimerais un bon coup de pouce....

Merci beaucoup de votre soutien de vos éclairages!!!......

A bientot


Erwan.

10 réponses

benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
29 mai 2008 à 10:38
salut essaye de faire 1 scan on mode sans echec avec malwarbyte qui se trouve sur se lien http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware et antivir http://www.avira-antivir.info/fr/ et tu fini avec sdfix https://www.tayo.fr/download/sdfix
0
Ouha, c'est du rapide les réponses ici...
de l'instantané!!...

Bon je vaius suivre ces 3 liens....
ce sont juste des scans ou ils résoudent le problème également?...

Merci, je m'y attaque...
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107 > toupitte
29 mai 2008 à 10:48
re ils scanne et resoud
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 mai 2008 à 11:29
Bonjour

Envoie un log hijackthis -- stp

6 F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
https://kerio.probb.fr/t62-comment-utiliser-et-comprendre-hijackthis
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Bon courage

A+

0
Bonjour Marie,


Voila ce que me donne hijack :




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38: VIRUS ALERT!, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=OEM4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31DA64-F3AA-41C6-80D9-8D8BAB009F84} - C:\WINDOWS\system32\awtsRhGa.dll (file missing)
O2 - BHO: QXK Olive - {3C635E4B-AD24-4560-8219-86C85CFBF389} - C:\WINDOWS\boqnrwdmerq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {96134ABB-AD7C-4135-A927-329B735D524F} - C:\WINDOWS\system32\awttttts.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a6a443946b2b4ab7843670d982a93ada
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a6a443946b2b4ab7843670d982a93ada
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O20 - Winlogon Notify: awttttts - C:\WINDOWS\SYSTEM32\awttttts.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Bonjour


Merci Marie pour les étapes, je vais les suivre...

Avant toutes choses, j'ai fais deux des manips de Benurr....

Avec Sdfix voici le rapport :


[b]System Report[/b]
*************

Run on 29/04/2008 at 11:33: VIRUS ALERT!

Microsoft Windows XP [version 5.1.2600]

Current user is an administrator

[b]Running Processes[/b]:

\SystemRoot\System32\smss.exe [316]
\??\C:\WINDOWS\system32\csrss.exe [364]
\??\C:\WINDOWS\system32\winlogon.exe [388]
C:\WINDOWS\system32\services.exe [432]
C:\WINDOWS\system32\lsass.exe [444]
C:\WINDOWS\system32\svchost.exe [600]
C:\WINDOWS\system32\svchost.exe [648]
C:\WINDOWS\System32\svchost.exe [688]
C:\WINDOWS\System32\svchost.exe [748]
C:\WINDOWS\System32\svchost.exe [924]
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1084]
C:\Program Files\Alwil Software\Avast4\ashServ.exe [1148]
C:\WINDOWS\system32\spoolsv.exe [1344]
C:\WINDOWS\system32\drivers\CDAC11BA.EXE [1484]
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [1676]
C:\Program Files\Spyware Doctor\pctsAuxs.exe [1740]
C:\Program Files\Spyware Doctor\pctsSvc.exe [1768]
C:\Program Files\Spyware Doctor\pctsTray.exe [1880]
C:\WINDOWS\system32\slserv.exe [1896]
C:\WINDOWS\System32\svchost.exe [1920]
C:\WINDOWS\system32\wdfmgr.exe [1964]
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [1996]
C:\WINDOWS\wanmpsvc.exe [124]
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2092]
C:\WINDOWS\system32\wscntfy.exe [2176]
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2196]
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe [2368]
C:\WINDOWS\SOUNDMAN.EXE [2436]
C:\Program Files\Saitek\Software\SaiSmart.exe [2496]
C:\Program Files\QuickTime\qttask.exe [2528]
C:\WINDOWS\System32\alg.exe [2536]
C:\Program Files\Saitek\Software\Profiler.exe [2544]
C:\Apps\Powercinema\PCMService.exe [2560]
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe [2580]
C:\apps\ABoard\ABoard.exe [2624]
C:\Program Files\iTunes\iTunesHelper.exe [2640]
C:\WINDOWS\system32\LVCOMSX.EXE [2652]
C:\Program Files\Logitech\Video\LogiTray.exe [2804]
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe [2816]
C:\apps\ABoard\AOSD.exe [2820]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2864]
C:\WINDOWS\system32\ctfmon.exe [2920]
C:\Program Files\iPod\bin\iPodService.exe [3008]
C:\WINDOWS\System32\svchost.exe [3160]
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe [3296]
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN [3336]
C:\Program Files\Logitech\Video\FxSvr2.exe [3344]
C:\Program Files\Outlook Express\msimn.exe [3664]
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe [1080]
C:\WINDOWS\explorer.exe [2788]
C:\WINDOWS\system32\rundll32.exe [3832]


[b]Drivers - Running[/b]:

Aavmker4
abp480n5
ACPI
adpu160m
AFD
agp440
agpCPQ
Aha154x
aic78u2
aic78xx
ALCXSENS
ALCXWDM
AliIde
alim1541
amdagp
amsint
Arp1394
Asapi
asc
asc3350p
asc3550
aswFsBlk
aswMon2
aswRdr
aswSP
aswTdi
atapi
ati2mtag
audstub
Beep
Cap7134
cbidf
cd20xrnt
CdaC15BA
Cdfs
Cdrom
CmdIde
Cpqarray
dac2w2k
dac960nt
Disk
dpti2o
Fastfat
Fips
FltMgr
Ftdisk
Gpc
hardlock
Haspnt
HidUsb
hpn
HTTP
i2omgmt
i2omp
i8042prt
IKFileSec
IKSysFlt
IKSysSec
ini910u
IntelIde
intelppm
IpNat
IPSec
isapnp
Kbdclass
kbdhid
kmixer
KSecDD
mnmdd
Mouclass
mouhid
MountMgr
mraid35x
MRxDAV
Msfs
mssmbios
Mup
NDIS
NdisTapi
Ndisuio
NdisWan
NDProxy
NetBT
NIC1394
Npfs
Ntfs
Null
ohci1394
Parport
PartMgr
ParVdm
PCI
PCIIde
perc2
perc2hib
PhTVTune
PptpMiniport
prodrv06
prohlp02
prosync1
Ptilink
PxHelp20
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RasAcd
Rasl2tp
RasPppoe
Raspti
RDPCDD
redbook
rtl8139
SaiClass
SaiMini
Secdrv
serenum
Serial
sfhlp01
sisagp
Sparrow
sr
Srv
swenum
symc810
symc8xx
SymEvent
SYMTDI
sym_hi
sym_u3
sysaudio
Tcpip
TermDD
TosIde
ultra
Update
usbehci
usbhub
usbohci
USBSTOR
vcsmpdrv
VgaSave
viaagp
ViaIde
VolSnap
Wanarp
wanatw
wdmaud


[b]Drivers - Stopped[/b]:

Abiosdsk
ACPIEC
aec
AmdK7
ASIOMI
AsyncMac
Atdisk
Atmarpc
Bridge
BridgeMP
cbidf2k
CCDECODE
Cdaudio
Changer
dmboot
dmio
dmload
DMusic
drmkaud
Fdc
Flpydisk
gameenum
GEARAspiWDM
Imapi
ip6fw
IpFilterDriver
IpInIp
IRENUM
lbrtfdc
LVcKap
LVMVDrv
LVUSBSta
MBAMCatchMe
Modem
MPCSYS
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
ms_mpu401
Mtlmnt5
Mtlstrm
NABTSFEC
NAVENG
NAVEX15
NdisIP
NtMtlFax
nv
NwlnkFlt
NwlnkFwd
PCAMPR5
PCANDIS5
PCIDump
Pcmcia
PDCOMP
PDFRAME
PDRELI
PDRFRAME
phil2vid
PID_0920
Processor
rdpdr
RDPWD
RecAgent
SaiNtHid
Sfloppy
Simbad
SIS163u
SLIP
Slntamr
SlNtHal
SlWdmSup
SONYPVU1
splitter
streamip
swmidi
SYMDNS
SYMFW
SYMIDS
SYMIDSCO
SYMNDIS
SYMREDRV
TDPIPE
TDTCP
Udfs
usbaudio
usbccgp
UsbSagCom
usbscan
wceusbsh
WDICA
WlanUIG
WpdUsb
WSTCODEC


[b]Services - Running[/b]:

ALG
aswUpdSv
AudioSrv
avast!
avast!
avast!
BITS
C-DillaCdaC11BA
CryptSvc
DcomLaunch
Dhcp
Dnscache
ERSvc
Eventlog
EventSystem
helpsvc
HidServ
HTTPFilter
iPod
LanmanServer
LmHosts
MDM
Netman
Nla
PlugPlay
ProtectedStorage
RasMan
RpcSs
SamSs
Schedule
sdAuxService
sdCoreService
seclogon
SENS
SharedAccess
ShellHWDetection
SLService
Spooler
srservice
SSDPSRV
stisvc
TapiSrv
TermService
Themes
TrkWks
UMWdf
VCSSecS
W32Time
WANMiniportService
WebClient
winmgmt
wscsvc
WZCSVC


[b]Services - Stopped[/b]:

AppMgmt
ATI
Boonty
CiSvc
ClipSrv
COMSysApp
dmadmin
dmserver
FastUserSwitchingCompatibility
IDriverT
ImapiService
LVSrvLauncher
mnmsrvc
MSDTC
MSIServer
NetDDE
NetDDEdsdm
NtmsSvc
OPTENET_FILTER
PolicyAgent
RasAuto
RDSessMgr
RemoteAccess
RSVP
SC
SCardSvr
SNDSrvc
SwPrv
SymWSC
SysmonLog
upnphost
UPS
usnjsvc
VSS
WLSetupSvc
WmdmPmSN
WmiApSrv
wuauserv
xmlprov


[b]Files Created/Modified - 60 Days[/b]:


C:\

17 May 2008 9:09:52 386 A.... "C:\DOSmedst"
29 Apr 2008 11:23:22 1 073 270 784 A.SH. "C:\hiberfil.sys"
29 Apr 2008 11:23:20 150 994 944 A.SH. "C:\pagefile.sys"
27 May 2008 10:24:14 13 030 A.... "C:\PDOXUSRS.NET"
21 May 2008 14:01:46 14 848 A.SH. "C:\Thumbs.db"
21 Mar 2008 10:41:02 1 606 A.... "C:\ZB20080321094038001.xml"
31 Mar 2008 11:32:08 1 886 A.... "C:\ZB20080331113141001.xml"
20 Apr 2008 17:20:14 1 994 A.... "C:\ZB20080420171958001.xml"


C:\WINDOWS\

29 Apr 2008 11:24:12 0 A.... "C:\WINDOWS\0.log"
29 Apr 2008 11:23:24 2 048 A.S.. "C:\WINDOWS\bootstat.dat"
14 May 2008 22:45:54 298 597 A.... "C:\WINDOWS\comsetup.log"
10 Mar 2008 16:15:28 15 746 A.... "C:\WINDOWS\DPINST.LOG"
28 May 2008 11:46:14 139 264 A.... "C:\WINDOWS\eesg.exe"
14 May 2008 22:45:54 1 182 884 A.... "C:\WINDOWS\FaxSetup.log"
14 May 2008 22:45:54 187 237 A.... "C:\WINDOWS\iis6.log"
10 Apr 2008 1:52:34 1 374 A.... "C:\WINDOWS\imsins.BAK"
14 May 2008 22:45:54 1 374 A.... "C:\WINDOWS\imsins.log"
28 May 2008 20:09:28 5 891 A.... "C:\WINDOWS\KB932823-v3.log"
10 Apr 2008 1:52:28 18 447 A.... "C:\WINDOWS\KB941693.log"
17 Mar 2008 23:18:18 11 597 A.... "C:\WINDOWS\KB943055.log"
17 Mar 2008 23:18:40 41 045 A.... "C:\WINDOWS\KB944533-IE7.log"
10 Apr 2008 1:50:38 13 358 A.... "C:\WINDOWS\KB945553.log"
17 Mar 2008 23:18:44 17 205 A.... "C:\WINDOWS\KB946026.log"
10 Apr 2008 1:52:22 37 835 A.... "C:\WINDOWS\KB947864-IE7.log"
10 Apr 2008 1:51:52 12 488 A.... "C:\WINDOWS\KB948590.log"
10 Apr 2008 1:52:34 13 553 A.... "C:\WINDOWS\KB948881.log"
14 May 2008 22:45:54 23 728 A.... "C:\WINDOWS\KB950749.log"
14 May 2008 22:45:54 60 482 A.... "C:\WINDOWS\msgsocm.log"
29 Apr 2008 11:20:40 225 542 A.... "C:\WINDOWS\ntbtlog.txt"
14 May 2008 22:45:54 246 336 A.... "C:\WINDOWS\ntdtcsetup.log"
14 May 2008 22:45:54 428 375 A.... "C:\WINDOWS\ocgen.log"
14 May 2008 22:45:54 63 573 A.... "C:\WINDOWS\ocmsn.log"
29 Apr 2008 10:51:50 32 510 A.... "C:\WINDOWS\SchedLgU.Txt"
28 May 2008 13:46:30 253 952 ..... "C:\WINDOWS\Setup1.exe"
13 Apr 2008 19:50:44 922 A.... "C:\WINDOWS\setupact.log"
17 May 2008 9:06:42 332 946 A.... "C:\WINDOWS\setupapi.log"
25 May 2008 10:48:40 1 312 A.... "C:\WINDOWS\ssconf2.bin"
28 May 2008 13:46:30 74 752 A.... "C:\WINDOWS\ST6UNST.EXE"
29 Apr 2008 11:31:34 8 192 A.SH. "C:\WINDOWS\Thumbs.db"
14 May 2008 22:45:54 465 419 A.... "C:\WINDOWS\tsoc.log"
27 May 2008 10:22:54 831 A.... "C:\WINDOWS\unins000.dat"
17 May 2008 10:08:00 619 A.... "C:\WINDOWS\unsthygieaa.bat"
10 Apr 2008 1:52:14 114 595 A.... "C:\WINDOWS\updspapi.log"
29 Apr 2008 11:24:06 159 A.... "C:\WINDOWS\wiadebug.log"
29 Apr 2008 11:23:52 50 A.... "C:\WINDOWS\wiaservc.log"
29 Apr 2008 11:22:08 1 454 563 A.... "C:\WINDOWS\WindowsUpdate.log"
18 May 2008 15:20:26 119 481 A.... "C:\WINDOWS\wmsetup.log"
10 Apr 2008 1:52:32 90 112 A.... "C:\WINDOWS\$NtUninstallKB948881$\reg00001"
16 May 2008 23:25:24 39 008 A.... "C:\WINDOWS\Debug\mrt.log"
16 May 2008 23:25:24 8 132 A.... "C:\WINDOWS\Debug\mrteng.log"
29 Apr 2008 11:23:24 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"
19 Mar 2008 18:36:24 144 A.... "C:\WINDOWS\Downloaded Program Files\swdir.inf"
8 Apr 2008 9:31:46 36 916 A.... "C:\WINDOWS\Fonts\album-avantquelombre.ttf"
9 Apr 2008 18:21:38 46 480 A.... "C:\WINDOWS\Fonts\marvosym.ttf"
7 Apr 2008 13:58:24 51 268 A.... "C:\WINDOWS\Fonts\PASSAREL.TTF"
8 Apr 2008 9:31:50 34 484 A.... "C:\WINDOWS\Fonts\Philippe.ttf"
15 May 2008 12:27:44 242 841 A.... "C:\WINDOWS\Help\msoe.chw"
13 Apr 2008 16:54:58 4 100 A.... "C:\WINDOWS\inf\branches.PNF"
12 May 2008 18:55:18 1 563 288 A.... "C:\WINDOWS\inf\INFCACHE.1"
10 Mar 2008 16:15:28 20 004 A.... "C:\WINDOWS\inf\oem52.PNF"
11 Mar 2008 9:14:30 0 ...H. "C:\WINDOWS\inf\oem53.inf"
28 May 2008 20:09:18 53 556 A.... "C:\WINDOWS\inf\oem57.PNF"
20 Apr 2008 13:07:18 66 752 A..H. "C:\WINDOWS\Minidump\Mini042008-01.dmp"
28 May 2008 11:28:20 90 112 A.... "C:\WINDOWS\Minidump\Mini052808-01.dmp"
12 May 2008 14:08:40 8 736 A.... "C:\WINDOWS\network diagnostic\xpnetdiag.xml"
1 Mar 2008 14:58:06 124 928 A.... "C:\WINDOWS\system32\advpack.dll"
28 May 2008 23:08:54 1 647 A.SH. "C:\WINDOWS\system32\aGhRstwa.ini"
28 May 2008 23:08:16 1 647 A.SH. "C:\WINDOWS\system32\aGhRstwa.ini2"
16 May 2008 1:24:44 1 152 888 A.... "C:\WINDOWS\system32\aswBoot.exe"
16 May 2008 1:12:36 95 608 A.... "C:\WINDOWS\system32\AvastSS.scr"
28 May 2008 20:02:46 33 920 ..... "C:\WINDOWS\system32\awttttts.dll"
28 May 2008 20:12:26 0 A.... "C:\WINDOWS\system32\clkcnt.txt"
28 May 2008 21:54:14 3 165 A.... "C:\WINDOWS\system32\CONFIG.NT"
20 Apr 2008 14:16:18 3 580 A.... "C:\WINDOWS\system32\d3d9caps.dat"
1 Mar 2008 14:58:06 347 136 A.... "C:\WINDOWS\system32\dxtmsft.dll"
1 Mar 2008 14:58:06 214 528 ..... "C:\WINDOWS\system32\dxtrans.dll"
1 Mar 2008 14:58:06 133 120 ..... "C:\WINDOWS\system32\extmgr.dll"
17 May 2008 14:36:36 343 424 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
28 May 2008 22:59:06 1 222 084 ..SH. "C:\WINDOWS\system32\gmhajpch.ini"
1 Mar 2008 14:58:06 63 488 A.... "C:\WINDOWS\system32\icardie.dll"
29 Feb 2008 10:56:42 70 656 ..... "C:\WINDOWS\system32\ie4uinit.exe"
1 Mar 2008 14:58:06 153 088 ..... "C:\WINDOWS\system32\ieakeng.dll"
1 Mar 2008 14:58:06 230 400 ..... "C:\WINDOWS\system32\ieaksie.dll"
1 Mar 2008 14:58:08 383 488 A.... "C:\WINDOWS\system32\ieapfltr.dll"
1 Mar 2008 14:58:08 384 512 ..... "C:\WINDOWS\system32\iedkcs32.dll"
1 Mar 2008 14:58:08 6 066 176 A.... "C:\WINDOWS\system32\ieframe.dll"
1 Mar 2008 14:58:08 44 544 ..... "C:\WINDOWS\system32\iernonce.dll"
1 Mar 2008 14:58:08 267 776 A.... "C:\WINDOWS\system32\iertutil.dll"
1 Mar 2008 14:58:08 1 831 424 ..... "C:\WINDOWS\system32\inetcpl.cpl"
1 Mar 2008 14:58:08 27 648 ..... "C:\WINDOWS\system32\jsproxy.dll"
28 May 2008 21:48:32 143 A.... "C:\WINDOWS\system32\mcrh.tmp"
9 May 2008 23:35:04 16 863 864 A.... "C:\WINDOWS\system32\MRT.exe"
25 Mar 2008 6:50:28 518 944 A.... "C:\WINDOWS\system32\msexch40.dll"
25 Mar 2008 6:50:30 326 432 A.... "C:\WINDOWS\system32\msexcl40.dll"
1 Mar 2008 14:58:08 459 264 A.... "C:\WINDOWS\system32\msfeeds.dll"
1 Mar 2008 14:58:08 52 224 A.... "C:\WINDOWS\system32\msfeedsbs.dll"
1 Mar 2008 18:28:10 3 591 680 A.... "C:\WINDOWS\system32\mshtml.dll"
1 Mar 2008 14:58:10 478 208 A.... "C:\WINDOWS\system32\mshtmled.dll"
25 Mar 2008 6:50:34 1 516 568 A.... "C:\WINDOWS\system32\msjet40.dll"
25 Mar 2008 6:50:40 355 112 A.... "C:\WINDOWS\system32\msjetoledb40.dll"
25 Mar 2008 6:51:08 194 144 A.... "C:\WINDOWS\system32\msjint40.dll"
25 Mar 2008 6:50:42 60 192 A.... "C:\WINDOWS\system32\msjter40.dll"
25 Mar 2008 6:50:42 248 608 A.... "C:\WINDOWS\system32\msjtes40.dll"
25 Mar 2008 6:50:44 219 936 A.... "C:\WINDOWS\system32\msltus40.dll"
25 Mar 2008 6:50:46 355 104 A.... "C:\WINDOWS\system32\mspbde40.dll"
1 Mar 2008 14:58:10 193 024 ..... "C:\WINDOWS\system32\msrating.dll"
25 Mar 2008 6:50:48 432 928 A.... "C:\WINDOWS\system32\msrd2x40.dll"
25 Mar 2008 6:50:50 322 336 A.... "C:\WINDOWS\system32\msrd3x40.dll"
25 Mar 2008 6:50:52 559 904 A.... "C:\WINDOWS\system32\msrepl40.dll"
25 Mar 2008 6:50:56 264 992 A.... "C:\WINDOWS\system32\mstext40.dll"
1 Mar 2008 14:58:10 671 232 ..... "C:\WINDOWS\system32\mstime.dll"
25 Mar 2008 6:50:58 838 432 A.... "C:\WINDOWS\system32\mswdat10.dll"
25 Mar 2008 6:51:10 621 344 A.... "C:\WINDOWS\system32\mswstr10.dll"
25 Mar 2008 6:50:58 355 104 A.... "C:\WINDOWS\system32\msxbde40.dll"
1 Mar 2008 14:58:10 102 912 ..... "C:\WINDOWS\system32\occache.dll"
29 Apr 2008 9:40:18 37 760 A.... "C:\WINDOWS\system32\perfc009.dat"
29 Apr 2008 9:40:18 45 866 A.... "C:\WINDOWS\system32\perfc00C.dat"
29 Apr 2008 9:40:18 305 318 A.... "C:\WINDOWS\system32\perfh009.dat"
29 Apr 2008 9:40:18 361 140 A.... "C:\WINDOWS\system32\perfh00C.dat"
29 Apr 2008 9:40:18 756 758 A.... "C:\WINDOWS\system32\PerfStringBackup.INI"
1 Mar 2008 14:58:10 44 544 A.... "C:\WINDOWS\system32\pngfilt.dll"
1 Mar 2008 14:58:10 105 984 A.... "C:\WINDOWS\system32\url.dll"
1 Mar 2008 14:58:10 1 159 680 A.... "C:\WINDOWS\system32\urlmon.dll"
1 Mar 2008 14:58:12 233 472 A.... "C:\WINDOWS\system32\webcheck.dll"
20 Mar 2008 10:09:22 1 845 376 A.... "C:\WINDOWS\system32\win32k.sys"
1 Mar 2008 14:58:12 826 368 A.... "C:\WINDOWS\system32\wininet.dll"
29 Apr 2008 11:25:08 1 170 A.... "C:\WINDOWS\system32\wpa.dbl"
29 Apr 2008 11:23:34 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
29 Apr 2008 10:43:02 256 A.... "C:\WINDOWS\Tasks\V‚rifier les mises … jour de Windows Live Toolbar.job"
23 May 2008 16:00:02 408 A..H. "C:\WINDOWS\Tasks\{8F64ABE1-D931-44A5-8BF2-6D80D9083BFB}_SN101854210000_TEXIER.job"
28 May 2008 9:00:02 408 A..H. "C:\WINDOWS\Tasks\{A445D345-994B-4C5A-A4C9-C1DF747F80B5}_SN101854210000_TEXIER.job"
28 May 2008 16:00:02 408 A..H. "C:\WINDOWS\Tasks\{C9C14444-4273-423B-9438-BD880A68AB76}_SN101854210000_TEXIER.job"
29 Apr 2008 11:32:00 6 024 A.... "C:\WINDOWS\Temp\scs67.tmp"
29 Apr 2008 11:23:28 255 A.... "C:\WINDOWS\Temp\WGAErrLog.txt"
29 Apr 2008 11:25:08 409 A.... "C:\WINDOWS\Temp\WGANotify.settings"
10 Apr 2008 1:51:52 12 333 A.... "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.inf"
10 Apr 2008 1:51:50 355 A.... "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.txt"
17 Mar 2008 23:18:18 11 949 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.inf"
17 Mar 2008 23:18:14 370 A.... "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.txt"
10 Apr 2008 1:50:38 12 777 A.... "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.inf"
10 Apr 2008 1:50:34 558 A.... "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.txt"
10 Apr 2008 1:52:34 11 733 A.... "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.inf"
10 Apr 2008 1:52:32 122 A.... "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.txt"
17 Mar 2008 23:18:44 12 077 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.inf"
17 Mar 2008 23:18:44 320 A.... "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.txt"
10 Apr 2008 1:52:28 12 472 A.... "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.inf"
10 Apr 2008 1:52:26 360 A.... "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.txt"
14 May 2008 22:45:54 19 194 A.... "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.inf"
14 May 2008 22:45:44 4 318 A.... "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.txt"
23 May 2008 15:35:10 2 627 584 A.... "C:\WINDOWS\Downloaded Installations\{83A209C2-A1C9-48EA-9A5C-C29F45AC9C55}\Talking Reminder.msi"
8 Apr 2008 8:46:18 6 129 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\0x0409.ini"
8 Apr 2008 8:46:16 2 059 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\Setup.INI"
8 Apr 2008 8:46:18 128 625 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\setup.isn"
8 Apr 2008 8:46:26 12 461 568 A.... "C:\WINDOWS\Downloaded Installations\{DAE64D1C-EFB7-4C1C-83FA-B11F8E0E85D4}\veoh.msi"
17 Mar 2008 23:18:24 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00002"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00003"
17 Mar 2008 23:18:26 90 112 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00004"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00005"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00006"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00007"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00008"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00009"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00010"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00011"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00012"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00013"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00014"
17 Mar 2008 23:18:26 8 192 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00015"
17 Mar 2008 23:18:26 12 288 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\reg00016"
10 Apr 2008 1:52:04 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00002"
10 Apr 2008 1:52:04 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00003"
10 Apr 2008 1:52:06 90 112 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00004"
10 Apr 2008 1:52:06 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00005"
10 Apr 2008 1:52:06 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00006"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00007"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00008"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00009"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00010"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00011"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00012"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00013"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00014"
10 Apr 2008 1:52:08 8 192 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00015"
10 Apr 2008 1:52:08 12 288 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\reg00016"
1 Mar 2008 14:58:06 124 928 ..... "C:\WINDOWS\system32\dllcache\advpack.dll"
25 Mar 2008 6:50:26 554 008 ..... "C:\WINDOWS\system32\dllcache\dao360.dll"
1 Mar 2008 14:58:06 347 136 A.... "C:\WINDOWS\system32\dllcache\dxtmsft.dll"
1 Mar 2008 14:58:06 214 528 ..... "C:\WINDOWS\system32\dllcache\dxtrans.dll"
1 Mar 2008 14:58:06 133 120 ..... "C:\WINDOWS\system32\dllcache\extmgr.dll"
1 Mar 2008 14:58:06 63 488 ..... "C:\WINDOWS\system32\dllcache\icardie.dll"
29 Feb 2008 10:56:42 70 656 ..... "C:\WINDOWS\system32\dllcache\ie4uinit.exe"
1 Mar 2008 14:58:06 153 088 ..... "C:\WINDOWS\system32\dllcache\ieakeng.dll"
1 Mar 2008 14:58:06 230 400 ..... "C:\WINDOWS\system32\dllcache\ieaksie.dll"
1 Mar 2008 14:58:08 383 488 ..... "C:\WINDOWS\system32\dllcache\ieapfltr.dll"
1 Mar 2008 14:58:08 384 512 ..... "C:\WINDOWS\system32\dllcache\iedkcs32.dll"
1 Mar 2008 14:58:08 6 066 176 ..... "C:\WINDOWS\system32\dllcache\ieframe.dll"
1 Mar 2008 14:58:08 44 544 ..... "C:\WINDOWS\system32\dllcache\iernonce.dll"
1 Mar 2008 14:58:08 267 776 ..... "C:\WINDOWS\system32\dllcache\iertutil.dll"
29 Feb 2008 10:57:06 625 664 ..... "C:\WINDOWS\system32\dllcache\iexplore.exe"
1 Mar 2008 14:58:08 1 831 424 ..... "C:\WINDOWS\system32\dllcache\inetcpl.cpl"
1 Mar 2008 14:58:08 27 648 ..... "C:\WINDOWS\system32\dllcache\jsproxy.dll"
25 Mar 2008 6:50:28 518 944 A.... "C:\WINDOWS\system32\dllcache\msexch40.dll"
25 Mar 2008 6:50:30 326 432 A.... "C:\WINDOWS\system32\dllcache\msexcl40.dll"
1 Mar 2008 14:58:08 459 264 ..... "C:\WINDOWS\system32\dllcache\msfeeds.dll"
1 Mar 2008 14:58:08 52 224 ..... "C:\WINDOWS\system32\dllcache\msfeedsbs.dll"
1 Mar 2008 18:28:10 3 591 680 ..... "C:\WINDOWS\system32\dllcache\mshtml.dll"
1 Mar 2008 14:58:10 478 208 ..... "C:\WINDOWS\system32\dllcache\mshtmled.dll"
25 Mar 2008 6:50:34 1 516 568 A.... "C:\WINDOWS\system32\dllcache\msjet40.dll"
25 Mar 2008 6:50:40 355 112 A.... "C:\WINDOWS\system32\dllcache\msjetol1.dll"
25 Mar 2008 6:51:08 194 144 A.... "C:\WINDOWS\system32\dllcache\msjint40.dll"
25 Mar 2008 6:50:42 60 192 A.... "C:\WINDOWS\system32\dllcache\msjter40.dll"
25 Mar 2008 6:50:42 248 608 A.... "C:\WINDOWS\system32\dllcache\msjtes40.dll"
25 Mar 2008 6:50:44 219 936 A.... "C:\WINDOWS\system32\dllcache\msltus40.dll"
25 Mar 2008 6:50:46 355 104 A.... "C:\WINDOWS\system32\dllcache\mspbde40.dll"
1 Mar 2008 14:58:10 193 024 ..... "C:\WINDOWS\system32\dllcache\msrating.dll"
25 Mar 2008 6:50:48 432 928 A.... "C:\WINDOWS\system32\dllcache\msrd2x40.dll"
25 Mar 2008 6:50:50 322 336 A.... "C:\WINDOWS\system32\dllcache\msrd3x40.dll"
25 Mar 2008 6:50:52 559 904 A.... "C:\WINDOWS\system32\dllcache\msrepl40.dll"
25 Mar 2008 6:50:56 264 992 A.... "C:\WINDOWS\system32\dllcache\mstext40.dll"
1 Mar 2008 14:58:10 671 232 ..... "C:\WINDOWS\system32\dllcache\mstime.dll"
25 Mar 2008 6:50:58 838 432 A.... "C:\WINDOWS\system32\dllcache\mswdat10.dll"
25 Mar 2008 6:51:10 621 344 A.... "C:\WINDOWS\system32\dllcache\mswstr10.dll"
25 Mar 2008 6:50:58 355 104 A.... "C:\WINDOWS\system32\dllcache\msxbde40.dll"
1 Mar 2008 14:58:10 102 912 ..... "C:\WINDOWS\system32\dllcache\occache.dll"
1 Mar 2008 14:58:10 44 544 A.... "C:\WINDOWS\system32\dllcache\pngfilt.dll"
1 Mar 2008 14:58:10 105 984 ..... "C:\WINDOWS\system32\dllcache\url.dll"
1 Mar 2008 14:58:10 1 159 680 ..... "C:\WINDOWS\system32\dllcache\urlmon.dll"
1 Mar 2008 14:58:12 233 472 ..... "C:\WINDOWS\system32\dllcache\webcheck.dll"
20 Mar 2008 10:09:22 1 845 376 A.... "C:\WINDOWS\system32\dllcache\win32k.sys"
1 Mar 2008 14:58:12 826 368 ..... "C:\WINDOWS\system32\dllcache\wininet.dll"
16 May 2008 1:13:26 26 944 A.... "C:\WINDOWS\system32\drivers\aavmker4.sys"
16 May 2008 1:16:06 20 560 A.... "C:\WINDOWS\system32\drivers\aswFsBlk.sys"
16 May 2008 1:18:34 94 416 A.... "C:\WINDOWS\system32\drivers\aswmon2.sys"
16 May 2008 1:15:30 23 152 A.... "C:\WINDOWS\system32\drivers\aswRdr.sys"
16 May 2008 1:20:32 78 416 A.... "C:\WINDOWS\system32\drivers\aswSP.sys"
16 May 2008 1:14:12 42 912 A.... "C:\WINDOWS\system32\drivers\aswTdi.sys"
5 May 2008 20:46:32 15 864 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
5 May 2008 20:46:36 27 048 A.... "C:\WINDOWS\system32\drivers\mbamcatchme.sys"
12 May 2008 15:10:10 165 884 A.... "C:\WINDOWS\system32\Restore\rstrlog.dat"
29 Apr 2008 11:24:20 0 A.... "C:\WINDOWS\Temp\_avast4_\Webshlock.txt"
20 Mar 2008 9:56:50 1 846 016 A.... "C:\WINDOWS\$hf_mig$\KB941693\SP2QFE\win32k.sys"
20 Mar 2008 10:21:04 705 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\branches.inf"
20 Mar 2008 10:41:36 11 284 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\KB941693.CAT"
20 Mar 2008 14:26:18 204 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\update.ver"
20 Mar 2008 10:21:04 496 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\updatebr.inf"
20 Mar 2008 10:37:18 23 870 A.... "C:\WINDOWS\$hf_mig$\KB941693\update\update_SP2QFE.inf"
3 Mar 2008 9:21:20 705 A.... "C:\WINDOWS\$hf_mig$\KB945553\update\branches.inf"
3 Mar 2008 9:39:14 11 990 A.... "C:\WINDOWS\$hf_mig$\KB945553\update\KB945553.CAT"
3 Mar 2008 9:49:56 388 A.... "C:\WINDOWS\$hf_mig$\KB945553\update\update.ver"
3 Mar 2008 9:21:20 496 A.... "C:\WINDOWS\$hf_mig$\KB945553\update\updatebr.inf"
3 Mar 2008 9:38:04 23 940 A.... "C:\WINDOWS\$hf_mig$\KB945553\update\update_SP2QFE.inf"
1 Mar 2008 14:34:26 124 928 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\advpack.dll"
1 Mar 2008 14:34:26 347 136 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtmsft.dll"
1 Mar 2008 14:34:26 214 528 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\dxtrans.dll"
1 Mar 2008 14:34:28 132 608 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\extmgr.dll"
1 Mar 2008 14:34:28 63 488 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\icardie.dll"
1 Mar 2008 14:34:28 153 088 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieakeng.dll"
1 Mar 2008 14:34:28 230 400 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieaksie.dll"
1 Mar 2008 14:34:28 383 488 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieapfltr.dll"
1 Mar 2008 14:34:28 388 608 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iedkcs32.dll"
1 Mar 2008 14:34:30 6 067 712 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieframe.dll"
1 Mar 2008 14:34:30 44 544 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iernonce.dll"
1 Mar 2008 14:34:30 267 776 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iertutil.dll"
1 Mar 2008 14:34:30 1 831 424 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\inetcpl.cpl"
1 Mar 2008 14:34:30 27 648 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\jsproxy.dll"
1 Mar 2008 14:34:30 459 264 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeeds.dll"
1 Mar 2008 14:34:30 52 224 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msfeedsbs.dll"
1 Mar 2008 14:34:32 3 593 216 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll"
1 Mar 2008 14:34:32 478 208 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mshtmled.dll"
1 Mar 2008 14:34:32 193 024 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\msrating.dll"
1 Mar 2008 14:34:32 671 232 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\mstime.dll"
1 Mar 2008 14:34:32 102 912 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\occache.dll"
1 Mar 2008 14:34:32 44 544 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\pngfilt.dll"
1 Mar 2008 14:34:32 105 984 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\url.dll"
1 Mar 2008 14:34:34 1 162 752 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\urlmon.dll"
1 Mar 2008 14:34:34 233 472 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\webcheck.dll"
1 Mar 2008 14:34:34 827 392 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll"
1 Mar 2008 15:09:26 705 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\update\branches.inf"
1 Mar 2008 15:54:42 32 354 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\update\KB947864-IE7.CAT"
1 Mar 2008 17:31:04 5 960 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update.ver"
1 Mar 2008 15:09:26 500 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\update\updatebr.inf"
1 Mar 2008 15:56:52 121 489 A.... "C:\WINDOWS\$hf_mig$\KB947864-IE7\update\update_SP2QFE.inf"
29 Feb 2008 1:34:06 705 A.... "C:\WINDOWS\$hf_mig$\KB948881\update\branches.inf"
29 Feb 2008 1:49:38 10 578 A.... "C:\WINDOWS\$hf_mig$\KB948881\update\KB948881.CAT"
29 Feb 2008 5:31:36 18 A.... "C:\WINDOWS\$hf_mig$\KB948881\update\update.ver"
29 Feb 2008 1:34:06 496 A.... "C:\WINDOWS\$hf_mig$\KB948881\update\updatebr.inf"
29 Feb 2008 1:43:46 24 003 A.... "C:\WINDOWS\$hf_mig$\KB948881\update\update_SP2QFE.inf"
25 Mar 2008 8:56:32 194 144 A.... "C:\WINDOWS\$hf_mig$\KB950749\SP2QFE\msjint40.dll"
28 Mar 2008 5:51:06 705 A.... "C:\WINDOWS\$hf_mig$\KB950749\update\branches.inf"
28 Mar 2008 6:32:42 15 505 A.... "C:\WINDOWS\$hf_mig$\KB950749\update\KB950749.CAT"
28 Mar 2008 6:41:18 3 004 A.... "C:\WINDOWS\$hf_mig$\KB950749\update\update.ver"
26 Mar 2008 23:10:38 496 A.... "C:\WINDOWS\$hf_mig$\KB950749\update\updatebr.inf"
28 Mar 2008 6:19:24 27 289 A.... "C:\WINDOWS\$hf_mig$\KB950749\update\update_SP2QFE.inf"
17 Mar 2008 23:18:40 23 870 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.inf"
17 Mar 2008 23:18:28 7 811 A.... "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.txt"
10 Apr 2008 1:52:22 24 252 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.inf"
10 Apr 2008 1:52:08 7 811 A.... "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.txt"
19 Mar 2008 18:29:42 330 A.... "C:\WINDOWS\system32\Adobe\Director\M5drvr32.exe"
19 Mar 2008 18:29:42 330 A.... "C:\WINDOWS\system32\Adobe\Director\M5if32.dll"
19 Mar 2008 19:23:20 114 688 A.... "C:\WINDOWS\system32\Adobe\Director\np32dsw.dll"
19 Mar 2008 19:36:22 202 168 A.... "C:\WINDOWS\system32\Adobe\Director\swdir.dll"
19 Mar 2008 19:36:40 67 000 A.... "C:\WINDOWS\system32\Adobe\Director\SwDnld.exe"
19 Mar 2008 19:24:02 487 424 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll"
19 Mar 2008 18:46:26 1 798 144 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll"
19 Mar 2008 19:24:04 9 216 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll"
19 Mar 2008 18:36:14 754 688 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll"
19 Mar 2008 18:36:16 1 145 896 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe"
19 Mar 2008 18:36:14 52 288 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll"
19 Mar 2008 18:42:42 892 928 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll"
20 Apr 2008 10:49:18 153 742 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Install.log"
19 Mar 2008 19:22:34 249 856 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll"
19 Mar 2008 19:25:36 442 368 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll"
19 Mar 2008 18:29:58 9 622 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr"
19 Mar 2008 19:36:06 439 736 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100429.exe"
19 Mar 2008 19:26:20 110 592 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe"
19 Mar 2008 18:33:40 15 412 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\SwLogo.bmp"
19 Mar 2008 19:22:22 94 208 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll"
19 Mar 2008 18:36:14 50 808 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL"
10 Mar 2008 16:14:24 8 A.... "C:\WINDOWS\system32\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp"
20 Mar 2008 10:41:36 11 284 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB941693.cat"
3 Mar 2008 9:39:14 11 990 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB945553.cat"
1 Mar 2008 15:54:42 32 354 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB947864-IE7.cat"
29 Feb 2008 1:49:38 10 578 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB948881.cat"
28 Mar 2008 6:32:42 15 505 ..S.. "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB950749.cat"
28 May 2008 20:09:18 8 A.... "C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\TimeStamp"
12 May 2008 14:35:04 492 A.... "C:\WINDOWS\system32\drivers\etc\hosts.ics"
12 May 2008 14:38:48 68 298 A.... "C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log"
8 Apr 2008 10:51:56 22 771 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"
19 Apr 2008 9:47:20 405 504 A.... "C:\WINDOWS\system32\Macromed\Flash\swflash.ocx"
8 Apr 2008 10:51:54 74 137 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe"
19 Apr 2008 9:47:20 483 328 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Control.dll"
19 Apr 2008 9:47:20 1 097 728 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\dirapi.dll"
19 Apr 2008 9:47:58 53 162 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\dirapi.mch"
19 Apr 2008 9:47:18 561 152 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\iml32.dll"
19 Apr 2008 9:47:16 249 856 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Plugin.dll"
19 Apr 2008 9:47:16 380 928 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\PluginPing.dll"
19 Apr 2008 18:12:48 155 840 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Shockwave Log"
19 Apr 2008 9:47:16 90 112 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\SwMenu.dll"
19 Mar 2008 18:29:56 2 669 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\autodownload.txt"
19 Mar 2008 19:23:24 12 800 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\CBrowser.x32"
19 Mar 2008 19:18:34 32 256 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\INetURL.x32"
19 Mar 2008 19:02:02 167 936 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\Multiusr.x32"
19 Mar 2008 19:18:46 41 984 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\Netfile.x32"
19 Mar 2008 19:18:52 36 352 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\Netlingo.x32"
19 Mar 2008 19:22:02 49 152 A.... "C:\WINDOWS\system32\Adobe\Shockwave 11\Xtras\Speech.x32"
19 Apr 2008 9:47:16 28 672 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\CBrowser.x32"
19 Apr 2008 9:47:16 49 152 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\INetURL.x32"
19 Apr 2008 9:47:14 53 248 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\NetFile.x32"
19 Apr 2008 9:47:14 49 152 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\NetLingo.x32"
19 Apr 2008 9:47:14 57 344 A.... "C:\WINDOWS\system32\Macromed\Shockwave 8\Xtras\Speech.x32"


C:\Program Files\

14 Mar 2008 10:02:34 827 392 A.... "C:\Program Files\AlgolabPtVector\Vect.exe"
29 Apr 2008 9:17:16 1 505 496 A.... "C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe"
29 Apr 2008 9:17:32 196 608 A.... "C:\Program Files\Antivirus 2008 PRO\zlib.dll"
28 May 2008 20:03:46 454 656 A.... "C:\Program Files\AticiaContacts\WD100COM.DLL"
28 May 2008 20:03:46 344 064 A.... "C:\Program Files\AticiaContacts\WD100ETAT.DLL"
28 May 2008 20:03:46 180 224 A.... "C:\Program Files\AticiaContacts\WD100GPU.DLL"
28 May 2008 20:03:46 261 120 A.... "C:\Program Files\AticiaContacts\WD100GRF.DLL"
28 May 2008 20:03:48 2 098 688 A.... "C:\Program Files\AticiaContacts\WD100HF.DLL"
28 May 2008 20:03:48 397 312 A.... "C:\Program Files\AticiaContacts\WD100HTML.DLL"
28 May 2008 20:03:46 626 688 A.... "C:\Program Files\AticiaContacts\WD100IMG.DLL"
28 May 2008 20:03:48 94 208 A.... "C:\Program Files\AticiaContacts\WD100MAT.DLL"
28 May 2008 20:03:48 1 925 120 A.... "C:\Program Files\AticiaContacts\WD100OBJ.DLL"
28 May 2008 20:03:48 106 496 A.... "C:\Program Files\AticiaContacts\WD100OLE.DLL"
28 May 2008 20:03:48 499 712 A.... "C:\Program Files\AticiaContacts\WD100OLDB.DLL"
28 May 2008 20:03:48 483 383 A.... "C:\Program Files\AticiaContacts\WD100PDF.DLL"
28 May 2008 20:03:48 557 056 A.... "C:\Program Files\AticiaContacts\WD100PRN.DLL"
28 May 2008 20:03:48 528 384 A.... "C:\Program Files\AticiaContacts\WD100RTF.DLL"
28 May 2008 20:03:48 409 600 A.... "C:\Program Files\AticiaContacts\WD100SQL.DLL"
28 May 2008 20:03:48 433 152 A.... "C:\Program Files\AticiaContacts\WD100STD.DLL"
28 May 2008 20:03:46 1 307 648 A.... "C:\Program Files\AticiaContacts\WD100VM.DLL"
28 May 2008 20:03:48 143 360 A.... "C:\Program Files\AticiaContacts\WD100XLS.DLL"
28 May 2008 20:03:48 446 464 A.... "C:\Program Files\AticiaContacts\WD100XML.DLL"
28 May 2008 20:03:48 307 200 A.... "C:\Program Files\AticiaContacts\WD100ZIP.DLL"
27 May 2008 18:03:10 48 998 A.... "C:\Program Files\CapturOd‚bit V3.1 France\uninst.exe"
11 May 2008 13:19:30 5 423 104 A.... "C:\Program Files\eMule\emule.exe"
28 May 2008 8:43:56 51 404 A.... "C:\Program Files\eMule\Uninstall.exe"
20 May 2008 9:19:30 2 276 A.... "C:\Program Files\FTP\unins000.dat"
20 May 2008 9:19:16 692 176 A.... "C:\Program Files\FTP\unins000.exe"
18 May 2008 14:23:46 2 032 A.... "C:\Program Files\GiveMeTac 1.1\unins000.dat"
29 Feb 2008 10:57:06 625 664 ..... "C:\Program Files\Internet Explorer\iexplore.exe"
5 May 2008 20:46:30 65 144 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
5 May 2008 20:46:30 1 179 256 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
5 May 2008 20:46:32 36 472 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
5 May 2008 20:46:32 102 008 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
5 May 2008 20:46:34 380 536 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"
5 May 2008 20:46:34 44 664 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"
29 Apr 2008 10:47:22 7 065 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
29 Apr 2008 10:46:58 688 760 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
5 May 2008 20:46:36 57 464 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
2 Apr 2008 11:18:18 8 704 A.... "C:\Program Files\Prospective\Interop.TERMMGRLib.dll"
28 May 2008 19:29:14 16 816 A.... "C:\Program Files\Prospective\Prospective.dll"
20 May 2008 11:32:14 21 624 355 A.... "C:\Program Files\Prospective\Prospective.exe"
27 May 2008 15:17:26 4 106 A.... "C:\Program Files\Prospective\unins000.dat"
27 May 2008 15:17:14 676 807 A.... "C:\Program Files\Prospective\unins000.exe"
28 May 2008 17:34:32 2 327 A.... "C:\Program Files\Prospection Builder\unins000.dat"
28 May 2008 17:34:22 689 022 A.... "C:\Program Files\Prospection Builder\unins000.exe"
10 Apr 2008 15:13:48 251 784 A.... "C:\Program Files\Spyware Doctor\BH.dll"
10 Apr 2008 15:13:50 656 264 A.... "C:\Program Files\Spyware Doctor\cdialogs.dll"
10 Apr 2008 15:13:52 116 616 A.... "C:\Program Files\Spyware Doctor\commhlpr.dll"
10 Apr 2008 15:15:46 825 224 A.... "C:\Program Files\Spyware Doctor\commlib.dll"
14 Apr 2008 17:05:34 923 528 A.... "C:\Program Files\Spyware Doctor\commom.dll"
10 Apr 2008 15:13:54 148 872 A.... "C:\Program Files\Spyware Doctor\filehlpr.dll"
28 Apr 2008 9:53:00 378 760 A.... "C:\Program Files\Spyware Doctor\inethlpr.dll"
1 May 2008 16:46:06 241 664 A.... "C:\Program Files\Spyware Doctor\InnoHelpers.dll"
8 Apr 2008 21:06:30 100 352 A.... "C:\Program Files\Spyware Doctor\klg.dat"
1 May 2008 16:46:06 626 688 A.... "C:\Program Files\Spyware Doctor\msvcr80.dll"
10 Apr 2008 15:14:26 337 800 A.... "C:\Program Files\Spyware Doctor\pctsAuxs.exe"
2 May 2008 16:22:04 2 811 272 A.... "C:\Program Files\Spyware Doctor\pctsGui.exe"
17 Apr 2008 14:19:02 1 017 224 A.... "C:\Program Files\Spyware Doctor\pctsSvc.exe"
10 Apr 2008 15:14:30 1 107 848 A.... "C:\Program Files\Spyware Doctor\pctsTray.exe"
4 Mar 2008 16:49:10 178 056 A.... "C:\Program Files\Spyware Doctor\PCTWSC.dll"
10 Apr 2008 15:14:58 186 248 A.... "C:\Program Files\Spyware Doctor\PWindow.dll"
10 Apr 2008 15:15:02 115 592 A.... "C:\Program Files\Spyware Doctor\RegHelper.dll"
17 Apr 2008 14:19:04 126 344 A.... "C:\Program Files\Spyware Doctor\sdcore.dll"
10 Apr 2008 15:15:08 118 664 A.... "C:\Program Files\Spyware Doctor\sdinvoker.exe"
10 Apr 2008 15:15:10 333 704 A.... "C:\Program Files\Spyware Doctor\sdloader.exe"
10 Apr 2008 15:15:14 222 088 A.... "C:\Program Files\Spyware Doctor\SH.dll"
10 Apr 2008 15:15:14 144 776 A.... "C:\Program Files\Spyware Doctor\smumhook.dll"
10 Apr 2008 15:15:24 135 560 A.... "C:\Program Files\Spyware Doctor\SysAccess.dll"
29 Apr 2008 9:38:48 223 854 A.... "C:\Program Files\Spyware Doctor\unins000.dat"
29 Apr 2008 9:38:12 707 976 A.... "C:\Program Files\Spyware Doctor\unins000.exe"
6 May 2008 11:28:50 1 800 048 A.... "C:\Program Files\Spyware Doctor\Update.exe"
10 Apr 2008 15:15:32 1 540 488 A.... "C:\Program Files\Spyware Doctor\Upgrade.exe"
16 May 2008 1:13:18 221 184 A.... "C:\Program Files\Alwil Software\Avast4\Aavm4h.dll"
16 May 2008 1:19:58 188 416 A.... "C:\Program Files\Alwil Software\Avast4\AavmGuih.dll"
16 May 2008 1:13:06 20 480 A.... "C:\Program Files\Alwil Software\Avast4\AavmRpch.dll"
16 May 2008 1:14:06 35 840 A.... "C:\Program Files\Alwil Software\Avast4\AhResMai.dll"
16 May 2008 1:15:24 32 768 A.... "C:\Program Files\Alwil Software\Avast4\ahResMes.dll"
16 May 2008 1:14:34 31 744 A.... "C:\Program Files\Alwil Software\Avast4\AhResNS.dll"
16 May 2008 1:19:16 29 696 A.... "C:\Program Files\Alwil Software\Avast4\AhResOut.dll"
16 May 2008 1:15:12 33 280 A.... "C:\Program Files\Alwil Software\Avast4\ahResP2P.dll"
16 May 2008 1:20:22 43 008 A.... "C:\Program Files\Alwil Software\Avast4\AhResStd.dll"
16 May 2008 1:14:00 53 248 A.... "C:\Program Files\Alwil Software\Avast4\AhResWS.dll"
16 May 2008 1:17:26 65 536 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiMai.dll"
16 May 2008 1:15:20 36 864 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiMes.dll"
16 May 2008 1:14:32 36 864 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiNS.dll"
16 May 2008 1:17:52 90 112 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiOut.dll"
16 May 2008 1:15:08 22 528 A.... "C:\Program Files\Alwil Software\Avast4\ahRuiP2P.dll"
16 May 2008 1:20:16 57 344 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiStd.dll"
16 May 2008 1:15:52 49 152 A.... "C:\Program Files\Alwil Software\Avast4\AhRuiWS.dll"
16 May 2008 1:10:16 271 736 A.... "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"
16 May 2008 1:05:48 225 280 A.... "C:\Program Files\Alwil Software\Avast4\ashBase.dll"
16 May 2008 1:10:44 128 376 A.... "C:\Program Files\Alwil Software\Avast4\ashBug.exe"
16 May 2008 1:09:20 98 304 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgP.dll"
16 May 2008 1:09:44 135 168 A.... "C:\Program Files\Alwil Software\Avast4\ashCfgT.dll"
16 May 2008 1:09:56 151 552 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.dll"
16 May 2008 1:11:04 66 936 A.... "C:\Program Files\Alwil Software\Avast4\ashChest.exe"
16 May 2008 1:10:54 52 088 A.... "C:\Program Files\Alwil Software\Avast4\ashCnsnt.exe"
16 May 2008 1:19:32 79 224 A.... "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
16 May 2008 1:10:26 49 016 A.... "C:\Program Files\Alwil Software\Avast4\ashLogV.exe"
16 May 2008 1:19:00 247 160 A.... "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
16 May 2008 1:19:12 202 104 A.... "C:\Program Files\Alwil Software\Avast4\ashOutXt.dll"
16 May 2008 1:19:44 206 200 A.... "C:\Program Files\Alwil Software\Avast4\ashPopWz.exe"
16 May 2008 1:12:20 279 928 A.... "C:\Program Files\Alwil Software\Avast4\ashQuick.exe"
16 May 2008 1:19:24 144 760 A.... "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
31 Mar 2008 23:14:48 80 976 A.... "C:\Program Files\Alwil Software\Avast4\ashShA64.dll"
16 May 2008 1:12:24 75 128 A.... "C:\Program Files\Alwil Software\Avast4\ashShell.dll"
16 May 2008 1:11:16 128 376 A.... "C:\Program Files\Alwil Software\Avast4\ashSimp2.exe"
16 May 2008 1:12:56 157 048 A.... "C:\Program Files\Alwil Software\Avast4\ashSimpl.exe"
16 May 2008 1:10:30 18 432 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPcc.exe"
16 May 2008 1:10:36 61 440 A.... "C:\Program Files\Alwil Software\Avast4\ashSkPck.exe"
16 May 2008 1:06:02 53 248 A.... "C:\Program Files\Alwil Software\Avast4\ashSODBC.dll"
16 May 2008 1:06:44 233 472 A.... "C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll"
16 May 2008 1:07:14 48 128 A.... "C:\Program Files\Alwil Software\Avast4\ashSXML.dll"
16 May 2008 1:06:12 114 688 A.... "C:\Program Files\Alwil Software\Avast4\ashTask.dll"
16 May 2008 1:09:02 315 392 A.... "C:\Program Files\Alwil Software\Avast4\ashUInt.dll"
16 May 2008 1:06:24 66 936 A.... "C:\Program Files\Alwil Software\Avast4\ashUpd.exe"
16 May 2008 1:17:00 349 560 A.... "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
16 May 2008 1:17:06 61 440 A.... "C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll"
16 May 2008 1:05:58 659 456 A.... "C:\Program Files\Alwil Software\Avast4\aswAux.dll"
16 May 2008 1:01:50 126 976 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnB.dll"
16 May 2008 1:01:42 86 016 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll"
16 May 2008 1:02:02 192 512 A.... "C:\Program Files\Alwil Software\Avast4\aswCmnS.dll"
16 May 2008 1:05:30 1 228 800 A.... "C:\Program Files\Alwil Software\Avast4\aswEngin.dll"
16 May 2008 1:06:50 10 104 A.... "C:\Program Files\Alwil Software\Avast4\aswIdle.dll"
16 May 2008 1:05:02 22 528 A.... "C:\Program Files\Alwil Software\Avast4\aswInteg.dll"
16 May 2008 1:18:20 706 A.... "C:\Program Files\Alwil Software\Avast4\aswMonDS.sys"
16 May 2008 1:02:32 294 912 A.... "C:\Program Files\Alwil Software\Avast4\aswRawFS.dll"
16 May 2008 1:01:16 147 456 A.... "C:\Program Files\Alwil Software\Avast4\aswRes.dll"
10 Mar 2008 0:45:42 91 512 A.... "C:\Program Files\Alwil Software\Avast4\aswRunDll.exe"
16 May 2008 1:04:38 81 920 A.... "C:\Program Files\Alwil Software\Avast4\aswScan.dll"
16 May 2008 1:06:58 17 272 A.... "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
16 May 2008 1:15:00 106 496 A.... "C:\Program Files\Alwil Software\Avast4\avCommEx.dll"
16 May 2008 1:10:04 12 152 A.... "C:\Program Files\Alwil Software\Avast4\AVSSHOOK.dll"
16 May 2008 1:24:08 66 936 A.... "C:\Program Files\Alwil Software\Avast4\sched.exe"
16 May 2008 1:12:30 66 936 A.... "C:\Program Files\Alwil Software\Avast4\VisthAux.exe"
16 May 2008 1:12:42 51 576 A.... "C:\Program Files\Alwil Software\Avast4\VisthLic.exe"
16 May 2008 1:12:00 51 576 A.... "C:\Program Files\Alwil Software\Avast4\VisthUpd.exe"
16 May 2008 1:08:26 917 504 A.... "C:\Program Files\Alwil Software\Avast4\XT1922.dll"
28 May 2008 20:05:52 2 A.... "C:\Program Files\eMule\config\AC_BootstrapIPs.dat"
28 May 2008 9:00:10 2 A.... "C:\Program Files\eMule\config\AC_IPFilterUpdateURLs.dat"
28 May 2008 20:05:52 820 A.... "C:\Program Files\eMule\config\AC_SearchStrings.dat"
28 May 2008 20:05:52 2 A.... "C:\Program Files\eMule\config\AC_ServerMetURLs.dat"
28 May 2008 8:44:42 365 A.... "C:\Program Files\eMule\config\cryptkey.dat"
28 May 2008 19:30:28 28 A.... "C:\Program Files\eMule\config\key_index.dat"
28 May 2008 19:30:28 2 712 A.... "C:\Program Files\eMule\config\load_index.dat"
28 May 2008 19:30:28 6 812 A.... "C:\Program Files\eMule\config\nodes.dat"
28 May 2008 20:05:52 61 A.... "C:\Program Files\eMule\config\preferences.dat"
28 May 2008 19:30:28 23 A.... "C:\Program Files\eMule\config\preferencesKad.dat"
28 May 2008 20:05:52 1 086 A.... "C:\Program Files\eMule\config\shareddir.dat"
28 May 2008 19:30:28 12 A.... "C:\Program Files\eMule\config\src_index.dat"
28 May 2008 15:39:00 17 899 306 A.... "C:\Program Files\eMule\Incoming\Aticia contact exe.exe"
11 May 2008 13:02:38 110 592 A.... "C:\Program Files\eMule\lang\de_DE.dll"
11 May 2008 13:02:38 110 592 A.... "C:\Program Files\eMule\lang\es_ES_T.dll"
11 May 2008 13:02:36 110 592 A.... "C:\Program Files\eMule\lang\fr_FR.dll"
11 May 2008 13:02:36 110 592 A.... "C:\Program Files\eMule\lang\it_IT.dll"
26 May 2008 11:10:02 121 064 A.... "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe"
26 May 2008 11:09:44 121 064 A.... "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe"
3 Apr 2008 16:06:36 1 164 A.... "C:\Program Files\Microsoft Games\FS2002\SCENERY.dat"
19 Mar 2008 19:23:20 114 688 A.... "C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll"
4 Mar 2008 16:48:56 956 296 A.... "C:\Program Files\Spyware Doctor\avengine\PCTAVEng.dll"
10 Apr 2008 15:13:44 186 248 A.... "C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll"
10 Apr 2008 15:14:12 161 672 A.... "C:\Program Files\Spyware Doctor\NetworkLayer\Driver.exe"
10 Apr 2008 15:14:18 71 560 A.... "C:\Program Files\Spyware Doctor\NetworkLayer\PCTCFFix.exe"
10 Apr 2008 15:14:20 159 880 A.... "C:\Program Files\Spyware Doctor\NetworkLayer\pctfw2.sys"
10 Apr 2008 15:14:22 190 344 A.... "C:\Program Files\Spyware Doctor\NetworkLayer\PCTLsp.dll"
29 Apr 2008 11:23:34 185 720 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll"
28 May 2008 22:58:04 0 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat"
29 Apr 2008 11:23:34
0
benurrr Messages postés 9643 Date d'inscription samedi 24 mai 2008 Statut Contributeur sécurité Dernière intervention 11 janvier 2012 107
29 mai 2008 à 15:17
re je voit que tes entre de bonne main ^^marie^^ c du competent je vous suis on arriere plan et bon courage
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 mai 2008 à 15:20
RE

Ta version XP est officielle ??



Spyware Doctor ► poubelle



Tu as des traces de Norton, pour le supprimer correctement
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924


Fais un clic droit sur ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse.
Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
TUTO :: http://www.malekal.com/Adware.Magic_Control.php

Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
http://siri.urz.free.fr/Fix/SmitfraudFix.php
et télécharge SmitfraudFix.exe.

Regarde le tuto

Exécute le en choisissant l’option 1,
il va générer un rapport
Copie/colle le sur le poste stp.

+++



0
Bonsoir Marie....


désolé du contre temps....

Voici le premier rapport...
je m'attaque au deuxième....

encore merci..
;-)

Search Navipromo version 3.5.7 commencé le 29/04/2008 à 19:28:06,32

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "TEXIER"

Mise à jour le 11.05.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\TEXIER\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\TEXIER\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\TEXIER\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\TEXIER\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\TEXIER\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

C:\WINDOWS\system32\aGhRstwa.ini2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 29/04/2008 à 19:39:49,18 ***
0
Re Marie....


Voici le deuxième rapport avec le deuxième logiciel que tu m'avais demandé.

J'ai oublié de te le mentionner dans le post précedent, il s'agiot bien d'une version XP enregistré, vendu avec l'ordinateur d'origine.

SmitFraudFix v2.323

Rapport fait à 20:08:07,39, 29/04/2008
Executé à partir de C:\Documents and Settings\TEXIER\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Acrobat 4.0\Reader\AcroRd32.exe
C:\APPS\Powercinema\PCM3.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEXIER


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEXIER\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TEXIER\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{23A2062C-58BC-4005-96AD-5B6B097770A8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{470A8C5E-2276-48C7-A4B9-9E333F086696}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23A2062C-58BC-4005-96AD-5B6B097770A8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{470A8C5E-2276-48C7-A4B9-9E333F086696}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{23A2062C-58BC-4005-96AD-5B6B097770A8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{470A8C5E-2276-48C7-A4B9-9E333F086696}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Merci pour le coup de main.
+++


Erwan.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
29 mai 2008 à 20:31
Dis moi !! Cela fait combien de temps que tu n'as pas passer l'aspirateur dans ton PC ??
lol

Via Démarrer / Paramètres / Panneau de config puis Ajout/suppression des programmes , navigue jusqu'a Navilog1 puis clique sur "Supprimer"
1/ Désinstalle Navilog1 Via ajout/suppression des programmes --> Navilog1
Via le fichier uninstall présent dans le dossier %programfiles%\navilog1.1
Ensuite supprime également ce dossier : C:\Program Files\navilog1







Télécharge VundoFix.exe (par Atribune) sur ton Bureau.

http://www.atribune.org/ccount/click.php?id=4

* Double-clique VundoFix.exe afin de le lancer.
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
* Clique sur le bouton Scan for Vundo.
* Lorsque le scan est complété, clique sur le bouton Remove Vundo
* Une invite te demandera si tu veux supprimer les fichiers, clique YES
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
* Démarre ton PC à nouveau.
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt


Télécharge VirtumundoBegone sur le bureau:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse


ainsi qu'un nouveau rapport Hijackthis dans ta prochaine réponse.
0
Aspirateur?
Chui un pro du ménage!!... ;-)


Bon, avec le premier logiciel que tu m'as dit, il me mettait que je n'avais pas d'infections....donc les manips qui ont suivi ont été simplifié..

Et ci joint tu trouveras le rapport du hijackthis :

Merci!!!!...
+++



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:48, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\TEXIER\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=OEM4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31DA64-F3AA-41C6-80D9-8D8BAB009F84} - C:\WINDOWS\system32\awtsRhGa.dll (file missing)
O2 - BHO: QXK Olive - {3C635E4B-AD24-4560-8219-86C85CFBF389} - C:\WINDOWS\boqnrwdmerq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a6a443946b2b4ab7843670d982a93ada
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a6a443946b2b4ab7843670d982a93ada
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
0
Bonsoir Marie,


J'ai recupéré les liens du menu démarrer comme avant, sur le bureau le fond blanc a pu etre ferme, j'ai comme l'impression que ce virus a été éradiqué...??
Et l'ordi rame moins qu'avant...

Juste j'ai lancé le malwarebytes anti malware, et il me dit qu'il y a 1 element infecté....
Voila le rapport qu'il me met.....
Merci beaucoup de cette intervention qui a déja porter ces fruits, et promis je fais un peu de ménage sur l'ordi ensuite... ;-)

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 797

Type de recherche: Examen rapide
Eléments examinés: 50893
Temps écoulé: 14 minute(s), 59 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowNetPlaces (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\Source (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\awttttts.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
30 mai 2008 à 12:50
Salut

J'aurai bien aimé que tu fasses ce que je t'indiques, ................



ainsi qu'un nouveau rapport Hijackthis dans ta prochaine réponse.
0
Bonjour Marie....


Dans le post précédent, (post n°12 ) je t'ai mis le dernier rapport hijackthis.

est ce bein cela que tu voulais?...


Merci..


Erwan.
+++
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
30 mai 2008 à 12:57
Entre temps tu as passé Malwarebytes'
Donc m'en faut un nouveau.

A+
0
Voila, c'ets chose fait...
Le denrier rapport de hijackthis..


Merci .
+++





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:14:12, on 30/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\APPS\Powercinema\PCM3.exe
C:\DOCUME~1\TEXIER\LOCALS~1\Temp\Répertoire temporaire 2 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=OEM4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31DA64-F3AA-41C6-80D9-8D8BAB009F84} - C:\WINDOWS\system32\awtsRhGa.dll (file missing)
O2 - BHO: QXK Olive - {3C635E4B-AD24-4560-8219-86C85CFBF389} - C:\WINDOWS\boqnrwdmerq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a6a443946b2b4ab7843670d982a93ada
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a6a443946b2b4ab7843670d982a93ada
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
31 mai 2008 à 08:48
0
re,


J'ai tout refait comme indiqué...
Voici le log..

;-)
Merci.
+++

Erwan.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:37, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\TEXIER\Mes documents\Mes eBooks\forum trojan\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=OEM4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31DA64-F3AA-41C6-80D9-8D8BAB009F84} - C:\WINDOWS\system32\awtsRhGa.dll (file missing)
O2 - BHO: QXK Olive - {3C635E4B-AD24-4560-8219-86C85CFBF389} - C:\WINDOWS\boqnrwdmerq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a6a443946b2b4ab7843670d982a93ada
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a6a443946b2b4ab7843670d982a93ada
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
0
re,


J'ai tout refait comme indiqué...
Voici le log..

;-)
Merci.
+++

Erwan.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:44:37, on 31/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\slserv.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\TEXIER\Mes documents\Mes eBooks\forum trojan\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=OEM4
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F31DA64-F3AA-41C6-80D9-8D8BAB009F84} - C:\WINDOWS\system32\awtsRhGa.dll (file missing)
O2 - BHO: QXK Olive - {3C635E4B-AD24-4560-8219-86C85CFBF389} - C:\WINDOWS\boqnrwdmerq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SRUUninstall] "C:\WINDOWS\System32\msiexec.exe" /L*v C:\WINDOWS\TEMP\SND532unin.txt /x {6AF90EF6-F7F9-466C-99F4-1774826FBB40} /qn REBOOT=ReallySuppress (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?a6a443946b2b4ab7843670d982a93ada
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?a6a443946b2b4ab7843670d982a93ada
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: SC Test Branding Service 1 - SC Test Branding 1 - C:\Program Files\Fichiers communs\SC Test Branding 1 Shared\Service\SCTestService1.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
1 juin 2008 à 13:05
Re

Relance smitfraudFix option 1
stp
0
Bonjour Marie,

Désolé du temps de réponse, je m'étais absenté, je viens de rentrer...

Je me charge de relancer smitfraudFix option 1 et je te post le contenu...


+++
et merci.


Erwan.
0
Ici le contenu de smitfraudFix option 1 :

SmitFraudFix v2.323

Rapport fait à 9:53:45,65, 09/06/2008
Executé à partir de C:\Documents and Settings\TEXIER\Mes documents\Mes eBooks\forum trojan\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Saitek\Software\SaiSmart.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Apps\Powercinema\PCMService.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\TEXIER\Mes documents\Mes eBooks\forum trojan\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEXIER


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\TEXIER\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TEXIER\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"=""
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{23A2062C-58BC-4005-96AD-5B6B097770A8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{470A8C5E-2276-48C7-A4B9-9E333F086696}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{23A2062C-58BC-4005-96AD-5B6B097770A8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{470A8C5E-2276-48C7-A4B9-9E333F086696}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{23A2062C-58BC-4005-96AD-5B6B097770A8}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{470A8C5E-2276-48C7-A4B9-9E333F086696}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin



Merci.
+++
0
Rebonjour Marie....

depuis mon dernier post ou je te mets le dernier rapport, je n'ai pas reçue ta réponse....
Selon toi, qu'en est il de ces manips?

Et depuis ce matin, gros souci, impossible de redémarrer l'ordi, ca fait l'objet d'un nouveau post que j'ai mis ce matin..
Ca devient un boulet cet ordi!!..lol


merci de ton aide.

+++
0
chefpunky Messages postés 673 Date d'inscription mercredi 21 mai 2008 Statut Membre Dernière intervention 1 décembre 2011 31
5 juin 2008 à 11:35
je veux te dire que c' est spyware doctor qui ta mis ce virus telecharge super anispyware fais un scan et tu le supprime(telecharge le su 01.net)
0