Cheval de troie - Qui peut m'aider ?
kikili29
-
ludsfa Messages postés 1287 Statut Membre -
ludsfa Messages postés 1287 Statut Membre -
Bonjour,
Depuis plusieurs jours déjà je me bats contre un (ou des) virus et surtout un cheval de troie. Je suis très inquiète car je sais que ça peut faire des dégats.
Quelqu'un aurait-il le temps et la gentillesse de se pencher sur mon scan Hijackthis ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:03, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [devenv] "C:\WINDOWS\system\smvss.exe" /w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" /FU "C:\WINDOWS\TEMP\E_S105.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Depuis plusieurs jours déjà je me bats contre un (ou des) virus et surtout un cheval de troie. Je suis très inquiète car je sais que ça peut faire des dégats.
Quelqu'un aurait-il le temps et la gentillesse de se pencher sur mon scan Hijackthis ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:03, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kiwee Toolbar2\1.5.131\kwtbaim.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Norton Security Scan\Nss.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Kiwee Toolbar - {6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [devenv] "C:\WINDOWS\system\smvss.exe" /w
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" /FU "C:\WINDOWS\TEMP\E_S105.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
A voir également:
- Cheval de troie - Qui peut m'aider ?
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Comment se débarrasser d'un cheval de troie - Forum Virus
- Qu'est ce que le cheval au poker - Forum Virus
- Comment eliminer un cheval de troie? ✓ - Forum Virus
19 réponses
Décidement il aura fait des victimes, demarre ton pc en mode sans échec fait un scan avec un anti-spyware (spybot par exemple)
A++
A++
salut à toi
Télécharge ComboFix (de sUBs) sur ton Bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
* Double clique sur ComboFix.exe.
* Accepte la licence en cliquant sur Oui.
* Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Télécharge ComboFix (de sUBs) sur ton Bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
* Double clique sur ComboFix.exe.
* Accepte la licence en cliquant sur Oui.
* Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)
Bonjour Ludsfa,
J'ai des soucis :
Lorsque je fais exécuter ComboFix, il me jette en me disant
"You cannot rename Combofix as Combofix [1]
Please use another name, preferbaly made up of alphanumeric characters".
Que-ce-que je dois faire ?
J'ai des soucis :
Lorsque je fais exécuter ComboFix, il me jette en me disant
"You cannot rename Combofix as Combofix [1]
Please use another name, preferbaly made up of alphanumeric characters".
Que-ce-que je dois faire ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci,
Voici le rapport :
ComboFix 08-07-29.1 - HP_Administrateur 2008-07-30 21:18:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.547 [GMT 2:00]
Endroit: C:\Documents and Settings\Francoise\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Francoise\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrateur\new.txt
C:\Documents and Settings\JULES\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\THOMAS\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\WILLIAM\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\Zumie
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\SZComp5.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.
2008-07-30 20:12 . 2008-07-30 20:12 <REP> d-------- C:\Program Files\Trend Micro
2008-07-30 18:25 . 2008-07-30 18:25 448 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg
2008-07-28 21:42 . 2008-07-28 21:44 <REP> d-------- C:\Program Files\AskSBar
2008-07-28 21:41 . 2008-07-28 22:12 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Azureus
2008-07-28 21:41 . 2008-07-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-28 21:29 . 2008-07-28 22:12 <REP> d-------- C:\Program Files\Vuze
2008-07-26 10:12 . 2008-07-26 10:12 <REP> d-------- C:\Documents and Settings\JULES\Application Data\Webroot
2008-07-20 16:44 . 2008-07-20 16:44 <REP> d-------- C:\Christophe.Willem-Inventaire.2007.By.Cochise
2008-07-20 16:30 . 2008-07-20 16:30 5,430,507 --a------ C:\WINDOWS\system32\hoshinavi.dat
2008-07-20 16:30 . 2008-07-20 16:30 2,859,008 --a------ C:\WINDOWS\system32\hoshinavi.scr
2008-07-20 16:18 . 2008-07-20 16:18 <REP> d-------- C:\WINDOWS\hokusai
2008-07-20 16:18 . 2000-06-08 18:37 283,136 --a------ C:\WINDOWS\hokusai.scr
2008-07-20 14:34 . 2008-07-20 14:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-20 14:31 . 2008-07-29 20:27 <REP> d-------- C:\Documents and Settings\HP_Administrateur\.housecall6.6
2008-07-20 10:30 . 2008-07-20 14:20 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 11:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-19 11:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-19 11:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-19 11:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-19 11:10 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-19 11:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-19 11:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-19 11:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-19 11:06 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 16:27 . 2008-07-13 16:27 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\Webroot
2008-07-08 21:34 . 2008-07-19 11:11 4,222 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 21:32 . 2008-07-08 21:32 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-07 20:33 . 2008-07-07 20:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-07 20:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-07 20:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-07 20:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-07 20:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Program Files\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-07 20:30 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-07 20:21 . 2008-07-11 19:41 164 --a------ C:\install.dat
2008-07-07 17:39 . 2008-07-07 17:39 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-07-07 17:38 . 2008-07-07 19:00 <REP> d-------- C:\Program Files\The Cleaner Free
2008-07-06 18:25 . 2008-07-06 18:25 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\PC Suite
2008-07-06 15:14 . 2008-07-30 20:51 32,416 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-06 15:08 . 2008-07-07 17:58 <REP> d-------- C:\Program Files\MAXpc
2008-07-06 14:53 . 2008-07-30 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-05 19:24 . 2008-07-05 19:24 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia Multimedia Player
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-07-02 19:31 . 2008-07-02 19:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-02 19:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-02 19:29 . 2008-07-02 19:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Suite
2008-07-02 19:28 . 2008-07-28 11:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\DIFX
2008-07-02 19:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-02 19:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-02 19:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-02 19:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-02 19:26 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Nokia
2008-07-02 19:25 . 2008-07-02 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-25 12:11 . 2008-06-25 12:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung
2008-06-25 11:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-25 11:46 . 2008-06-25 12:06 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-25 11:42 . 2008-06-25 11:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-25 11:42 . 2008-06-25 11:42 <REP> d-------- C:\Program Files\Samsung
2008-06-25 11:42 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-06-25 11:42 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-06-25 11:42 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-06-25 11:42 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-22 17:49 . 2008-06-22 17:49 <REP> d-------- C:\Program Files\Sun
2008-06-21 14:28 . 2008-06-21 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 14:27 . 2008-06-21 14:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 18:48 . 2008-06-14 18:48 <REP> d-------- C:\Program Files\Kiwee Toolbar2
2008-06-14 18:48 . 2008-07-22 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-30 16:33 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-30 16:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-29 21:15 --------- d-----w C:\Program Files\eMule
2008-07-29 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-20 14:25 --------- d-----w C:\Program Files\Java
2008-07-19 09:52 1,100 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 12:53 --------- d-----w C:\Program Files\STOPzilla!
2008-06-25 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 15:37 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Lavasoft
2008-06-22 15:36 --------- d-----w C:\Program Files\Lavasoft
2008-06-21 12:38 --------- d-----w C:\Program Files\Mindscape
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 16:39 --------- d-----w C:\Program Files\Dofus
2008-06-07 18:53 78,168 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-05-25 16:02 11,970 ----a-w C:\WINDOWS\Fonts\sevenmonkeyfury.zip
2008-05-25 15:56 23,177 ----a-w C:\WINDOWS\Fonts\babykruffy.zip
2008-05-25 15:44 66,934 ----a-w C:\WINDOWS\Fonts\waltdisney.zip
2008-05-25 15:41 26,520 ----a-w C:\WINDOWS\Fonts\Coca cola.zip
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-12 15:14 274 -c--a-w C:\Documents and Settings\THOMAS\Application Data\wklnhst.dat
2008-01-02 11:56 64,816 -c--a-w C:\Documents and Settings\THOMAS\Application Data\GDIPFONTCACHEV1.DAT
2007-05-26 17:01 267,032 -c--a-w C:\Program Files\DesktopManager-0.5.3.dmg
2007-03-31 12:02 2,624,376 -c--a-w C:\Program Files\sandisk_firmware_sansa_e2xx_m2xx_c2xx_01.02.15a_3720.exe
2007-03-30 19:04 134 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2006-11-19 18:21 302 -c--a-w C:\Documents and Settings\Francoise\Application Data\wklnhst.dat
2006-10-29 09:08 81,920 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe
2006-10-29 09:08 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys
2006-11-01 13:53 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-28 21:44 66912]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-28 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 22:45 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 20:30 139264]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 10:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"HPHUPD05"="C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 00:12 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 13:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\THOMAS\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\WILLIAM\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\Francoise\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\JULES\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\Philippe\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
PC TimeWatch Tray Icon.lnk - C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe [2006-10-14 13:51:06 553984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-05-13 10:03]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 13:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 PTWsvc;PCTimeWatch;C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2007-08-13 01:10]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36]
R3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 18:07]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
*Newly Created Service* - CATCHME
*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-30 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-01-07 06:26]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\","D:\","E:\","F:\","G:\","H:\","I:\","J:\","K:\","L:\" []
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
C:\WINDOWS\Downloaded Program Files\OSDED4D.OSD
C:\WINDOWS\Downloaded Program Files\InstallerControl.dll
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
O16 -: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - hxxp://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 21:28:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Temps d'accomplissement: 2008-07-30 21:30:37
ComboFix-quarantined-files.txt 2008-07-30 19:30:26
Pre-Run: 39,554,228,224 octets libres
Post-Run: 43,074,166,784 octets libres
345 --- E O F --- 2008-07-22 01:12:36
Voici le rapport :
ComboFix 08-07-29.1 - HP_Administrateur 2008-07-30 21:18:12.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.547 [GMT 2:00]
Endroit: C:\Documents and Settings\Francoise\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Francoise\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\HP_Administrateur\new.txt
C:\Documents and Settings\JULES\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Philippe\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\THOMAS\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\WILLIAM\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\Zumie
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\SZComp5.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.
2008-07-30 20:12 . 2008-07-30 20:12 <REP> d-------- C:\Program Files\Trend Micro
2008-07-30 18:25 . 2008-07-30 18:25 448 --a------ C:\WINDOWS\system32\drivers\kgpfr2.cfg
2008-07-28 21:42 . 2008-07-28 21:44 <REP> d-------- C:\Program Files\AskSBar
2008-07-28 21:41 . 2008-07-28 22:12 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Azureus
2008-07-28 21:41 . 2008-07-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-28 21:29 . 2008-07-28 22:12 <REP> d-------- C:\Program Files\Vuze
2008-07-26 10:12 . 2008-07-26 10:12 <REP> d-------- C:\Documents and Settings\JULES\Application Data\Webroot
2008-07-20 16:44 . 2008-07-20 16:44 <REP> d-------- C:\Christophe.Willem-Inventaire.2007.By.Cochise
2008-07-20 16:30 . 2008-07-20 16:30 5,430,507 --a------ C:\WINDOWS\system32\hoshinavi.dat
2008-07-20 16:30 . 2008-07-20 16:30 2,859,008 --a------ C:\WINDOWS\system32\hoshinavi.scr
2008-07-20 16:18 . 2008-07-20 16:18 <REP> d-------- C:\WINDOWS\hokusai
2008-07-20 16:18 . 2000-06-08 18:37 283,136 --a------ C:\WINDOWS\hokusai.scr
2008-07-20 14:34 . 2008-07-20 14:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-20 14:31 . 2008-07-29 20:27 <REP> d-------- C:\Documents and Settings\HP_Administrateur\.housecall6.6
2008-07-20 10:30 . 2008-07-20 14:20 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 11:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-19 11:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-19 11:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-19 11:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-19 11:10 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-19 11:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-19 11:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-19 11:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-19 11:06 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 16:27 . 2008-07-13 16:27 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\Webroot
2008-07-08 21:34 . 2008-07-19 11:11 4,222 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 21:32 . 2008-07-08 21:32 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-07 20:33 . 2008-07-07 20:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-07 20:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-07 20:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-07 20:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-07 20:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Program Files\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-07 20:30 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-07 20:21 . 2008-07-11 19:41 164 --a------ C:\install.dat
2008-07-07 17:39 . 2008-07-07 17:39 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-07-07 17:38 . 2008-07-07 19:00 <REP> d-------- C:\Program Files\The Cleaner Free
2008-07-06 18:25 . 2008-07-06 18:25 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\PC Suite
2008-07-06 15:14 . 2008-07-30 20:51 32,416 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-06 15:08 . 2008-07-07 17:58 <REP> d-------- C:\Program Files\MAXpc
2008-07-06 14:53 . 2008-07-30 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-05 19:24 . 2008-07-05 19:24 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia Multimedia Player
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-07-02 19:31 . 2008-07-02 19:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-02 19:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-02 19:29 . 2008-07-02 19:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Suite
2008-07-02 19:28 . 2008-07-28 11:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\DIFX
2008-07-02 19:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-02 19:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-02 19:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-02 19:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-02 19:26 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Nokia
2008-07-02 19:25 . 2008-07-02 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-25 12:11 . 2008-06-25 12:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung
2008-06-25 11:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-25 11:46 . 2008-06-25 12:06 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-25 11:42 . 2008-06-25 11:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-25 11:42 . 2008-06-25 11:42 <REP> d-------- C:\Program Files\Samsung
2008-06-25 11:42 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-06-25 11:42 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-06-25 11:42 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-06-25 11:42 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-22 17:49 . 2008-06-22 17:49 <REP> d-------- C:\Program Files\Sun
2008-06-21 14:28 . 2008-06-21 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 14:27 . 2008-06-21 14:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 18:48 . 2008-06-14 18:48 <REP> d-------- C:\Program Files\Kiwee Toolbar2
2008-06-14 18:48 . 2008-07-22 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-30 16:33 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-30 16:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-29 21:15 --------- d-----w C:\Program Files\eMule
2008-07-29 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-20 14:25 --------- d-----w C:\Program Files\Java
2008-07-19 09:52 1,100 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 12:53 --------- d-----w C:\Program Files\STOPzilla!
2008-06-25 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 15:37 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Lavasoft
2008-06-22 15:36 --------- d-----w C:\Program Files\Lavasoft
2008-06-21 12:38 --------- d-----w C:\Program Files\Mindscape
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-17 16:39 --------- d-----w C:\Program Files\Dofus
2008-06-07 18:53 78,168 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-05-25 16:02 11,970 ----a-w C:\WINDOWS\Fonts\sevenmonkeyfury.zip
2008-05-25 15:56 23,177 ----a-w C:\WINDOWS\Fonts\babykruffy.zip
2008-05-25 15:44 66,934 ----a-w C:\WINDOWS\Fonts\waltdisney.zip
2008-05-25 15:41 26,520 ----a-w C:\WINDOWS\Fonts\Coca cola.zip
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-12 15:14 274 -c--a-w C:\Documents and Settings\THOMAS\Application Data\wklnhst.dat
2008-01-02 11:56 64,816 -c--a-w C:\Documents and Settings\THOMAS\Application Data\GDIPFONTCACHEV1.DAT
2007-05-26 17:01 267,032 -c--a-w C:\Program Files\DesktopManager-0.5.3.dmg
2007-03-31 12:02 2,624,376 -c--a-w C:\Program Files\sandisk_firmware_sansa_e2xx_m2xx_c2xx_01.02.15a_3720.exe
2007-03-30 19:04 134 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2006-11-19 18:21 302 -c--a-w C:\Documents and Settings\Francoise\Application Data\wklnhst.dat
2006-10-29 09:08 81,920 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe
2006-10-29 09:08 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys
2006-11-01 13:53 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-07-28 21:44 66912]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-28 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 22:45 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 20:30 139264]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 10:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"HPHUPD05"="C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 00:12 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 13:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\THOMAS\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\WILLIAM\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\Francoise\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\JULES\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\Philippe\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-01-02 23:33:32 27136]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 19:40:44 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
PC TimeWatch Tray Icon.lnk - C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe [2006-10-14 13:51:06 553984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-05-13 10:03]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 13:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 PTWsvc;PCTimeWatch;C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2007-08-13 01:10]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36]
R3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 18:07]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
*Newly Created Service* - CATCHME
*Newly Created Service* - ERASERUTILDRV10741
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-30 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-01-07 06:26]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\","D:\","E:\","F:\","G:\","H:\","I:\","J:\","K:\","L:\" []
.
- - - - ORPHANS REMOVED - - - -
Toolbar-SITEguard - (no file)
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Search Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=63&bd=PAVILION&pf=desktop
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
C:\WINDOWS\Downloaded Program Files\OSDED4D.OSD
C:\WINDOWS\Downloaded Program Files\InstallerControl.dll
O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx
O16 -: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - hxxp://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\telechargement-photoweb.ocx
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 21:28:06
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Temps d'accomplissement: 2008-07-30 21:30:37
ComboFix-quarantined-files.txt 2008-07-30 19:30:26
Pre-Run: 39,554,228,224 octets libres
Post-Run: 43,074,166,784 octets libres
345 --- E O F --- 2008-07-22 01:12:36
salut,
télécharge MalwareByte's Anti-Malware sur ton bureau.
* Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
télécharge MalwareByte's Anti-Malware sur ton bureau.
* Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
* Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
* Afin de lancer la recherche, clic sur"Rechercher".
* Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
Ludsfa,
Ci-après le rapport MalwareBytes Anti-Malware
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1010
Windows 5.1.2600 Service Pack 2
22:54:27 30/07/2008
mbam-log-7-30-2008 (22-54-27).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 183451
Temps écoulé: 29 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Fonts\babykruffy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Coca cola.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sevenmonkeyfury.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\waltdisney.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
Je fais les actions du post suivant.
Merci de votre aide.
Je reviendrai demain, peut-être qu'on pourra continuer...
Ci-après le rapport MalwareBytes Anti-Malware
Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1010
Windows 5.1.2600 Service Pack 2
22:54:27 30/07/2008
mbam-log-7-30-2008 (22-54-27).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 183451
Temps écoulé: 29 minute(s), 54 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Fonts\babykruffy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\Coca cola.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\sevenmonkeyfury.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\waltdisney.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
Je fais les actions du post suivant.
Merci de votre aide.
Je reviendrai demain, peut-être qu'on pourra continuer...
re ,
ensuite tu fais ça:
Sélectionne l'intégralité du texte ci dessous:
folder::
C:\Program Files\AskSBar
C:\Program Files\Kiwee Toolbar2
registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-28 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
* Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
* Enregistre le sous sur ton bureau sous le nom de CFScript.txt
* Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
* Cela va relancer Combofix.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
ensuite tu fais ça:
Sélectionne l'intégralité du texte ci dessous:
folder::
C:\Program Files\AskSBar
C:\Program Files\Kiwee Toolbar2
registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"=-
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-07-28 21:44 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}]
2008-04-03 10:52 265360 --a------ C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6638A9DE-0745-4292-8A2E-AE530E7B9B3F}"= "C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeIEToolbar.dll" [2008-04-03 10:52 265360]
[HKEY_CLASSES_ROOT\clsid\{6638a9de-0745-4292-8a2e-ae530e7b9b3f}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{259EEB17-79AA-44DF-8410-8E55F82A902A}]
[HKEY_CLASSES_ROOT\KiweeIEToolbar.KiweeToolbar]
* Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
* Enregistre le sous sur ton bureau sous le nom de CFScript.txt
* Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif
* Cela va relancer Combofix.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Et voici le rapport Combofix.
ComboFix 08-07-29.1 - HP_Administrateur 2008-07-30 23:18:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.416 [GMT 2:00]
Endroit: C:\Documents and Settings\Francoise\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AskSBar
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.
2008-07-30 22:17 . 2008-07-30 22:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 22:17 . 2008-07-30 22:17 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-07-30 22:17 . 2008-07-30 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 22:17 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 22:17 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:15 . 2008-07-30 22:15 1,845,456 --a------ C:\Program Files\mbam-setup.exe
2008-07-30 20:12 . 2008-07-30 20:12 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 21:41 . 2008-07-28 22:12 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Azureus
2008-07-28 21:41 . 2008-07-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-28 21:29 . 2008-07-28 22:12 <REP> d-------- C:\Program Files\Vuze
2008-07-26 10:12 . 2008-07-26 10:12 <REP> d-------- C:\Documents and Settings\JULES\Application Data\Webroot
2008-07-20 16:44 . 2008-07-20 16:44 <REP> d-------- C:\Christophe.Willem-Inventaire.2007.By.Cochise
2008-07-20 16:30 . 2008-07-20 16:30 5,430,507 --a------ C:\WINDOWS\system32\hoshinavi.dat
2008-07-20 16:30 . 2008-07-20 16:30 2,859,008 --a------ C:\WINDOWS\system32\hoshinavi.scr
2008-07-20 16:18 . 2008-07-20 16:18 <REP> d-------- C:\WINDOWS\hokusai
2008-07-20 16:18 . 2000-06-08 18:37 283,136 --a------ C:\WINDOWS\hokusai.scr
2008-07-20 14:34 . 2008-07-20 14:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-20 14:31 . 2008-07-29 20:27 <REP> d-------- C:\Documents and Settings\HP_Administrateur\.housecall6.6
2008-07-20 10:30 . 2008-07-20 14:20 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 11:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-19 11:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-19 11:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-19 11:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-19 11:10 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-19 11:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-19 11:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-19 11:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-19 11:06 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 16:27 . 2008-07-13 16:27 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\Webroot
2008-07-08 21:34 . 2008-07-19 11:11 4,222 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 21:32 . 2008-07-08 21:32 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-07 20:33 . 2008-07-07 20:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-07 20:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-07 20:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-07 20:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-07 20:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Program Files\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-07 20:30 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-07 20:21 . 2008-07-11 19:41 164 --a------ C:\install.dat
2008-07-07 17:39 . 2008-07-07 17:39 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-07-07 17:38 . 2008-07-07 19:00 <REP> d-------- C:\Program Files\The Cleaner Free
2008-07-06 18:25 . 2008-07-06 18:25 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\PC Suite
2008-07-06 15:14 . 2008-07-30 20:51 32,416 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-06 15:08 . 2008-07-07 17:58 <REP> d-------- C:\Program Files\MAXpc
2008-07-06 14:53 . 2008-07-30 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-05 19:24 . 2008-07-05 19:24 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia Multimedia Player
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-07-02 19:31 . 2008-07-02 19:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-02 19:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-02 19:29 . 2008-07-02 19:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Suite
2008-07-02 19:28 . 2008-07-28 11:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\DIFX
2008-07-02 19:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-02 19:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-02 19:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-02 19:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-02 19:26 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Nokia
2008-07-02 19:25 . 2008-07-02 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-25 12:11 . 2008-06-25 12:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung
2008-06-25 11:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-25 11:46 . 2008-06-25 12:06 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-25 11:42 . 2008-06-25 11:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-25 11:42 . 2008-06-25 11:42 <REP> d-------- C:\Program Files\Samsung
2008-06-25 11:42 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-06-25 11:42 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-06-25 11:42 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-06-25 11:42 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-22 17:49 . 2008-06-22 17:49 <REP> d-------- C:\Program Files\Sun
2008-06-21 14:28 . 2008-06-21 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 14:27 . 2008-06-21 14:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 18:48 . 2008-07-22 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-30 20:22 1,265 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-30 16:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-29 21:15 --------- d-----w C:\Program Files\eMule
2008-07-29 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-20 14:25 --------- d-----w C:\Program Files\Java
2008-07-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 12:53 --------- d-----w C:\Program Files\STOPzilla!
2008-06-25 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 15:37 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Lavasoft
2008-06-22 15:36 --------- d-----w C:\Program Files\Lavasoft
2008-06-21 12:38 --------- d-----w C:\Program Files\Mindscape
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 16:39 --------- d-----w C:\Program Files\Dofus
2008-06-07 18:53 78,168 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-03-12 15:14 274 -c--a-w C:\Documents and Settings\THOMAS\Application Data\wklnhst.dat
2008-01-02 11:56 64,816 -c--a-w C:\Documents and Settings\THOMAS\Application Data\GDIPFONTCACHEV1.DAT
2007-05-26 17:01 267,032 -c--a-w C:\Program Files\DesktopManager-0.5.3.dmg
2007-03-31 12:02 2,624,376 -c--a-w C:\Program Files\sandisk_firmware_sansa_e2xx_m2xx_c2xx_01.02.15a_3720.exe
2007-03-30 19:04 134 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2006-11-19 18:21 302 -c--a-w C:\Documents and Settings\Francoise\Application Data\wklnhst.dat
2006-10-29 09:08 81,920 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe
2006-10-29 09:08 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys
2006-11-01 13:53 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-30_21.29.17.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-30 21:28:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 22:45 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 20:30 139264]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 10:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
"HPHUPD05"="C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 00:12 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 13:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-05-13 10:03]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 13:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 PTWsvc;PCTimeWatch;C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2007-08-13 01:10]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36]
R3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 18:07]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-30 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-01-07 06:26]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\","D:\","E:\","F:\","G:\","H:\","I:\","J:\","K:\","L:\" []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 23:30:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-30 23:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 21:37:03
ComboFix2.txt 2008-07-30 19:30:40
Pre-Run: 43,308,478,464 octets libres
Post-Run: 43,305,443,328 octets libres
304 --- E O F --- 2008-07-22 01:12:36
A demain, j'espère.
ComboFix 08-07-29.1 - HP_Administrateur 2008-07-30 23:18:12.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.416 [GMT 2:00]
Endroit: C:\Documents and Settings\Francoise\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AskSBar
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
C:\Program Files\Kiwee Toolbar2
C:\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll
C:\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.
2008-07-30 22:17 . 2008-07-30 22:17 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 22:17 . 2008-07-30 22:17 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes
2008-07-30 22:17 . 2008-07-30 22:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 22:17 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 22:17 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 22:15 . 2008-07-30 22:15 1,845,456 --a------ C:\Program Files\mbam-setup.exe
2008-07-30 20:12 . 2008-07-30 20:12 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 21:41 . 2008-07-28 22:12 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Azureus
2008-07-28 21:41 . 2008-07-28 21:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-28 21:29 . 2008-07-28 22:12 <REP> d-------- C:\Program Files\Vuze
2008-07-26 10:12 . 2008-07-26 10:12 <REP> d-------- C:\Documents and Settings\JULES\Application Data\Webroot
2008-07-20 16:44 . 2008-07-20 16:44 <REP> d-------- C:\Christophe.Willem-Inventaire.2007.By.Cochise
2008-07-20 16:30 . 2008-07-20 16:30 5,430,507 --a------ C:\WINDOWS\system32\hoshinavi.dat
2008-07-20 16:30 . 2008-07-20 16:30 2,859,008 --a------ C:\WINDOWS\system32\hoshinavi.scr
2008-07-20 16:18 . 2008-07-20 16:18 <REP> d-------- C:\WINDOWS\hokusai
2008-07-20 16:18 . 2000-06-08 18:37 283,136 --a------ C:\WINDOWS\hokusai.scr
2008-07-20 14:34 . 2008-07-20 14:32 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-20 14:31 . 2008-07-29 20:27 <REP> d-------- C:\Documents and Settings\HP_Administrateur\.housecall6.6
2008-07-20 10:30 . 2008-07-20 14:20 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-19 11:10 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-19 11:10 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-19 11:10 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-19 11:10 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-19 11:10 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-19 11:10 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-19 11:10 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-19 11:10 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-19 11:06 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-13 16:27 . 2008-07-13 16:27 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\Webroot
2008-07-08 21:34 . 2008-07-19 11:11 4,222 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-08 21:32 . 2008-07-08 21:32 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-07 20:33 . 2008-07-07 20:33 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-07 20:32 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-07 20:32 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2008-07-07 20:32 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-07 20:32 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Program Files\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Webroot
2008-07-07 20:30 . 2008-07-07 20:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-07 20:30 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-07 20:21 . 2008-07-11 19:41 164 --a------ C:\install.dat
2008-07-07 17:39 . 2008-07-07 17:39 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-07-07 17:38 . 2008-07-07 19:00 <REP> d-------- C:\Program Files\The Cleaner Free
2008-07-06 18:25 . 2008-07-06 18:25 <REP> d-------- C:\Documents and Settings\WILLIAM\Application Data\PC Suite
2008-07-06 15:14 . 2008-07-30 20:51 32,416 --a------ C:\WINDOWS\system32\drivers\kgpcpy.cfg
2008-07-06 15:08 . 2008-07-07 17:58 <REP> d-------- C:\Program Files\MAXpc
2008-07-06 14:53 . 2008-07-30 20:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-07-05 19:24 . 2008-07-05 19:24 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia Multimedia Player
2008-07-03 15:41 . 2008-07-03 15:41 258,048 -ra------ C:\WINDOWS\system32\SZBase5.dll
2008-07-02 19:31 . 2008-07-02 19:31 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-07-02 19:29 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-07-02 19:29 . 2008-07-02 19:29 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\PC Suite
2008-07-02 19:28 . 2008-07-28 11:20 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Nokia
2008-07-02 19:28 . 2008-07-02 19:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\PC Connectivity Solution
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\PCSuite
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Fichiers communs\Nokia
2008-07-02 19:27 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\DIFX
2008-07-02 19:27 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-02 19:27 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-07-02 19:27 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-02 19:27 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-02 19:27 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-02 19:26 . 2008-07-02 19:27 <REP> d-------- C:\Program Files\Nokia
2008-07-02 19:25 . 2008-07-02 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-06-26 10:56 . 2008-06-26 10:56 364,544 -ra------ C:\WINDOWS\system32\IS3DBA5.dll
2008-06-26 10:56 . 2008-06-26 10:56 126,976 -ra------ C:\WINDOWS\system32\IS3HTUI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 372,736 -ra------ C:\WINDOWS\system32\IS3UI5.dll
2008-06-26 10:55 . 2008-06-26 10:55 61,440 -ra------ C:\WINDOWS\system32\IS3Hks5.dll
2008-06-26 10:55 . 2008-06-26 10:55 23,040 -ra------ C:\WINDOWS\system32\IS3XDat5.dll
2008-06-26 10:54 . 2008-06-26 10:54 196,608 -ra------ C:\WINDOWS\system32\IS3Win325.dll
2008-06-26 10:54 . 2008-06-26 10:54 94,208 -ra------ C:\WINDOWS\system32\IS3Inet5.dll
2008-06-26 10:54 . 2008-06-26 10:54 90,112 -ra------ C:\WINDOWS\system32\IS3Svc5.dll
2008-06-26 10:50 . 2008-06-26 10:50 708,608 -ra------ C:\WINDOWS\system32\IS3Base5.dll
2008-06-25 12:11 . 2008-06-25 12:11 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Samsung
2008-06-25 11:46 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-06-25 11:46 . 2008-06-25 12:06 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-06-25 11:42 . 2008-06-25 11:46 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-06-25 11:42 . 2008-06-25 11:42 <REP> d-------- C:\Program Files\Samsung
2008-06-25 11:42 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-06-25 11:42 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-06-25 11:42 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-06-25 11:42 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-06-25 11:42 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-06-25 11:42 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-06-22 17:49 . 2008-06-22 17:49 <REP> d-------- C:\Program Files\Sun
2008-06-21 14:28 . 2008-06-21 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-21 14:27 . 2008-06-21 14:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-14 18:48 . 2008-07-22 18:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 14:07 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 21:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-07-30 20:22 1,265 -c--a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-07-30 16:09 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-30 16:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-07-29 21:15 --------- d-----w C:\Program Files\eMule
2008-07-29 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-20 14:25 --------- d-----w C:\Program Files\Java
2008-07-07 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 12:53 --------- d-----w C:\Program Files\STOPzilla!
2008-06-25 09:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-22 15:37 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Lavasoft
2008-06-22 15:36 --------- d-----w C:\Program Files\Lavasoft
2008-06-21 12:38 --------- d-----w C:\Program Files\Mindscape
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 16:39 --------- d-----w C:\Program Files\Dofus
2008-06-07 18:53 78,168 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-03-12 15:14 274 -c--a-w C:\Documents and Settings\THOMAS\Application Data\wklnhst.dat
2008-01-02 11:56 64,816 -c--a-w C:\Documents and Settings\THOMAS\Application Data\GDIPFONTCACHEV1.DAT
2007-05-26 17:01 267,032 -c--a-w C:\Program Files\DesktopManager-0.5.3.dmg
2007-03-31 12:02 2,624,376 -c--a-w C:\Program Files\sandisk_firmware_sansa_e2xx_m2xx_c2xx_01.02.15a_3720.exe
2007-03-30 19:04 134 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2006-11-19 18:21 302 -c--a-w C:\Documents and Settings\Francoise\Application Data\wklnhst.dat
2006-10-29 09:08 81,920 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe
2006-10-29 09:08 47,360 -c--a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys
2006-11-01 13:53 22 -csha-w C:\WINDOWS\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-30_21.29.17.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-30 21:28:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_780.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]
"EPSON Stylus DX4000 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" [2006-09-21 05:01 139264]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-30 22:45 68856]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 20:30 139264]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 10:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 23:34 249856]
"HPHUPD05"="C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2006-01-07 06:26 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2006-01-07 06:26 491520]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44 61440]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 00:50 221184]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-01-03 00:12 180269]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-19 13:26 7700480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 07:24 286720]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 13:54 16010240 C:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2007-04-19 13:26 1626112 C:\WINDOWS\system32\nwiz.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\WINDOWS\\system32\\svchost.exe"=
"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R0 szkg5;szkg5;C:\WINDOWS\system32\drivers\szkg.sys [2008-05-13 10:03]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 13:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 13:02]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 PTWsvc;PCTimeWatch;C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe [2007-08-13 01:10]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-12 05:36]
R3 PTWDrv;PTW - Process monitoring driver;C:\Program Files\MainSoft\PC TimeWatch\PTWatch.sys [2003-10-20 18:07]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt [2005-08-18 00:00]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-07-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-30 C:\WINDOWS\Tasks\HP Usg Daily.job
- C:\Program Files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2006-01-07 06:26]
2008-07-30 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08]
2008-07-27 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2007-09-01 C:\WINDOWS\Tasks\Uniblue SpyEraser.job
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe []
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-01-04 20:56]
2008-07-28 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
- C:\","D:\","E:\","F:\","G:\","H:\","I:\","J:\","K:\","L:\" []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 23:30:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-30 23:37:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 21:37:03
ComboFix2.txt 2008-07-30 19:30:40
Pre-Run: 43,308,478,464 octets libres
Post-Run: 43,305,443,328 octets libres
304 --- E O F --- 2008-07-22 01:12:36
A demain, j'espère.
Bonjour Ludsfa,
Me revoilà. Voici le rapport Hijackthis que tu m'as demandé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:48, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" /FU "C:\WINDOWS\TEMP\E_S105.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Me revoilà. Voici le rapport Hijackthis que tu m'as demandé !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:48, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] "rundll32.exe" ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HPHUPD05] "C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE" /FU "C:\WINDOWS\TEMP\E_S105.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC TimeWatch Tray Icon.lnk = C:\Program Files\MainSoft\PC TimeWatch\PctwTI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\fichiers communs\is3\anti-spyware\is3lsp.dll
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/fr/TSEasyInstallX.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PCTimeWatch (PTWsvc) - MainSoft - C:\Program Files\MainSoft\PC TimeWatch\PTWsvc.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\Sandisk\Sansa Updater\SansaSvr.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Fichiers communs\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
salut,
Désinstalle via Ajout/Suppression de Programmes (si présents) :
* Avast!
Télécharge et exécute : https://www.avast.com/uninstall-utility
Télécharge CCleaner sur ton Bureau.
* Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
* Lance le Nettoyage
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner:
http://www.infos-du-net.com/forum/272336-7-Ccleaner-under-construction
***************
Télécharge AntiVir Personalsur ton Bureau.
* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* A la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu'il soit bien à jour !
* Dans l'onglet Local Protection, choisis Scanner.
* Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir:
http://forum.malekal.com/ftopic3528.php
Aide : Comment installer et utiliser AntiVir:
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Désinstalle via Ajout/Suppression de Programmes (si présents) :
* Avast!
Télécharge et exécute : https://www.avast.com/uninstall-utility
Télécharge CCleaner sur ton Bureau.
* Installe-le en laissant seulement les options suivantes cochées :
- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner
* Lance le Nettoyage
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.
Aide : Comment utiliser CCleaner:
http://www.infos-du-net.com/forum/272336-7-Ccleaner-under-construction
***************
Télécharge AntiVir Personalsur ton Bureau.
* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* A la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu'il soit bien à jour !
* Dans l'onglet Local Protection, choisis Scanner.
* Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..
Note : Pour une éradication des menaces plus efficaces, lance le scan en mode sans échec.
Pourquoi changer ? Avast vs Antivir:
http://forum.malekal.com/ftopic3528.php
Aide : Comment installer et utiliser AntiVir:
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Et voici le rapport antivir :
Avira AntiVir Personal
Report file date: vendredi 1 août 2008 09:25
Scanning for 1523914 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 07:14:45
ANTIVIR3.VDF : 7.0.5.201 214016 Bytes 01/08/2008 07:14:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 01/08/2008 07:15:36
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 07:15:30
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 01/08/2008 07:15:24
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 01/08/2008 07:15:18
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 01/08/2008 07:15:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 01/08/2008 07:15:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 07:14:59
AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 07:14:53
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 07:14:46
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, H:, I:, J:, K:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 août 2008 09:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was deleted!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '4906c75c.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e6cd53.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4909cde4.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4900ce25.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f5ce21.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\' <CNTCD1_2002>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\'
Search path L:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: vendredi 1 août 2008 11:06
Used time: 1:41:07 Hour(s)
The scan has been done completely.
11002 Scanning directories
698831 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
698823 Files not concerned
17528 Archives were scanned
6 Warnings
6 Notes
Avira AntiVir Personal
Report file date: vendredi 1 août 2008 09:25
Scanning for 1523914 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 07:14:45
ANTIVIR3.VDF : 7.0.5.201 214016 Bytes 01/08/2008 07:14:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 01/08/2008 07:15:36
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 07:15:30
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 01/08/2008 07:15:24
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 01/08/2008 07:15:18
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 01/08/2008 07:15:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 01/08/2008 07:15:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 07:14:59
AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 07:14:53
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 07:14:46
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, H:, I:, J:, K:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 août 2008 09:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was deleted!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '4906c75c.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e6cd53.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4909cde4.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4900ce25.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f5ce21.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\' <CNTCD1_2002>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\'
Search path L:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: vendredi 1 août 2008 11:06
Used time: 1:41:07 Hour(s)
The scan has been done completely.
11002 Scanning directories
698831 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
698823 Files not concerned
17528 Archives were scanned
6 Warnings
6 Notes
Et voici le rapport antivir :
Avira AntiVir Personal
Report file date: vendredi 1 août 2008 09:25
Scanning for 1523914 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 07:14:45
ANTIVIR3.VDF : 7.0.5.201 214016 Bytes 01/08/2008 07:14:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 01/08/2008 07:15:36
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 07:15:30
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 01/08/2008 07:15:24
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 01/08/2008 07:15:18
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 01/08/2008 07:15:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 01/08/2008 07:15:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 07:14:59
AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 07:14:53
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 07:14:46
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, H:, I:, J:, K:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 août 2008 09:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was deleted!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '4906c75c.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e6cd53.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4909cde4.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4900ce25.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f5ce21.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\' <CNTCD1_2002>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\'
Search path L:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: vendredi 1 août 2008 11:06
Used time: 1:41:07 Hour(s)
The scan has been done completely.
11002 Scanning directories
698831 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
698823 Files not concerned
17528 Archives were scanned
6 Warnings
6 Notes
Avira AntiVir Personal
Report file date: vendredi 1 août 2008 09:25
Scanning for 1523914 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 07:14:45
ANTIVIR3.VDF : 7.0.5.201 214016 Bytes 01/08/2008 07:14:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 01/08/2008 07:15:36
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 07:15:30
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 01/08/2008 07:15:24
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 01/08/2008 07:15:18
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 01/08/2008 07:15:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 01/08/2008 07:15:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 07:14:59
AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 07:14:53
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 07:14:46
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, H:, I:, J:, K:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 août 2008 09:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was deleted!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '4906c75c.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e6cd53.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4909cde4.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4900ce25.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f5ce21.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\' <CNTCD1_2002>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\'
Search path L:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: vendredi 1 août 2008 11:06
Used time: 1:41:07 Hour(s)
The scan has been done completely.
11002 Scanning directories
698831 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
698823 Files not concerned
17528 Archives were scanned
6 Warnings
6 Notes
Et voici le rapport antivir :
Avira AntiVir Personal
Report file date: vendredi 1 août 2008 09:25
Scanning for 1523914 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 07:14:45
ANTIVIR3.VDF : 7.0.5.201 214016 Bytes 01/08/2008 07:14:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 01/08/2008 07:15:36
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 07:15:30
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 01/08/2008 07:15:24
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 01/08/2008 07:15:18
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 01/08/2008 07:15:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 01/08/2008 07:15:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 07:14:59
AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 07:14:53
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 07:14:46
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, H:, I:, J:, K:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 août 2008 09:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was deleted!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '4906c75c.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e6cd53.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4909cde4.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4900ce25.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f5ce21.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\' <CNTCD1_2002>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\'
Search path L:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: vendredi 1 août 2008 11:06
Used time: 1:41:07 Hour(s)
The scan has been done completely.
11002 Scanning directories
698831 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
698823 Files not concerned
17528 Archives were scanned
6 Warnings
6 Notes
Avira AntiVir Personal
Report file date: vendredi 1 août 2008 09:25
Scanning for 1523914 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Administrateur
Computer name: NOM-FB9B15D2723
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 07:14:45
ANTIVIR3.VDF : 7.0.5.201 214016 Bytes 01/08/2008 07:14:46
Engineversion : 8.1.1.15
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.61 311675 Bytes 01/08/2008 07:15:36
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 07:15:30
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 01/08/2008 07:15:24
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 01/08/2008 07:15:18
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 01/08/2008 07:15:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.32 315765 Bytes 01/08/2008 07:15:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 07:14:59
AECORE.DLL : 8.1.1.8 172406 Bytes 01/08/2008 07:14:53
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 07:14:46
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, H:, I:, J:, K:, L:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 1 août 2008 09:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was deleted!
C:\Program Files\Alcohol Soft\Alcohol 120\betamasterpatch\Alcohol 120% 1.9.5.3105 Retail Patch - BetaMaster\patch_3105.exe.BAK
[DETECTION] Is the TR/Agent.69632.O Trojan
[NOTE] The file was moved to '4906c75c.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\AGTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48e6cd53.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\KiweeTBCore.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4909cde4.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\MsnIMToolbar.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4900ce25.qua'!
C:\QooBox\Quarantine\C\Program Files\Kiwee Toolbar2\1.5.131\Riched20.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48f5ce21.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\' <CNTCD1_2002>
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\'
Search path L:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: vendredi 1 août 2008 11:06
Used time: 1:41:07 Hour(s)
The scan has been done completely.
11002 Scanning directories
698831 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
698823 Files not concerned
17528 Archives were scanned
6 Warnings
6 Notes
salut ,
je te souhaites de bonne vacance.
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
je te souhaites de bonne vacance.
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
Bonjour,
Me voici de retour à la maison... mais les vacances ne sont pas finies pour autant, encore une semaine et demi avant le retour au boulot.
J'ai lancé ToolBaar S&D comme tu le demandais : ci-joint le rapport :
-----------\\ ToolBar S&D 1.0.9 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : HP_Administrateur ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 17/08/2008 | 17:03:09,25 ] [ PC : NOM-FB9B15D2723 ]
[ MAJ : 13-08-2008 | 14:08 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\WINDOWS\iun6002.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="%SystemRoot%\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\System32\hoshinavi.dat
C:\WINDOWS\System32\hoshinavi.scr
[b]==> EGDACCESS <==/b
-----------\\ Fin du rapport a 17:07:19,46
A bientôt j'épère.
Me voici de retour à la maison... mais les vacances ne sont pas finies pour autant, encore une semaine et demi avant le retour au boulot.
J'ai lancé ToolBaar S&D comme tu le demandais : ci-joint le rapport :
-----------\\ ToolBar S&D 1.0.9 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : HP_Administrateur ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 17/08/2008 | 17:03:09,25 ] [ PC : NOM-FB9B15D2723 ]
[ MAJ : 13-08-2008 | 14:08 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\WINDOWS\iun6002.exe
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="%SystemRoot%\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"
--------------------\\ Recherche d'autres infections
C:\WINDOWS\System32\hoshinavi.dat
C:\WINDOWS\System32\hoshinavi.scr
[b]==> EGDACCESS <==/b
-----------\\ Fin du rapport a 17:07:19,46
A bientôt j'épère.
salut,
Relance Toolbar-S&D en double-cliquant sur le raccourci.
* Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
! Ne ferme pas la fenêtre lors de la suppression !
* Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
Relance Toolbar-S&D en double-cliquant sur le raccourci.
* Choisis cette fois l'option 2 puis valide en appuyant sur Entrée.
! Ne ferme pas la fenêtre lors de la suppression !
* Un rapport sera généré, poste son contenu ici, puis un nouveau rapport HijackThis.
Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "Nouvelle tâche (exécuter)"
Tapes explorer et valide. Cela te fera apparaitre ton bureau
