antivirus xp 2008 Résolu

Question

Bonjour,
comme beaucoup j'ai attrapé cette saleté de "antivirus xp 2008"
j'ai essayé de le desinstallé par ajout/sup... mais en vain , le uninstall plante
j'ai vu qu'il fallait fair un scan avec HijackThis , j'ai besoin de votre aide , merci d'avance

voici le scan : 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:24:26, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Fileshcgkqj0e54thcgkqj0e54t.exe
C:\WINDOWS\system32\lphclkqj0e54t.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\pphclkqj0e54t.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: BHO Class - {06358080-33BE-452b-9B31-E54E112ADCCA} - C:\WINDOWS\system32\MSIEMPlayer.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E859500-C93B-4951-89B9-FB8D056306BA} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32	uvtqrs.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [f832f394] rundll32.exe "C:\WINDOWS\system32\lccvpxsg.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\Help Mpeg.exe
O4 - HKLM\..\Run: [SMrhcgkqj0e54t] C:\Program Fileshcgkqj0e54thcgkqj0e54t.exe
O4 - HKLM\..\Run: [lphclkqj0e54t] C:\WINDOWS\system32\lphclkqj0e54t.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [thatatom] C:\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\Beep Heck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - Winlogon Notify: tuvtqrs - tuvtqrs.dll (file missing)
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

squeak · Answer

Salut,

Alors lire :
https://forum.malekal.com/viewtopic.php?f=56&t=13195
et
https://forum.malekal.com/viewtopic.php?f=3&t=11842&st=0&sk=t&sd=a&start=0

Bonne continuation

gwenissa · Answer

merci , mais la reponse est axees sur une personne , non ?

chimay8 · Answer

ou sont tes protections ?????????????????????

gwenissa · Answer

quelles protections ? je n'ai malheureusement aucuns antivirus , ni scan ...
je n'y connais rien en informatique 
aidez moi svp !

chimay8 · Answer

bin,mon pote!!ou ma pote, lol,
tes vachement bien infecté!!!
j'en n'ai pour des heures!
bon reste en lignes

gwenissa · Answer

merci pour ton aide ! 
je suis desolée pour le boulot que je te donne 
merci

chimay8 · Answer

tu as un parefeu?

gwenissa · Answer

ceux de windows xp , mais rien d'autre ... :S

Destrio5 · Answer

Salut,

Vu que ça n'avance pas, je prends le relais.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

chimay8 · Answer

c'est déja ca

bon,t'as plusieurs infections dont probablement vundo,lop, trojan dow win32.mutant,etc,etc
on va commencer par ca

***soit minutieux***stp  lis bien ce qui est noter(je sais c'est pas folichon!)

Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider : 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
[*]Redémarre ton ordinateur 
[*]Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
[*]A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
[*]Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
[*]Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
[*]Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
[*]Appuie sur Y pour commencer le processus de nettoyage. 
[*]Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
[*]Appuie sur une touche pour redémarrer le PC. 
[*]Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
[*]Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
[*]Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
[*]Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
[*]Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

ensuite

Télécharge  LOP S&D de Eric71.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double-clique dessus pour lancer l'installation.
Double-clique sur le raccourci Lop S&D présent sur ton bureau.
Séléctionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
Patiente jusqu'à la fin du scan.
Poste le rapport généré ( Il se trouve ici: C:\lopR.txt )

Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , choisis l' onglet Fichier , puis clique sur Nouvelle tâche; tape alors explorer.exe et valide.

c'est pas terminer, y a encore des truc a faire après

chimay8 · Answer

!!!!!!!!!!!!!!Vu que ça n'avance pas!!!!!!!!!!!!!!
bref il ta fallus 25 secondes pour lire le log?

Destrio5 · Answer

"bref il ta fallus 25 secondes pour lire le log?"
---> 10 secondes environ.

gwenissa · Answer

ComboFix 08-08-17.03 - conforama 2008-08-18 1:03:24.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.512 [GMT 2:00] Endroit: C:\Documents and Settings\conforama\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\#SharedObjects\S4DHZLVM\iforex.com C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\#SharedObjects\S4DHZLVM\iforex.com\Emerp\Events\flash_object.swf\user_data.sol C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\#SharedObjects\S4DHZLVM\interclick.com C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\#SharedObjects\S4DHZLVM\interclick.com\ud.sol C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com C:\Documents and Settings\conforama\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol C:\Documents and Settings\conforama\Application Data\rhcgkqj0e54t C:\Documents and Settings\conforama\Cookies\conforama@outils.yesmessenger[2].txt C:\Documents and Settings\conforama\UserData C:\Documents and Settings\conforama\UserData\ABWPQRE7\showHideState[1].xml C:\Documents and Settings\conforama\UserData\ABWPQRE7\showHideState[2].xml C:\Documents and Settings\conforama\UserData\ABWPQRE7\Tdy58[1].xml C:\Documents and Settings\conforama\UserData\ETIXUVKH\historySearchPos[1].xml C:\Documents and Settings\conforama\UserData\ETIXUVKH\showHideState[1].xml C:\Documents and Settings\conforama\UserData\ETIXUVKH\showHideState[2].xml C:\Documents and Settings\conforama\UserData\ETIXUVKH\undefined[1].xml C:\Documents and Settings\conforama\UserData\F1JDFCQY\advstNetId[1].xml C:\Documents and Settings\conforama\UserData\F1JDFCQY\iconState[1].xml C:\Documents and Settings\conforama\UserData\F1JDFCQY\iconState[2].xml C:\Documents and Settings\conforama\UserData\index.dat C:\Documents and Settings\conforama\UserData\KZQ3A7YX\historySitePos[1].xml C:\Documents and Settings\conforama\UserData\KZQ3A7YX\iconState[1].xml C:\Documents and Settings\conforama\UserData\KZQ3A7YX\iconState[2].xml C:\Program Files\rhcgkqj0e54t C:\WINDOWS\BMfb01c008.txt C:\WINDOWS\BMfb01c008.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pack.epk C:\WINDOWS\pskt.ini C:\WINDOWS\system32\~.exe C:\WINDOWS\system32\abnhecqe.ini C:\WINDOWS\system32\abnhecqe.ini2 C:\WINDOWS\system32\abnhecqe.tmp C:\WINDOWS\system32\agxoybvc.ini C:\WINDOWS\system32\aifsxere.ini C:\WINDOWS\system32\aljdolil.dll C:\WINDOWS\system32\bbatyaun.ini C:\WINDOWS\system32\bgnptges.dll C:\WINDOWS\system32\blphclkqj0e54t.scr C:\WINDOWS\system32\btxwibag.ini C:\WINDOWS\system32\clplrpdt.ini C:\WINDOWS\system32\clpmvvih.dll C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML C:\WINDOWS\system32\csuqkruo.ini C:\WINDOWS\system32\cvohqsex.ini C:\WINDOWS\system32\ddhkfiyy.dll C:\WINDOWS\system32\deekytox.dll C:\WINDOWS\system32\dkkhjqkk.dll C:\WINDOWS\system32\dmbyesbx.dll c:\windows\system32\Drivers\Winha23.sys C:\WINDOWS\system32\dxkosphh.dll C:\WINDOWS\system32\eeitjckw.dll C:\WINDOWS\system32\emaltrul.ini C:\WINDOWS\system32\eqblqaxv.ini C:\WINDOWS\system32\ewufwclj.dll C:\WINDOWS\system32\fblviedk.ini C:\WINDOWS\system32\fettihht.ini C:\WINDOWS\system32\ffijansj.ini C:\WINDOWS\system32\fhroetuk.ini C:\WINDOWS\system32\frheumlr.ini C:\WINDOWS\system32\ftqxpbcw.ini C:\WINDOWS\system32\gabiwxtb.dll C:\WINDOWS\system32\gjllm.ini C:\WINDOWS\system32\gjllm.ini2 C:\WINDOWS\system32\griqwikn.dll C:\WINDOWS\system32\gsxpvccl.ini C:\WINDOWS\system32\gsxpvccl.ini2 C:\WINDOWS\system32\gsxpvccl.tmp C:\WINDOWS\system32\hhpsokxd.ini C:\WINDOWS\system32\hivvmplc.ini C:\WINDOWS\system32\hpvypylp.dll C:\WINDOWS\system32\hqascrrv.ini C:\WINDOWS\system32\hqsglsmg.dll C:\WINDOWS\system32\hunyfeka.ini C:\WINDOWS\system32\hwioahhj.dll C:\WINDOWS\system32\hxybngwq.dll C:\WINDOWS\system32\ifkleyoi.dll C:\WINDOWS\system32\ioyelkfi.ini C:\WINDOWS\system32\iqwcdejt.ini C:\WINDOWS\system32\ixhmuhrn.dll C:\WINDOWS\system32\jrbssplg.ini C:\WINDOWS\system32\kefhtspa.ini C:\WINDOWS\system32\kexxwfrb.dll C:\WINDOWS\system32\kkqjhkkd.ini C:\WINDOWS\system32\koykmype.ini C:\WINDOWS\system32\kuteorhf.dll C:\WINDOWS\system32\lclnsbhc.dll C:\WINDOWS\system32\lmplybew.dll C:\WINDOWS\system32\lnmgmppw.dll C:\WINDOWS\system32\lphclkqj0e54t.exe C:\WINDOWS\system32\lurtlame.dll C:\WINDOWS\system32\lwulcodl.ini C:\WINDOWS\system32\lwulcodl.ini2 C:\WINDOWS\system32\lwulcodl.tmp C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mktseljl.ini C:\WINDOWS\system32\mtfdewfa.dll C:\WINDOWS\system32\mvvtgcdj.dll C:\WINDOWS\system32\nbyfbeto.dll C:\WINDOWS\system32\ncckhcqp.dll C:\WINDOWS\system32\njtvltwb.ini C:\WINDOWS\system32\nrhumhxi.ini C:\WINDOWS\system32\nvs2.inf C:\WINDOWS\system32\nyvsgjco.dll C:\WINDOWS\system32\otebfybn.ini C:\WINDOWS\system32\ourkqusc.dll C:\WINDOWS\system32\ovrbxnba.dll C:\WINDOWS\system32\pdhmuytr.ini C:\WINDOWS\system32\phclkqj0e54t.bmp C:\WINDOWS\system32\plypyvph.ini C:\WINDOWS\system32\pphclkqj0e54t.exe C:\WINDOWS\system32\pqgrjqgc.dll C:\WINDOWS\system32\prbgjima.dll C:\WINDOWS\system32\psrhavlv.dll C:\WINDOWS\system32\qmieoknkfq_navtmp.dat C:\WINDOWS\system32\qykqxkjf.ini C:\WINDOWS\system32\rbwqrwhn.dll C:\WINDOWS\system32\rgvdonbc.ini C:\WINDOWS\system32\rjthytpk.dll C:\WINDOWS\system32\rmxtngcn.ini C:\WINDOWS\system32\sayaskq.dat C:\WINDOWS\system32\sayaskq.exe C:\WINDOWS\system32\sayaskq_nav.dat C:\WINDOWS\system32\sayaskq_navps.dat C:\WINDOWS\system32\soektaib.ini C:\WINDOWS\system32\sujoruxj.ini C:\WINDOWS\system32\tcvdrdpx.dll C:\WINDOWS\system32\tpqjibmr.dll C:\WINDOWS\system32\txapsruv.ini C:\WINDOWS\system32\vhklwgdn.dll C:\WINDOWS\system32\vmsmqufr.ini C:\WINDOWS\system32\vnlgtmpf.ini C:\WINDOWS\system32\vohuoxjx.ini C:\WINDOWS\system32\vrrcsaqh.dll C:\WINDOWS\system32\wcbpxqtf.dll C:\WINDOWS\system32\wfgshbab.dll C:\WINDOWS\system32\WinCtrl32.dl_ C:\WINDOWS\system32\WinCtrl32.dll C:\WINDOWS\system32\wkcjtiee.ini C:\WINDOWS\system32\wvqmwtvf.dll C:\WINDOWS\system32\xbseybmd.ini C:\WINDOWS\system32\xhmykkak.dll C:\WINDOWS\system32\xjloqimc.ini C:\WINDOWS\system32\xjopecip.dll C:\WINDOWS\system32\xobcehtm.ini C:\WINDOWS\system32\xvfniflv.ini C:\WINDOWS\system32\yalnerap.ini C:\WINDOWS\system32\ybayuefa.dll C:\WINDOWS\system32\yfdtfuug.ini C:\WINDOWS\system32\ygdgjhtq.dll C:\WINDOWS\system32\yskgiqgd.dll C:\WINDOWS\system32\yymiaxjw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINHA23 -------\Service_Winha23 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-17 to 2008-08-17 )))))))))))))))))))))))))))))))))))) . 2008-08-17 23:49 . 2008-08-17 23:49 d-------- C:\Documents and Settings\All Users\Application Data\Ashampoo 2008-08-17 23:01 . 2008-08-17 23:12 94,208 --a------ C:\WINDOWS\system32\10.tmp 2008-08-17 22:38 . 2008-08-17 23:12 32 --a-s---- C:\WINDOWS\system32\1618995047.dat 2008-08-17 22:00 . 2008-08-17 22:00 d--hs---- C:\FOUND.219 2008-08-15 19:22 . 2008-08-15 19:22 d-------- C:\Program Files\Axis Title 2008-08-15 12:13 . 2008-08-15 12:13 d--hs---- C:\FOUND.218 2008-08-15 12:04 . 2008-08-15 12:04 d--hs---- C:\FOUND.217 2008-08-11 14:23 . 2008-08-11 14:23 d--hs---- C:\FOUND.216 2008-08-06 18:09 . 2008-08-06 18:09 d--hs---- C:\FOUND.215 2008-08-04 17:30 . 2008-08-04 17:30 d--hs---- C:\FOUND.214 2008-08-03 12:41 . 2008-08-03 12:41 d--hs---- C:\FOUND.213 2008-07-28 14:58 . 2008-07-28 14:58 d-------- C:\WINDOWS\system32\Adobe 2008-07-23 12:37 . 2008-07-23 12:37 d--hs---- C:\FOUND.212 2008-07-21 22:27 . 2008-07-21 22:27 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-07-21 19:36 . 2008-07-21 19:36 d--hs---- C:\FOUND.211 2008-07-21 19:29 . 2008-07-21 19:29 d--hs---- C:\FOUND.210 2008-07-20 11:58 . 2008-07-20 11:58 d--hs---- C:\FOUND.209 . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2008-01-27 17:19 45,056 ----a-w C:\Documents and Settings\conforama\957123845.exe 2008-01-27 17:19 45,056 ----a-w C:\Documents and Settings\conforama\957123844.exe 2008-01-27 17:19 45,056 ----a-w C:\Documents and Settings\conforama\6.exe 2008-01-27 17:19 45,056 ----a-w C:\Documents and Settings\conforama\411.exe 2008-01-25 21:54 45,056 ----a-w C:\Documents and Settings\conforama\394.exe 2008-01-25 21:54 45,056 ----a-w C:\Documents and Settings\conforama\368.exe 2008-01-10 19:10 45,056 ----a-w C:\Documents and Settings\conforama\456.exe 2008-01-10 19:10 45,056 ----a-w C:\Documents and Settings\conforama\276.exe . ------- Sigcheck ------- 2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 12:45 360320 1cc09561e21a48a7f649a40f18235860 C:\WINDOWS\system32\dllcache\tcpip.sys 2004-08-10 20:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\backup\tcpip.sys 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2008-06-20 12:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys 2008-06-20 13:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys 2008-06-20 13:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys 2004-08-10 20:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys 2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "thatatom"="C:\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\Beep Heck.exe" [2008-08-15 19:21 465408] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 19:45 68856] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-06-22 19:37 190024] "msnmsgr"="C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" [2007-10-18 11:34 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248] "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056] "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 20:00 208952] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 20:00 455168] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888] "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112] "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 16:48 57344] "USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [2005-09-14 20:44 65536] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696] "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-06-22 19:37 190024] "Hold option boob bin"="C:\Documents and Settings\All Users\Application Data\ford does hold option\Help Mpeg.exe" [2008-08-18 01:14 1806336] "RTHDCPL"="RTHDCPL.EXE" [2006-06-27 23:54 16248320 C:\WINDOWS\RTHDCPL.exe] "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codec"= l3codecp.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\DivX\DivX Player\DivX Player.exe"= "C:\Program Files\DivX\DivX Codec\DivX EKG.exe"= "C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe"= "C:\Program Files\SopCast\SopCast.exe"= "C:\WINDOWS\System32\LEXPPS.EXE"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\Windows Media Player\wmplayer.exe"= "C:\Program Files\SopCast\adv\SopAdver.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23] R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys [] S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys [] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] *Newly Created Service* - ATIWINMGMT . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-17 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26] 2007-03-05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 17:13] 2008-08-17 C:\WINDOWS\Tasks\AABACC8D918D7FC1.job - c:\docume~1\confor~1\applic~1\axisti~1\Poll bows online.exe [2008-08-15 19:25] . - - - - ORPHANS REMOVED - - - - BHO-{2E859500-C93B-4951-89B9-FB8D056306BA} - C:\WINDOWS\system32\mlljg.dll WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-UIWatcher - C:\Program Files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe HKLM-Run-RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe HKLM-Run-f832f394 - C:\WINDOWS\system32\lccvpxsg.dll HKLM-Run-sayaskq - c:\windows\system32\sayaskq.exe HKLM-Run-SMrhcgkqj0e54t - C:\Program Files\rhcgkqj0e54t\rhcgkqj0e54t.exe HKLM-Run-lphclkqj0e54t - C:\WINDOWS\system32\lphclkqj0e54t.exe HKLM-Run-LaunchApp - (no file) ShellExecuteHooks-{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - (no file) Notify-tuvtqrs - tuvtqrs.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 01:12:00 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atiwinmgmt] "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspMessenger] "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocatorehSched] "ImagePath"="ð%€|x\[u]0[/u]1\[u]0[/u]9 srv" . --------------------- DLLs a charg‚ sous des processus courants --------------------- PROCESS: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\SXS.DLL -> ?:\WINDOWS\system32\SXS.DLL -> ?:\WINDOWS\system32\SXS.DLL . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.exe C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\AOL Compagnon\companion.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\system32\imapi.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-18 1:15:42 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-17 23:15:34 Pre-Run: 18,142,887,936 octets libres Post-Run: 19,654,017,024 octets libres 385 --- E O F --- 2008-08-15 17:02:41

chimay8 · Answer

Même les meilleurs sont plus lent...
le pire c'est que je voulais te mp pour reprendre le poste
mais comme tu m'as si gentiment griller la politesse...j'espère seulement qu'il va répondre
Bien à toi, très chère ami
passe une douce et heureuse nuit
@+

Destrio5 · Answer

Suis les procédures de chimay8 :
http://ww.commentcamarche.net/forum/affich 7948188 antivirus xp 2008#10

Destrio5 · Answer

"Même les meilleurs sont plus lent...
le pire c'est que je voulais te mp pour reprendre le poste
mais comme tu m'as si gentiment griller la politesse...j'espère seulement qu'il va répondre
Bien à toi, très chère ami
passe une douce et heureuse nuit
@+ "

---> Heu, j'ai pas tout compris. Je t'explique, j'arrive sur ce topic. Je vois que tu lui dis que le rapport est infecté mais tu ne lui proposes rien alors pour aller plus vite, j'ai posté la procédure ComboFix pour débloquer la situation. Il n'y a aucun problème si tu veux t'en occuper, j'ai juste vu que ça n'avançait pas.

Destrio5 · Answer

Ok, bonne nuit et j'espère que tu ne l'as pas pris mal.

gwenissa · Answer

voila pour Report SDfix :

[b]SDFix: Version 1.216 [/b]
Run by conforama on 18/08/2008 at 01:36

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

Trojan Files Found:

C:\WINDOWS\system32\10.tmp - Deleted
C:\Documents and Settings\conforama\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk  - Deleted
C:\WINDOWS\antiv.exe  - Deleted





Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-18 01:44:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\DivX\DivX Player\DivX Player.exe"="C:\Program Files\DivX\DivX Player\DivX Player.exe:*:Enabled:DivX Player"
"C:\Program Files\DivX\DivX Codec\DivX EKG.exe"="C:\Program Files\DivX\DivX Codec\DivX EKG.exe:*:Enabled:DivX EKG"
"C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe"="C:\Program Files\ABBYY FineReader 5.0 Sprint\Sprint.exe:*:Enabled:ABBYY FineReader 5.0 Sprint"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\WINDOWS\System32\LEXPPS.EXE"="C:\WINDOWS\System32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Media Player\wmplayer.exe"="C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 21 Jun 2006         1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 21 Jun 2006         1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 21 Jun 2006         1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 21 Jun 2006         1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 21 Jun 2006         1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Tue 22 Jan 2008    11,534,336 ..SH. --- "C:\WINDOWS\system32\lnubfjcl.tmp"
Mon  3 Mar 2008     1,287,599 A.SH. --- "C:\WINDOWS\system32\lgjdpqcu.tmp"
Wed 23 Apr 2003       237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Wed 23 Apr 2003        49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Wed 23 Apr 2003        36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Wed 23 Apr 2003        40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Wed 23 Apr 2003        49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Thu  8 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\71fa8e4b1f1c72b0e3a5d30a0a049f55\BIT1.tmp"
Sun  3 Feb 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 23 Jul 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\download\BITC.tmp"
Fri  4 Oct 2002       106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

[b]Finished![/b]

et pour hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:46:39, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Hold option boob bin] C:\Documents and Settings\All Users\Application Data\ford does hold option\Help Mpeg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [thatatom] C:\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\Beep Heck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

gwenissa · Answer

et voila Lop S&D :


   --------------------\  Lop S&D 4.2.3-0   XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : conforama ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 18/08/2008 |  1:51:29 ] [ PC : ACER-3FAFADAADF (Proc:x86) ]
   [ MAJ : 17-08-2008 | 01:58 ]
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [21/06/2006|12:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
   [21/06/2006|11:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [08/02/2008|18:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [21/06/2006|11:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [21/06/2006|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [05/03/2007|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [17/08/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo
   [20/02/2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
   [16/06/2007|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [27/12/2006|23:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [05/02/2007|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\deletemovethirdclock
   [21/06/2006|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [03/08/2007|11:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
   [11/06/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [29/09/2007|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [03/08/2007|11:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford
   [19/06/2008|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
   [07/02/2007|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [21/06/2006|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [28/08/2007|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
   [27/08/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
   [15/06/2007|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [26/12/2007|16:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
   [24/07/2007|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [30/12/2006|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [01/06/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [01/01/2007|14:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

   [21/06/2006|11:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [21/06/2006|11:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [21/06/2006|12:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
   [21/06/2006|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [21/06/2006|11:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [21/06/2006|11:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [23/01/2007|20:08] C:\DOCUME~1\CONFOR~1\APPLIC~1\Adobe
   [05/02/2007|19:48] C:\DOCUME~1\CONFOR~1\APPLIC~1\AdobeUM
   [05/03/2007|18:10] C:\DOCUME~1\CONFOR~1\APPLIC~1\Apple Computer
   [21/06/2006|12:01] C:\DOCUME~1\CONFOR~1\APPLIC~1\ATI
   [05/02/2007|20:06] C:\DOCUME~1\CONFOR~1\APPLIC~1\Axis Title
   [27/12/2006|23:47] C:\DOCUME~1\CONFOR~1\APPLIC~1\CyberLink
   [21/06/2006|11:36] C:\DOCUME~1\CONFOR~1\APPLIC~1\desktop.ini
   [24/07/2007|15:39] C:\DOCUME~1\CONFOR~1\APPLIC~1\DivX
   [04/06/2007|21:54] C:\DOCUME~1\CONFOR~1\APPLIC~1\dvdcss
   [27/03/2008|19:21] C:\DOCUME~1\CONFOR~1\APPLIC~1\FMZilla
   [11/06/2007|22:44] C:\DOCUME~1\CONFOR~1\APPLIC~1\Google
   [02/01/2007|13:12] C:\DOCUME~1\CONFOR~1\APPLIC~1\Help
   [21/06/2006|11:51] C:\DOCUME~1\CONFOR~1\APPLIC~1\Identities
   [29/09/2007|16:49] C:\DOCUME~1\CONFOR~1\APPLIC~1\Leadertech
   [21/11/2006|15:35] C:\DOCUME~1\CONFOR~1\APPLIC~1\Macromedia
   [21/06/2006|11:35] C:\DOCUME~1\CONFOR~1\APPLIC~1\Microsoft
   [03/04/2007|20:01] C:\DOCUME~1\CONFOR~1\APPLIC~1\OpenOffice.org2
   [16/04/2008|18:52] C:\DOCUME~1\CONFOR~1\APPLIC~1\PPMate
   [04/07/2007|15:11] C:\DOCUME~1\CONFOR~1\APPLIC~1\Samsung
   [16/04/2007|21:52] C:\DOCUME~1\CONFOR~1\APPLIC~1\Screenshot Sender
   [31/10/2007|20:31] C:\DOCUME~1\CONFOR~1\APPLIC~1\SopCast
   [03/04/2007|19:53] C:\DOCUME~1\CONFOR~1\APPLIC~1\Sun
   [26/12/2007|16:15] C:\DOCUME~1\CONFOR~1\APPLIC~1\Viewpoint
   [01/01/2007|14:35] C:\DOCUME~1\CONFOR~1\APPLIC~1\vlc
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [18/08/2008 01:00][--ah-----] C:\WINDOWS	asks\AABACC8D918D7FC1.job
   [18/08/2008 01:42][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/03/2007 18:09][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [18/08/2008 01:19][--a------] C:\WINDOWS	asks\Check Updates for Windows Live Toolbar.job
   [10/08/2004 20:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   ( AABACC8D918D7FC1.job )=( c:\docume~1\confor~1\applic~1\axisti~1\Pollbowsonline.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [29/02/2008|22:13] C:\Program Files\7-Zip
   [16/10/2007|21:48] C:\Program Files\ABBYY FineReader 5.0 Sprint
   [16/06/2007|12:48] C:\Program Files\ABBYY FineReader 6.0
   [21/06/2006|12:08] C:\Program Files\Acer Inc
   [21/06/2006|12:08] C:\Program Files\Adobe
   [03/04/2007|18:52] C:\Program Files\adslTV
   [05/02/2007|20:03] C:\Program Files\Adverts
   [10/11/2007|23:32] C:\Program Files\Amor AVI MPEG WMV RM to MP3 Converter
   [28/12/2006|19:13] C:\Program Files\AOL 8.0
   [28/12/2006|19:14] C:\Program Files\AOL Compagnon
   [05/03/2007|18:09] C:\Program Files\Apple Software Update
   [21/06/2006|11:52] C:\Program Files\ATI Technologies
   [15/08/2008|19:22] C:\Program Files\Axis Title
   [21/06/2006|11:41] C:\Program Files\ComPlus Applications
   [11/04/2007|16:17] C:\Program Files\Comptes et Budget Free V5.0
   [21/06/2006|12:05] C:\Program Files\CONEXANT
   [21/06/2006|12:10] C:\Program Files\CyberLink
   [21/06/2006|12:51] C:\Program Files\DIFX
   [24/07/2007|15:11] C:\Program Files\DivX
   [16/06/2007|12:48] C:\Program Files\FaxTools
   [21/06/2006|11:36] C:\Program Files\Fichiers communs
   [01/04/2007|20:19] C:\Program Files\Free
   [27/03/2008|19:20] C:\Program Files\Free Music Zilla
   [01/01/2007|14:29] C:\Program Files\Free.fr
   [15/06/2007|15:25] C:\Program Files\Gamenext
   [21/06/2006|13:01] C:\Program Files\GemMasterFrench
   [11/06/2007|22:44] C:\Program Files\Google
   [21/06/2006|11:52] C:\Program Files\InstallShield Installation Information
   [21/06/2006|11:43] C:\Program Files\Internet Explorer
   [05/03/2007|19:07] C:\Program Files\iPod
   [05/03/2007|19:07] C:\Program Files\iTunes
   [20/02/2007|18:58] C:\Program Files\IVT Corporation
   [03/04/2007|19:53] C:\Program Files\Java
   [21/11/2006|15:42] C:\Program Files\Launch Manager
   [16/10/2007|21:44] C:\Program Files\Lexmark X1100 Series
   [13/06/2007|23:27] C:\Program Files\Maxis
   [21/06/2006|11:40] C:\Program Files\Messenger
   [05/02/2007|20:03] C:\Program Files\Messenger Plus! Live
   [08/06/2008|18:32] C:\Program Files\MessengerPlus! 3
   [21/06/2006|11:45] C:\Program Files\microsoft frontpage
   [13/06/2007|15:26] C:\Program Files\Microsoft Games
   [21/11/2006|19:17] C:\Program Files\Microsoft Office
   [21/06/2006|11:41] C:\Program Files\Movie Maker
   [21/06/2006|11:40] C:\Program Files\MSN
   [21/06/2006|11:40] C:\Program Files\MSN Gaming Zone
   [01/02/2008|20:01] C:\Program Files\MSXML 4.0
   [21/06/2006|11:43] C:\Program Files\NetMeeting
   [21/06/2006|12:16] C:\Program Files\NewTech Infosystems
   [28/12/2006|19:14] C:\Program Files\Nullsoft
   [21/06/2006|11:41] C:\Program Files\Online Services
   [03/04/2007|19:54] C:\Program Files\OpenOffice.org 2.2
   [21/06/2006|11:43] C:\Program Files\Outlook Express
   [29/03/2008|16:59] C:\Program Files\Oxygen Interactive
   [13/04/2008|00:14] C:\Program Files\QuickTime
   [21/06/2006|12:01] C:\Program Files\Realtek
   [04/07/2007|15:03] C:\Program Files\Samsung
   [19/09/2007|18:49] C:\Program Files\Seagrand
   [21/06/2006|11:43] C:\Program Files\Services en ligne
   [31/10/2007|20:31] C:\Program Files\SopCast
   [21/11/2006|15:41] C:\Program Files\Synaptics
   [26/07/2007|14:57] C:\Program Files\TechSmith
   [21/06/2006|11:51] C:\Program Files\Uninstall Information
   [26/12/2007|13:51] C:\Program Files\USB Disk Win98 Driver
   [01/01/2007|14:34] C:\Program Files\VideoLAN
   [28/12/2006|19:14] C:\Program Files\Viewpoint
   [12/04/2007|19:54] C:\Program Files\WebAnim Gif
   [01/10/2007|21:10] C:\Program Files\Windows Live
   [02/05/2007|10:37] C:\Program Files\Windows Live Safety Center
   [30/12/2006|14:34] C:\Program Files\Windows Live Toolbar
   [24/07/2007|14:58] C:\Program Files\Windows Media Connect 2
   [21/06/2006|11:41] C:\Program Files\Windows Media Player
   [21/06/2006|11:40] C:\Program Files\Windows NT
   [21/06/2006|11:41] C:\Program Files\Windows Plus
   [21/06/2006|11:43] C:\Program Files\WindowsUpdate
   [30/09/2007|22:09] C:\Program Files\Wondershare
   [21/06/2006|11:45] C:\Program Files\xerox
   [01/01/2007|14:48] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [21/06/2006|12:08] C:\Program Files\Fichiers communs\Adobe
   [28/12/2006|19:12] C:\Program Files\Fichiers communs\AOL
   [28/12/2006|19:14] C:\Program Files\Fichiers communs\aolback
   [28/12/2006|19:14] C:\Program Files\Fichiers communs\aolshare
   [21/06/2006|11:56] C:\Program Files\Fichiers communs\ATI Technologies
   [21/06/2006|11:52] C:\Program Files\Fichiers communs\InstallShield
   [03/04/2007|19:53] C:\Program Files\Fichiers communs\Java
   [21/06/2006|12:16] C:\Program Files\Fichiers communs\LightScribe
   [21/06/2006|11:36] C:\Program Files\Fichiers communs\Microsoft Shared
   [21/06/2006|11:43] C:\Program Files\Fichiers communs\MSSoap
   [21/06/2006|12:16] C:\Program Files\Fichiers communs\muvee Technologies
   [21/06/2006|12:16] C:\Program Files\Fichiers communs\NewTech Infosystems
   [21/06/2006|11:36] C:\Program Files\Fichiers communs\ODBC
   [28/12/2006|19:14] C:\Program Files\Fichiers communs\Real
   [21/06/2006|11:43] C:\Program Files\Fichiers communs\Services
   [21/06/2006|11:36] C:\Program Files\Fichiers communs\SpeechEngines
   [16/04/2008|18:52] C:\Program Files\Fichiers communs\Synacast
   [21/06/2006|11:43] C:\Program Files\Fichiers communs\System
   [01/06/2008|18:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 68 Processus )

   IEXPLORE.EXE ~ [PID:2224] ~ [Threads:8]
   IEXPLORE.EXE ~ [PID:2800] ~ [Threads:5]
   IEXPLORE.EXE ~ [PID:3764] ~ [Threads:23]
   MsgPlus.exe ~ [PID:1804] ~ [Threads:1]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\dart warn.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\start flaw.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Body Blue.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\ball option.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\delete idol.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option	est balm.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\axis stop.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\64 1.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Help Mpeg.exe
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Beep Heck.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\zhfatvda.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Datauploadcashkeep.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Poll bows online.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\qgzwxgcl.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1	hvjdyyj.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\xsdlhjzh.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Poll gram upload.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\cntmpoqp.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\kcwajdaf.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\wfvzaism.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\ckcvjykk.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\sauptfmq.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\xsqmboqc.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1	oabxfog.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\mnofbfvg.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\kqtludkh.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\yawncpcr.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\iczadnmk.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\xalowmmr.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\msjyxxva.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\pgglgmij.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1ddocpfl.exe
   C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\dkdkcilw.exe
   C:\Program Files\axisti~1
   C:\Program Files\Adverts
   C:\Program Files\Adverts\uninst.exe
   C:\DOCUME~1\CONFOR~1\Cookies\conforama@advertstream[1].txt
   C:\DOCUME~1\CONFOR~1\Cookies\conforama@advertising[1].txt
   C:\WINDOWS\Tasks\AABACC8D918D7FC1.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "thatatom"="C:\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\Beep Heck.exe"

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "Hold option boob bin"="C:\Documents and Settings\All Users\Application Data\ford does hold option\Help Mpeg.exe"

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-18 01:53:18
   Windows 5.1.2600 Service Pack 2 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\CONFOR~1\Mes documents\Mes images\ogcnice\crack.bmp
   C:\DOCUME~1\CONFOR~1\Mes documents\Nouveau dossier\ogcnice\crack.bmp


   [F:32][D:3]-> C:\DOCUME~1\CONFOR~1\LOCALS~1\Temp
   [F:138][D:0]-> C:\DOCUME~1\CONFOR~1\Cookies
   [F:215][D:4]-> C:\DOCUME~1\CONFOR~1\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   --------------------\  Fin du rapport a  1:54:23,20

Destrio5 · Answer

Ok, fais Lop S&D.

gwenissa · Answer

je viens de poster le Lop 
il est sur la  page 1

Destrio5 · Answer

---> Relance Lop S&D
---> Choisis cette fois-ci l'option 2 (Suppression)
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt)

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

gwenissa · Answer

--------------------\  Lop S&D 4.2.3-0   XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
   [ USER : conforama ] [ "C:\Lop SD" ] [ Selection : 2 ]
   [ 18/08/2008 |  2:03:55 ] [ PC : ACER-3FAFADAADF (Proc:x86) ]
   [ MAJ : 17-08-2008 | 01:58 ]


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\dart warn.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\start flaw.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Body Blue.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\ball option.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\delete idol.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option	est balm.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\axis stop.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\64 1.exe
   Echec   ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Help Mpeg.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Beep Heck.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\zhfatvda.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Datauploadcashkeep.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Poll bows online.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\qgzwxgcl.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1	hvjdyyj.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\xsdlhjzh.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\Poll gram upload.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\cntmpoqp.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\kcwajdaf.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\wfvzaism.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\ckcvjykk.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\sauptfmq.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\xsqmboqc.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1	oabxfog.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\mnofbfvg.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\kqtludkh.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\yawncpcr.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\iczadnmk.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\xalowmmr.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\msjyxxva.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\pgglgmij.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1ddocpfl.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1\dkdkcilw.exe
   Supprime! - C:\Program Files\Adverts\uninst.exe
   Supprime! - C:\DOCUME~1\CONFOR~1\Cookies\conforama@advertstream[1].txt
   Supprime! - C:\DOCUME~1\CONFOR~1\Cookies\conforama@advertising[1].txt
   Supprime! - C:\WINDOWS\Tasks\AABACC8D918D7FC1.job 
   Echec   ! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\idle wma bin ford
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\axisti~1
   Supprime! - C:\Program Files\axisti~1
   Supprime! - C:\Program Files\Adverts
   -
   [ Fichier Hosts ] .. Restaure!

   \\\\\\\\\\\\\\\ DEUXIEME PASSAGE
 
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Help Mpeg.exe
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option
 
   \\\\\\\\\\\\\\\ 

   Supprime! - C:\Program Files\Viewpoint
   Supprime! - C:\DOCUME~1\CONFOR~1\APPLIC~1\Viewpoint
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
 
   \\\\\\\\\\\\\\\

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [21/06/2006|12:01] C:\DOCUME~1\DEFAUL~1\APPLIC~1\ATI
   [21/06/2006|11:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [21/06/2006|11:51] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [08/02/2008|18:04] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [21/06/2006|11:35] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [21/06/2006|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [05/03/2007|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [17/08/2008|23:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ashampoo
   [20/02/2007|19:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
   [16/06/2007|12:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
   [27/12/2006|23:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [05/02/2007|20:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\deletemovethirdclock
   [21/06/2006|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [11/06/2007|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [29/09/2007|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
   [19/06/2008|15:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt
   [07/02/2007|14:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
   [21/06/2006|11:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [28/08/2007|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NannyMania
   [27/08/2007|16:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Oberon Games
   [15/06/2007|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [24/07/2007|14:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [30/12/2006|14:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
   [01/06/2008|18:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
   [01/01/2007|14:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion

   [21/06/2006|11:35] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [21/06/2006|11:35] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [21/06/2006|12:01] C:\DOCUME~1\ADMINI~1\APPLIC~1\ATI
   [21/06/2006|11:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [21/06/2006|11:51] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [21/06/2006|11:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [23/01/2007|20:08] C:\DOCUME~1\CONFOR~1\APPLIC~1\Adobe
   [05/02/2007|19:48] C:\DOCUME~1\CONFOR~1\APPLIC~1\AdobeUM
   [05/03/2007|18:10] C:\DOCUME~1\CONFOR~1\APPLIC~1\Apple Computer
   [21/06/2006|12:01] C:\DOCUME~1\CONFOR~1\APPLIC~1\ATI
   [27/12/2006|23:47] C:\DOCUME~1\CONFOR~1\APPLIC~1\CyberLink
   [21/06/2006|11:36] C:\DOCUME~1\CONFOR~1\APPLIC~1\desktop.ini
   [24/07/2007|15:39] C:\DOCUME~1\CONFOR~1\APPLIC~1\DivX
   [04/06/2007|21:54] C:\DOCUME~1\CONFOR~1\APPLIC~1\dvdcss
   [27/03/2008|19:21] C:\DOCUME~1\CONFOR~1\APPLIC~1\FMZilla
   [11/06/2007|22:44] C:\DOCUME~1\CONFOR~1\APPLIC~1\Google
   [02/01/2007|13:12] C:\DOCUME~1\CONFOR~1\APPLIC~1\Help
   [21/06/2006|11:51] C:\DOCUME~1\CONFOR~1\APPLIC~1\Identities
   [29/09/2007|16:49] C:\DOCUME~1\CONFOR~1\APPLIC~1\Leadertech
   [21/11/2006|15:35] C:\DOCUME~1\CONFOR~1\APPLIC~1\Macromedia
   [21/06/2006|11:35] C:\DOCUME~1\CONFOR~1\APPLIC~1\Microsoft
   [03/04/2007|20:01] C:\DOCUME~1\CONFOR~1\APPLIC~1\OpenOffice.org2
   [16/04/2008|18:52] C:\DOCUME~1\CONFOR~1\APPLIC~1\PPMate
   [04/07/2007|15:11] C:\DOCUME~1\CONFOR~1\APPLIC~1\Samsung
   [16/04/2007|21:52] C:\DOCUME~1\CONFOR~1\APPLIC~1\Screenshot Sender
   [31/10/2007|20:31] C:\DOCUME~1\CONFOR~1\APPLIC~1\SopCast
   [03/04/2007|19:53] C:\DOCUME~1\CONFOR~1\APPLIC~1\Sun
   [01/01/2007|14:35] C:\DOCUME~1\CONFOR~1\APPLIC~1\vlc
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [18/08/2008 01:42][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/03/2007 18:09][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [18/08/2008 01:19][--a------] C:\WINDOWS	asks\Check Updates for Windows Live Toolbar.job
   [10/08/2004 20:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [29/02/2008|22:13] C:\Program Files\7-Zip
   [16/10/2007|21:48] C:\Program Files\ABBYY FineReader 5.0 Sprint
   [16/06/2007|12:48] C:\Program Files\ABBYY FineReader 6.0
   [21/06/2006|12:08] C:\Program Files\Acer Inc
   [21/06/2006|12:08] C:\Program Files\Adobe
   [03/04/2007|18:52] C:\Program Files\adslTV
   [10/11/2007|23:32] C:\Program Files\Amor AVI MPEG WMV RM to MP3 Converter
   [28/12/2006|19:13] C:\Program Files\AOL 8.0
   [28/12/2006|19:14] C:\Program Files\AOL Compagnon
   [05/03/2007|18:09] C:\Program Files\Apple Software Update
   [21/06/2006|11:52] C:\Program Files\ATI Technologies
   [21/06/2006|11:41] C:\Program Files\ComPlus Applications
   [11/04/2007|16:17] C:\Program Files\Comptes et Budget Free V5.0
   [21/06/2006|12:05] C:\Program Files\CONEXANT
   [21/06/2006|12:10] C:\Program Files\CyberLink
   [21/06/2006|12:51] C:\Program Files\DIFX
   [24/07/2007|15:11] C:\Program Files\DivX
   [16/06/2007|12:48] C:\Program Files\FaxTools
   [21/06/2006|11:36] C:\Program Files\Fichiers communs
   [01/04/2007|20:19] C:\Program Files\Free
   [27/03/2008|19:20] C:\Program Files\Free Music Zilla
   [01/01/2007|14:29] C:\Program Files\Free.fr
   [15/06/2007|15:25] C:\Program Files\Gamenext
   [21/06/2006|13:01] C:\Program Files\GemMasterFrench
   [11/06/2007|22:44] C:\Program Files\Google
   [21/06/2006|11:52] C:\Program Files\InstallShield Installation Information
   [21/06/2006|11:43] C:\Program Files\Internet Explorer
   [05/03/2007|19:07] C:\Program Files\iPod
   [05/03/2007|19:07] C:\Program Files\iTunes
   [20/02/2007|18:58] C:\Program Files\IVT Corporation
   [03/04/2007|19:53] C:\Program Files\Java
   [21/11/2006|15:42] C:\Program Files\Launch Manager
   [16/10/2007|21:44] C:\Program Files\Lexmark X1100 Series
   [13/06/2007|23:27] C:\Program Files\Maxis
   [21/06/2006|11:40] C:\Program Files\Messenger
   [05/02/2007|20:03] C:\Program Files\Messenger Plus! Live
   [08/06/2008|18:32] C:\Program Files\MessengerPlus! 3
   [21/06/2006|11:45] C:\Program Files\microsoft frontpage
   [13/06/2007|15:26] C:\Program Files\Microsoft Games
   [21/11/2006|19:17] C:\Program Files\Microsoft Office
   [21/06/2006|11:41] C:\Program Files\Movie Maker
   [21/06/2006|11:40] C:\Program Files\MSN
   [21/06/2006|11:40] C:\Program Files\MSN Gaming Zone
   [01/02/2008|20:01] C:\Program Files\MSXML 4.0
   [21/06/2006|11:43] C:\Program Files\NetMeeting
   [21/06/2006|12:16] C:\Program Files\NewTech Infosystems
   [28/12/2006|19:14] C:\Program Files\Nullsoft
   [21/06/2006|11:41] C:\Program Files\Online Services
   [03/04/2007|19:54] C:\Program Files\OpenOffice.org 2.2
   [21/06/2006|11:43] C:\Program Files\Outlook Express
   [29/03/2008|16:59] C:\Program Files\Oxygen Interactive
   [13/04/2008|00:14] C:\Program Files\QuickTime
   [21/06/2006|12:01] C:\Program Files\Realtek
   [04/07/2007|15:03] C:\Program Files\Samsung
   [19/09/2007|18:49] C:\Program Files\Seagrand
   [21/06/2006|11:43] C:\Program Files\Services en ligne
   [31/10/2007|20:31] C:\Program Files\SopCast
   [21/11/2006|15:41] C:\Program Files\Synaptics
   [26/07/2007|14:57] C:\Program Files\TechSmith
   [21/06/2006|11:51] C:\Program Files\Uninstall Information
   [26/12/2007|13:51] C:\Program Files\USB Disk Win98 Driver
   [01/01/2007|14:34] C:\Program Files\VideoLAN
   [12/04/2007|19:54] C:\Program Files\WebAnim Gif
   [01/10/2007|21:10] C:\Program Files\Windows Live
   [02/05/2007|10:37] C:\Program Files\Windows Live Safety Center
   [30/12/2006|14:34] C:\Program Files\Windows Live Toolbar
   [24/07/2007|14:58] C:\Program Files\Windows Media Connect 2
   [21/06/2006|11:41] C:\Program Files\Windows Media Player
   [21/06/2006|11:40] C:\Program Files\Windows NT
   [21/06/2006|11:41] C:\Program Files\Windows Plus
   [21/06/2006|11:43] C:\Program Files\WindowsUpdate
   [30/09/2007|22:09] C:\Program Files\Wondershare
   [21/06/2006|11:45] C:\Program Files\xerox
   [01/01/2007|14:48] C:\Program Files\Yahoo!

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [21/06/2006|12:08] C:\Program Files\Fichiers communs\Adobe
   [28/12/2006|19:12] C:\Program Files\Fichiers communs\AOL
   [28/12/2006|19:14] C:\Program Files\Fichiers communs\aolback
   [28/12/2006|19:14] C:\Program Files\Fichiers communs\aolshare
   [21/06/2006|11:56] C:\Program Files\Fichiers communs\ATI Technologies
   [21/06/2006|11:52] C:\Program Files\Fichiers communs\InstallShield
   [03/04/2007|19:53] C:\Program Files\Fichiers communs\Java
   [21/06/2006|12:16] C:\Program Files\Fichiers communs\LightScribe
   [21/06/2006|11:36] C:\Program Files\Fichiers communs\Microsoft Shared
   [21/06/2006|11:43] C:\Program Files\Fichiers communs\MSSoap
   [21/06/2006|12:16] C:\Program Files\Fichiers communs\muvee Technologies
   [21/06/2006|12:16] C:\Program Files\Fichiers communs\NewTech Infosystems
   [21/06/2006|11:36] C:\Program Files\Fichiers communs\ODBC
   [28/12/2006|19:14] C:\Program Files\Fichiers communs\Real
   [21/06/2006|11:43] C:\Program Files\Fichiers communs\Services
   [21/06/2006|11:36] C:\Program Files\Fichiers communs\SpeechEngines
   [16/04/2008|18:52] C:\Program Files\Fichiers communs\Synacast
   [21/06/2006|11:43] C:\Program Files\Fichiers communs\System
   [01/06/2008|18:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 64 Processus )

   MsgPlus.exe ~ [PID:1804] ~ [Threads:1]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-18 02:06:22
   Windows 5.1.2600 Service Pack 2 FAT NTAPI
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\CONFOR~1\Mes documents\Mes images\ogcnice\crack.bmp
   C:\DOCUME~1\CONFOR~1\Mes documents\Nouveau dossier\ogcnice\crack.bmp


   [F:32][D:3]-> C:\DOCUME~1\CONFOR~1\LOCALS~1\Temp
   [F:136][D:0]-> C:\DOCUME~1\CONFOR~1\Cookies
   [F:231][D:4]-> C:\DOCUME~1\CONFOR~1\LOCALS~1\TEMPOR~1\content.IE5
   [F:2][D:0]-> C:\Recycled

   --------------------\  Fin du rapport a  2:07:27,21

Destrio5 · Answer

La prochaine fois que tu installes MSN Plus, n'installe pas le sponsor.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f  puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

gwenissa · Answer

Search Navipromo version 3.6.4 commencé le 18/08/2008 à  2:13:31,12

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "conforama" 

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : FAT32

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\menudÉ~1\progra~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\menudÉ~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\DOCUME~1\CONFOR~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\CONFOR~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\CONFOR~1\menud+~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\DOCUME~1\CONFOR~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\DOCUME~1\CONFOR~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 18/08/2008 à  2:15:31,78 ***

Destrio5 · Answer

Relance Navilog1, fais l'option 2 et poste le rapport.

gwenissa · Answer

que dois je faire maintenant ?

encore merci !

gwenissa · Answer

Clean Navipromo version 3.6.4 commencé le 18/08/2008 à  2:30:08,42

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "conforama" 

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : FAT32

Mode suppression automatique 
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur

 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
 

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\conforama\locals~1\applic~1" * 


* Suppression dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudÉ~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\conforama\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\conforama\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Suppression dossiers dans "C:\Documents and Settings\conforama\menud+~1\progra~1" *** 



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\conforama\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\conforama\locals~1\applic~1" * 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 18/08/2008 à  2:33:41,10 ***

Destrio5 · Answer

Fais un scan avec MBAM et supprime tout ce qu'il trouve puis poste le rapport ici :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

gwenissa · Answer

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

02:50:38 18/08/2008
mbam-log-08-18-2008 (02-50-38).txt

Type de recherche: Examen rapide
Eléments examinés: 44074
Temps écoulé: 3 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32	uvovkfj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vgvapdhv.dll (Trojan.vundo) -> Quarantined and deleted successfully.

gwenissa · Answer

et maintenant ? qu'est ce que je dois faire ?

tu es toujours la ???

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Désinstalle Navilog1, Lop S&D

---> Poste un nouveau rapport HijackThis

gwenissa · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:23:10, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Destrio5 · Answer

Tu as des lignes inutiles mais on s'en occupera plus tard.

Installe Antivir qui est un très bon antivirus et fais un scan de ton disque dur :
https://www.malekal.com/avira-free-security-antivirus-gratuit/

gwenissa · Answer

combien de temps faut il encore ? parce qu'il commence à se faire tard l'air de rien ... lol
en tout cas (je sais que ca fait 10 fois que je le dis) mais MERCI !

Destrio5 · Answer

On continue demain si tu veux.

gwenissa · Answer

je pense que c'est le plus raisonnable ! je serais la à partir du debut d'apres midi 
voila 
un enorme MERCI de m'aider ! 
bonne nuit et à demain

Destrio5 · Answer

Bonne nuit.

gwenissa · Answer

me revoila , je telecharge antivir et fais le scan

gwenissa · Answer

voila le scan , est ce que je dois supprimer ce que j'ai mis en quarantaine ?

Avira AntiVir Personal
Report file date: lundi 18 août 2008 13:37

Scanning for 1561842 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: conforama
Computer name: ACER-3FAFADAADF

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 11:29:24
ANTIVIR3.VDF : 7.0.6.29 142336 Bytes 18/08/2008 11:29:24
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 18/08/2008 11:29:46
AESCN.DLL : 8.1.0.23 119156 Bytes 18/08/2008 11:29:44
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52
AEPACK.DLL : 8.1.2.1 364917 Bytes 18/08/2008 11:29:42
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/08/2008 11:29:42
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 18/08/2008 11:29:38
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52
AEGEN.DLL : 8.1.0.35 315764 Bytes 18/08/2008 11:29:32
AEEMU.DLL : 8.1.0.7 430452 Bytes 18/08/2008 11:29:30
AECORE.DLL : 8.1.1.8 172406 Bytes 18/08/2008 11:29:28
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 18/08/2008 11:29:26
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 18 août 2008 13:37

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'companion.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'soffice.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'Res.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '83' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ifkjurav.dll
[DETECTION] Is the TR/Vundo.dvc.4 Trojan
[NOTE] The file was moved to '491461fa.qua'!
C:\WINDOWS\system32\njiolnoj.dll
[DETECTION] Is the TR/Vundo.dvc.4 Trojan
[NOTE] The file was moved to '49126203.qua'!
C:\WINDOWS\system32\gaisovnd.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491261fd.qua'!
C:\WINDOWS\system32\gqoekqut.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49186210.qua'!
C:\WINDOWS\system32\wifigctl.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490f620b.qua'!
C:\WINDOWS\system32\oelcosfg.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4915620b.qua'!
C:\WINDOWS\system32\MSIEMPlayer.DLL
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48f261fb.qua'!
C:\Documents and Settings\All Users\Application Data\deletemovethirdclock\Sign Vc.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491064dc.qua'!
C:\Documents and Settings\All Users\Application Data\deletemovethirdclock\rule flap.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491564ea.qua'!
C:\Documents and Settings\All Users\Application Data\deletemovethirdclock\FLAGIDOL.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea64c4.qua'!
C:\Documents and Settings\conforama\456.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48df64be.qua'!
C:\Documents and Settings\conforama\957123844.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48e064c1.qua'!
C:\Documents and Settings\conforama\957123845.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48e064c3.qua'!
C:\Documents and Settings\conforama\276.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48df64c7.qua'!
C:\Documents and Settings\conforama\368.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48e164c9.qua'!
C:\Documents and Settings\conforama\394.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dd64cf.qua'!
C:\Documents and Settings\conforama\6.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '490e64c6.qua'!
C:\Documents and Settings\conforama\411.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48da64cc.qua'!
C:\Documents and Settings\conforama\Application Data\Sun\Java\Deployment\cache\6.0\4\6e96fd04-74c53b8a
[0] Archive type: ZIP
--> OP.class
[DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
[NOTE] The file was moved to '48e2683a.qua'!
C:\Documents and Settings\conforama\Application Data\Sun\Java\Deployment\cache\6.0\53\76fb16b5-55500d07
[0] Archive type: ZIP
--> OP.class
[DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit
[NOTE] The file was moved to '490f6813.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360552.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48dc6e41.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360554.exe
[DETECTION] Is the TR/Fakealert.aah.6 Trojan
[NOTE] The file was moved to '48dc6e46.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360555.exe
[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
[NOTE] The file was moved to '48dc6e47.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360557.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e49.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360558.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e4c.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360559.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e4e.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360560.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e50.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360561.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e53.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360562.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e56.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360563.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e58.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360564.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e5a.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360565.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e5c.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360566.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e5e.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360567.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e61.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360568.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e63.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360569.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e65.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360570.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e67.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360571.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e6a.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360572.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e6c.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360573.dll
[DETECTION] Is the TR/Vundo.DUP Trojan
[NOTE] The file was moved to '48dc6e6e.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360574.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e70.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360575.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e72.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360576.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e74.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360578.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e76.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360579.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e78.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360580.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e7a.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360581.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e7c.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360582.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e7d.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360583.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e7f.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360584.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e81.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360585.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e83.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360586.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e85.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360587.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e87.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360588.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e88.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360589.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e8a.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360590.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e8c.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360591.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e8d.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360592.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e90.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360593.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e92.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360594.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e94.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360595.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e96.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360596.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e97.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360597.dll
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48dc6e99.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360598.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e9b.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360601.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e9d.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360602.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6e9f.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360603.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6ea1.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360604.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6ea3.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360605.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6ea5.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360670.sys
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '48dc6ea9.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360797.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6eb0.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360798.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6eb2.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360799.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6eb4.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360800.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6eb6.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360803.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6eb9.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360806.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ebb.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360809.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ebe.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360810.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ec0.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360811.exe
[DETECTION] Is the TR/Obfuscated.EN.112 Trojan
[NOTE] The file was moved to '48dc6ec2.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360812.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ec4.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360813.exe
[DETECTION] Is the TR/FatObfus.2.Gen Trojan
[NOTE] The file was moved to '48dc6ec8.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360814.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6eca.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360815.exe
[DETECTION] Is the TR/Obfuscated.EN.2655 Trojan
[NOTE] The file was moved to '48dc6ecc.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360816.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ece.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360817.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ed0.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360818.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ed2.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360819.exe
[DETECTION] Is the TR/Obfusgen.A.5356 Trojan
[NOTE] The file was moved to '48dc6ed4.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360820.exe
[DETECTION] Is the TR/Obfusgen.A.5437 Trojan
[NOTE] The file was moved to '48dc6ed7.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360821.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ed9.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360822.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6edb.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360823.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6edd.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360824.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6edf.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360825.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ee1.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360826.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ee3.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360827.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ee5.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360829.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6ee8.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360897.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6eed.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP392\A0360898.dll
[DETECTION] Is the TR/Vundo.dvc.4 Trojan
[NOTE] The file was moved to '48dc6eef.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360956.dll
[DETECTION] Is the TR/Vundo.dvc.4 Trojan
[NOTE] The file was moved to '48dc6ef4.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360957.dll
[DETECTION] Is the TR/Vundo.dvc.4 Trojan
[NOTE] The file was moved to '48dc6ef6.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360958.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6ef8.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360959.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6efa.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360960.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6efc.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360961.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48dc6efe.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360962.DLL
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f00.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360965.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6f03.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360966.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6f05.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360967.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48dc6f07.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360968.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f09.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360969.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f0b.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360970.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f0d.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360971.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f0f.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360972.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f11.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360973.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f13.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360974.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f15.qua'!
C:\System Volume Information\_restore{2DB37729-7E03-4F82-ADEF-4057C22A22C7}\RP393\A0360975.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.BHO.W Trojan
[NOTE] The file was moved to '48dc6f17.qua'!
C:\FOUND.135\FILE0001.CHK
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f56f6c.qua'!
C:\FOUND.135\FILE0002.CHK
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f56f6e.qua'!
C:\QooBox\Quarantine\catchme2008-08-18_ 10857,68.zip
[0] Archive type: ZIP
--> Winha23.sys
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '491d6f92.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\~.exe.vir
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '490e6f62.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lphclkqj0e54t.exe.vir
[DETECTION] Is the TR/Fakealert.aah.6 Trojan
[NOTE] The file was moved to '49116fa6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pphclkqj0e54t.exe.vir
[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
[NOTE] The file was moved to '49116fa8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\aljdolil.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49136fa7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bgnptges.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49176fa4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\clpmvvih.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49196fab.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddhkfiyy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48bc19b7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\deekytox.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490e6fa9.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dkkhjqkk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49146fb1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dmbyesbx.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '490b6fb5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\dxkosphh.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49146fc2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\eeitjckw.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49126fb1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ewufwclj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491e6fc5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\gabiwxtb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490b6fb2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\griqwikn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49126fc5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hpvypylp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491f6fc5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hqsglsmg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491c6fc8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hwioahhj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49126fd0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hxybngwq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49226fd3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ifkleyoi.dll.vir
[DETECTION] Is the TR/Vundo.DUP Trojan
[NOTE] The file was moved to '49146fc5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ixhmuhrn.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49116fdc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kexxwfrb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49216fcc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\kuteorhf.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '491d6fdd.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lmplybew.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49196fd7.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lnmgmppw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49166fda.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\lurtlame.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491b6fe3.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mtfdewfa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490f6fe4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\mvvtgcdj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491f6fe8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nbyfbeto.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '49226fd6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ncckhcqp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490c6fd8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\nyvsgjco.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491f6ff0.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ourkqusc.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '491b6fee.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ovrbxnba.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491b6ff1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\pqgrjqgc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49106fee.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\prbgjima.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490b6ff1.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\psrhavlv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491b6ff4.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rbwqrwhn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49206fe5.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\rjthytpk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491d6fef.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tcvdrdpx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491f6fea.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tpqjibmr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '491a6ff8.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vhklwgdn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49146ff2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\vrrcsaqh.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '491b6ffe.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wcbpxqtf.dll.vir
[DETECTION] Is the TR/Dldr.ConHook.Gen Trojan
[NOTE] The file was moved to '48a619e2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\wfgshbab.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49106ff6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\xjopecip.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49186ffc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ybayuefa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490a6ff6.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\ygdgjhtq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '490d6ffc.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yskgiqgd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4914700a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yymiaxjw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49167012.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\Drivers\Winha23.sys.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '49177005.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/10.tmp
[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan
[NOTE] The file was moved to '490c7003.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\dart warn.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491b7008.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\start flaw.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490a701d.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\Body Blue.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490d701b.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\ball option.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4915700f.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\ALLUSE~1\APPLIC~1\ford does hold option\axis stop.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4912702b.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\zhfatvda.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490f701e.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\qgzwxgcl.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4923701f.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\thvjdyyj.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491f7022.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\xsdlhjzh.exe
[DETECTION] Is the TR/Obfuscated.EN.112 Trojan
[NOTE] The file was moved to '490d702f.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\Poll gram upload.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4915702d.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\cntmpoqp.exe
[DETECTION] Is the TR/FatObfus.2.Gen Trojan
[NOTE] The file was moved to '491d702e.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\kcwajdaf.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49207025.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\wfvzaism.exe
[DETECTION] Is the TR/Obfuscated.EN.2655 Trojan
[NOTE] The file was moved to '491f702a.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\ckcvjykk.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490c7031.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\sauptfmq.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491e7029.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\xsqmboqc.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491a703d.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\toabxfog.exe
[DETECTION] Is the TR/Obfusgen.A.5356 Trojan
[NOTE] The file was moved to '490a703b.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\mnofbfvg.exe
[DETECTION] Is the TR/Obfusgen.A.5437 Trojan
[NOTE] The file was moved to '4918703d.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\kqtludkh.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491d7042.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\yawncpcr.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49207033.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\iczadnmk.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49237038.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\xalowmmr.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49157038.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\msjyxxva.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4913704c.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\pgglgmij.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49107042.qua'!
C:\Lop SD\Backup-Lop\DOCUME~1\CONFOR~1\APPLIC~1\AXISTI~1\rddocpfl.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '490d7041.qua'!
C:\Lop SD\Backup-Lop\Program Files\Adverts\uninst.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4912704d.qua'!
Begin scan in 'D:\' <ACERDATA>

End of the scan: lundi 18 août 2008 14:49
Used time: 1:12:43 Hour(s)

The scan has been done completely.

8276 Scanning directories
638571 Files were scanned
196 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
196 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
638373 Files not concerned
8168 Archives were scanned
2 Warnings
196 Notes

Destrio5 · Answer

Supprime (Delete) tout ce qu'il y a dans la quarantaine d'Antivir.

gwenissa · Answer

c'est fait

Destrio5 · Answer

Ok, poste un nouveau rapport HijackThis.

gwenissa · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:26, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Destrio5 · Answer

---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll 

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll     

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll     

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32  
   
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC     

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC     

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName     

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime     

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe     

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')     

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')     

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')     

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe     

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) 

O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\ 

O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\ 

O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\ 

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre et poste un nouveau rapport HijackThis

gwenissa · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:51:56, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Destrio5 · Answer

Tu as redémarré ton PC ?

gwenissa · Answer

oui ... 
je vais le redemarrer encore une fois ... et je reposte un scan

gwenissa · Answer

voila j'ai re redemarrer , et voici le nouveau scan 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:42, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Ati HotKey Poller Atiwinmgmt (Atiwinmgmt) - Unknown owner - C:\WINDOWS\
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspMessenger (NtLmSspMessenger) - Unknown owner - C:\WINDOWS\
O23 - Service: Localisateur d'appels de procédure distante (RPC) RpcLocatorehSched (RpcLocatorehSched) - Unknown owner - C:\WINDOWS\
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Destrio5 · Answer

Moué, on va faire autrement :

---> Menu démarrer > Exécuter > services.msc > OK

---> Double-clique sur Atiwinmgmt 

---> Mets le type de démarrage en désactivé

---> Fais pareil pour les services suivants :

NtLmSspMessenger

RpcLocatorehSched

---> Redémarre ton PC et poste un nouveau rapport HijackThis

gwenissa · Answer

aucun de ces noms apparait dans la liste :S

Destrio5 · Answer

---> Menu démarrer > Exécuter > cmd > OK 

---> Tape sc delete Atiwinmgmt dans la fenêtre noire > Appuie sur Entrée

---> Tu vas avoir un message avec SUCCESS normalement.

gwenissa · Answer

oui ... je fais pareil avec les noms donnés précedemment ?

Destrio5 · Answer

Ça a fonctionné ?

gwenissa · Answer

oui j'ai eu le message SUCCESS 
est ce que je dois faire pareil avec les autres noms que tu m'as dis tout a l'heure ?

Destrio5 · Answer

Oui pour :

NtLmSspMessenger

RpcLocatorehSched

gwenissa · Answer

cela a marché pour les2

Destrio5 · Answer

Poste un nouveau rapport HijackThis pour voir.

gwenissa · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:51, on 18/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32undll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\UMStor\Res.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\conforama\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7
tiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL 8.0 Icône AOL.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Destrio5 · Answer

As-tu encore des problèmes ou on peut passer à l'étape finale ?

gwenissa · Answer

non c'est bon ...
on peut passer à l'étape finale !

gwenissa · Answer

desolée ... je dois partir ... je reviendrais ce soir 

encore merci !

gwenissa · Answer

je suis de retour ...

Destrio5 · Answer

---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

Télécharge Tools Cleaner sur ton bureau.
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser. 
Tu peux, si tu le souhaites, te servir des Options facultatives.
Clique sur Quitter pour obtenir le rapport. 
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

---> Installe le SP3 :
https://www.clubic.com/telecharger-fiche242026-windows-xp-service-pack-3.html

gwenissa · Answer

voici le scan, par contre je n'ai pas compris à quoi sert desactiver puis réactiver la restauration du systeme? pour ce qui est de creer un point de restauration je vais le faire dessuite ! 
encore merci de toute l'aide que tu m'as apporté , et tous les conseils et renseignements ! 
-->- Recherche: 

C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\conforama\Bureau\SdFix.exe: trouvé !
C:\Documents and Settings\conforama\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\conforama\Bureau\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\conforama\Bureau\SdFix.exe: supprimé !
C:\Documents and Settings\conforama\Bureau\ComboFix.exe: Erreur de suppression !
C:\Documents and Settings\conforama\Bureau\HijackThis.exe: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !

Corbeille vidée!
Fichiers temporaires nettoyés !

Antivirus xp 2008

65 réponses

Votre réponse

Discussions similaires

Newsletters