Infesté par Conhook.D et Vundo.D
Résolu/Fermé
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
-
16 déc. 2008 à 16:46
jenny131078 Messages postés 170 Date d'inscription mardi 22 mai 2007 Statut Membre Dernière intervention 23 mars 2014 - 17 déc. 2008 à 11:57
jenny131078 Messages postés 170 Date d'inscription mardi 22 mai 2007 Statut Membre Dernière intervention 23 mars 2014 - 17 déc. 2008 à 11:57
17 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 17:03
16 déc. 2008 à 17:03
slt,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 17:26
16 déc. 2008 à 17:26
Slt Merci pour ta réponse rapide.
J'ai fait un scan MSNFIX en voici le rapport. I la reconnu une infection mais à priori ne l'a pas résolu.
Je vais également faire suivre le UploadMe à l'adresse que tu m'as indiqué.
read file error: C:\DOCUME~1\Jenny\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\Jenny\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.
Je continue avec SDFIX et combofix et post les rapports dès que c'est terminé
A tte
J'ai fait un scan MSNFIX en voici le rapport. I la reconnu une infection mais à priori ne l'a pas résolu.
Je vais également faire suivre le UploadMe à l'adresse que tu m'as indiqué.
read file error: C:\DOCUME~1\Jenny\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\Jenny\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.
Je continue avec SDFIX et combofix et post les rapports dès que c'est terminé
A tte
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 17:53
16 déc. 2008 à 17:53
ci-dessous le rapport SDFIX :
[b]SDFix: Version 1.240 [/b]
Run by Jenny on 16/12/2008 at 17:35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 17:44:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\installer\\mcoinstall.exe"="C:\\Program Files\\installer\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SFR\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\SFR\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by Jenny on 16/12/2008 at 17:35
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 17:44:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\WINDOWS\\system32\\mcoinstall.exe"="C:\\WINDOWS\\system32\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\installer\\mcoinstall.exe"="C:\\Program Files\\installer\\mcoinstall.exe:*:Enabled:mcoinstall"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic"
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\SFR\\Media Center\\httpd\\httpd.exe"="C:\\Program Files\\SFR\\Media Center\\httpd\\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
[b]Finished![/b]
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 18:11
16 déc. 2008 à 18:11
Et voici le rapport ComboFix. Dans l'attente de te lire
Merci
ComboFix 08-12-15.08 - Jenny 2008-12-16 17:59:27.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.591 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jenny\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\_003974_.tmp.dll
c:\windows\system32\_003975_.tmp.dll
c:\windows\system32\_003976_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003984_.tmp.dll
c:\windows\system32\_003985_.tmp.dll
c:\windows\system32\_003986_.tmp.dll
c:\windows\system32\_003988_.tmp.dll
c:\windows\system32\_003989_.tmp.dll
c:\windows\system32\_003992_.tmp.dll
c:\windows\system32\_003993_.tmp.dll
c:\windows\system32\_003995_.tmp.dll
c:\windows\system32\_003996_.tmp.dll
c:\windows\system32\_003997_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004002_.tmp.dll
c:\windows\system32\_004003_.tmp.dll
c:\windows\system32\_004007_.tmp.dll
c:\windows\system32\_004008_.tmp.dll
c:\windows\system32\_004010_.tmp.dll
c:\windows\system32\_004013_.tmp.dll
c:\windows\system32\_004015_.tmp.dll
c:\windows\system32\_004016_.tmp.dll
c:\windows\system32\_004017_.tmp.dll
c:\windows\system32\_004018_.tmp.dll
c:\windows\system32\_004021_.tmp.dll
c:\windows\system32\_004022_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004024_.tmp.dll
c:\windows\system32\_004025_.tmp.dll
c:\windows\system32\_004030_.tmp.dll
c:\windows\system32\_004032_.tmp.dll
c:\windows\system32\_006192_.tmp.dll
c:\windows\system32\_006193_.tmp.dll
c:\windows\system32\_006194_.tmp.dll
c:\windows\system32\_006195_.tmp.dll
c:\windows\system32\_006202_.tmp.dll
c:\windows\system32\_006203_.tmp.dll
c:\windows\system32\_006204_.tmp.dll
c:\windows\system32\_006205_.tmp.dll
c:\windows\system32\_006207_.tmp.dll
c:\windows\system32\_006208_.tmp.dll
c:\windows\system32\_006211_.tmp.dll
c:\windows\system32\_006212_.tmp.dll
c:\windows\system32\_006214_.tmp.dll
c:\windows\system32\_006215_.tmp.dll
c:\windows\system32\_006216_.tmp.dll
c:\windows\system32\_006218_.tmp.dll
c:\windows\system32\_006221_.tmp.dll
c:\windows\system32\_006222_.tmp.dll
c:\windows\system32\_006226_.tmp.dll
c:\windows\system32\_006227_.tmp.dll
c:\windows\system32\_006229_.tmp.dll
c:\windows\system32\_006232_.tmp.dll
c:\windows\system32\_006234_.tmp.dll
c:\windows\system32\_006235_.tmp.dll
c:\windows\system32\_006236_.tmp.dll
c:\windows\system32\_006237_.tmp.dll
c:\windows\system32\_006238_.tmp.dll
c:\windows\system32\_006241_.tmp.dll
c:\windows\system32\_006242_.tmp.dll
c:\windows\system32\_006243_.tmp.dll
c:\windows\system32\_006244_.tmp.dll
c:\windows\system32\_006245_.tmp.dll
c:\windows\system32\_006250_.tmp.dll
c:\windows\system32\_006252_.tmp.dll
c:\windows\system32\awtqnolI.dll
c:\windows\system32\cbXNHYsR.dll
c:\windows\system32\cbXPiHaw.dll
c:\windows\system32\dooljftd.dll
c:\windows\system32\geBtTLbb.dll
c:\windows\system32\JjjlnUtv.ini
c:\windows\system32\JjjlnUtv.ini2
c:\windows\system32\ljJDSjGV.dll
c:\windows\system32\pcqkqwgl.ini
c:\windows\system32\Process.exe
c:\windows\system32\winsecurityxp
c:\windows\system32\winsecurityxp\rk.exe
c:\windows\Tasks\pjatmrzq.job
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VFILT
-------\Service_npf
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.
2208-05-12 11:19 . 2208-05-12 11:19 3,120 --a--c--- c:\windows\MF_C421.lfa
2208-05-12 11:19 . 2208-05-12 11:19 3,120 --a--c--- c:\windows\MF_C420.lfa
2008-12-16 17:30 . 2008-12-16 17:31 <REP> d-------- c:\windows\ERUNT
2008-12-16 17:26 . 2008-12-16 17:49 <REP> d-------- C:\SDFix
2008-12-16 17:00 . 2008-12-16 17:00 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\IE7pro
2008-12-16 16:14 . 2008-12-16 16:15 70,144 --a------ c:\windows\system32\yaywwTjj.dll
2008-12-16 16:13 . 2008-12-13 01:16 52,786 --a------ c:\windows\fxstaller.MSNFix
2008-12-15 12:46 . 2008-12-15 12:46 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 23:52 . 2004-08-20 01:09 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-11 23:52 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-08 13:04 . 2008-12-08 13:04 <REP> d-------- c:\documents and settings\Jenny\Application Data\AidMaker
2008-12-05 01:03 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-03 19:23 . 2008-12-03 19:23 <REP> d-------- c:\windows\AidMaker
2008-12-02 12:28 . 2008-12-02 12:28 268 --ah----- C:\sqmdata08.sqm
2008-12-02 12:28 . 2008-12-02 12:28 244 --ah----- C:\sqmnoopt08.sqm
2008-12-01 12:54 . 2008-12-01 12:54 268 --ah----- C:\sqmdata07.sqm
2008-12-01 12:54 . 2008-12-01 12:54 244 --ah----- C:\sqmnoopt07.sqm
2008-11-24 20:18 . 2008-11-24 20:19 <REP> d-------- c:\program files\iTunes
2008-11-24 20:18 . 2008-11-24 20:18 <REP> d-------- c:\program files\iPod
2008-11-24 20:18 . 2008-11-24 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 20:12 . 2008-11-24 20:13 <REP> d-------- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 17:05 --------- d-----w c:\program files\RamBoost XP
2008-12-16 16:55 --------- d-----w c:\documents and settings\Jenny\Application Data\OpenOffice.org2
2008-12-16 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-15 11:46 --------- d-----w c:\program files\Java
2008-12-14 20:41 --------- d-----w c:\documents and settings\Jenny\Application Data\dvdcss
2008-12-11 22:56 --------- d-----w c:\documents and settings\Jenny\Application Data\Apple Computer
2008-12-08 11:58 --------- d-----w c:\program files\Google
2008-12-08 11:58 --------- d-----w c:\program files\7-Zip
2008-12-07 22:59 --------- d-----w c:\program files\SweetIM
2008-12-07 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-12-07 22:56 --------- d-----w c:\program files\VirginMega
2008-12-07 22:53 --------- d-----w c:\program files\Netlor Studio
2008-12-03 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-24 20:27 --------- d-----w c:\program files\PokerStars
2008-11-24 19:18 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-15 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-11 01:00 --------- d-----w c:\documents and settings\Jenny\Application Data\LimeWire
2008-11-10 02:48 --------- d-----w c:\program files\VirtualDubMOD
2008-11-09 11:09 --------- d-----w c:\program files\DivX
2008-11-01 20:05 --------- d-----w c:\program files\SFR
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 22:41 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 18:20 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2007-06-07 22:21 47,360 ----a-w c:\documents and settings\Jenny\Application Data\pcouffin.sys
2007-05-06 20:36 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2005-11-04 07:29 72,832 ----a-w c:\windows\inf\CamAvb.sys
2001-03-28 11:02 122,880 ----a-w c:\windows\inf\AGFA\message.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"RamBoostXp"="c:\program files\RamBoost XP\rambxpfr.exe" [2004-03-09 1542144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-22 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"e-TF1"="c:\program files\TF1Vision\TF1vision.exe" [2008-03-05 397312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-17 111928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\Jenny\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-10-07 155648]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 2913584]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
SiWake.lnk - c:\program files\Wireless LAN Utility\SiWake.exe [2007-05-06 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DIV3"= DivXc32.dll
"VIDC.DIV4"= DivXc32f.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= DivXa32.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Jenny\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=c:\documents and settings\Jenny\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=c:\documents and settings\Jenny\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=c:\windows\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 21:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-10-27 11:00 299008 c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-03-23 17:06 1398272 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-10-11 18:25 1961984 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-02-20 16:19 360448 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 17:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-23 01:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-22 22:52 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2007-02-20 02:07 199752 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
--a------ 2007-06-13 14:22 1037312 c:\windows\explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\Program Files\\installer\\mcoinstall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%SystemDir%\\winsecurityxp\\mswinup.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys []
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2006-12-04 36256]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2007-06-11 16512]
S3 BelkinNGservicename;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card;c:\windows\system32\DRIVERS\GigNIC.sys [2006-10-10 226432]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-06 215552]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys []
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-02-21 178913]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'
2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{606B986D-FB81-4356-AF54-80AEE279432C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{441BED50-24F0-4773-B959-7BC2D4B1CB2B} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{620395C9-5C2B-4474-89B6-D2A63CEA2EF8} - (no file)
HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-wsctf.exe - wsctf.exe
Notify-ddcCTjHX - ddcCTjHX.dll
Notify-dimsntfy - (no file)
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://home.neuf.fr/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.free.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\Rawflow.ocx - O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00}
hxxp://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
O16 -: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]6l5q5bd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.live.com/default.aspx?mkt=fr-fr&wa=wsignin1.0
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npalnn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 18:04:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Heure de fin: 2008-12-16 18:08:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-16 17:08:44
Avant-CF: 4 398 145 536 octets libres
Après-CF: 4,306,022,400 octets libres
427 --- E O F --- 2008-12-11 22:50:47
Merci
ComboFix 08-12-15.08 - Jenny 2008-12-16 17:59:27.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1023.591 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jenny\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\_003974_.tmp.dll
c:\windows\system32\_003975_.tmp.dll
c:\windows\system32\_003976_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003984_.tmp.dll
c:\windows\system32\_003985_.tmp.dll
c:\windows\system32\_003986_.tmp.dll
c:\windows\system32\_003988_.tmp.dll
c:\windows\system32\_003989_.tmp.dll
c:\windows\system32\_003992_.tmp.dll
c:\windows\system32\_003993_.tmp.dll
c:\windows\system32\_003995_.tmp.dll
c:\windows\system32\_003996_.tmp.dll
c:\windows\system32\_003997_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004002_.tmp.dll
c:\windows\system32\_004003_.tmp.dll
c:\windows\system32\_004007_.tmp.dll
c:\windows\system32\_004008_.tmp.dll
c:\windows\system32\_004010_.tmp.dll
c:\windows\system32\_004013_.tmp.dll
c:\windows\system32\_004015_.tmp.dll
c:\windows\system32\_004016_.tmp.dll
c:\windows\system32\_004017_.tmp.dll
c:\windows\system32\_004018_.tmp.dll
c:\windows\system32\_004021_.tmp.dll
c:\windows\system32\_004022_.tmp.dll
c:\windows\system32\_004023_.tmp.dll
c:\windows\system32\_004024_.tmp.dll
c:\windows\system32\_004025_.tmp.dll
c:\windows\system32\_004030_.tmp.dll
c:\windows\system32\_004032_.tmp.dll
c:\windows\system32\_006192_.tmp.dll
c:\windows\system32\_006193_.tmp.dll
c:\windows\system32\_006194_.tmp.dll
c:\windows\system32\_006195_.tmp.dll
c:\windows\system32\_006202_.tmp.dll
c:\windows\system32\_006203_.tmp.dll
c:\windows\system32\_006204_.tmp.dll
c:\windows\system32\_006205_.tmp.dll
c:\windows\system32\_006207_.tmp.dll
c:\windows\system32\_006208_.tmp.dll
c:\windows\system32\_006211_.tmp.dll
c:\windows\system32\_006212_.tmp.dll
c:\windows\system32\_006214_.tmp.dll
c:\windows\system32\_006215_.tmp.dll
c:\windows\system32\_006216_.tmp.dll
c:\windows\system32\_006218_.tmp.dll
c:\windows\system32\_006221_.tmp.dll
c:\windows\system32\_006222_.tmp.dll
c:\windows\system32\_006226_.tmp.dll
c:\windows\system32\_006227_.tmp.dll
c:\windows\system32\_006229_.tmp.dll
c:\windows\system32\_006232_.tmp.dll
c:\windows\system32\_006234_.tmp.dll
c:\windows\system32\_006235_.tmp.dll
c:\windows\system32\_006236_.tmp.dll
c:\windows\system32\_006237_.tmp.dll
c:\windows\system32\_006238_.tmp.dll
c:\windows\system32\_006241_.tmp.dll
c:\windows\system32\_006242_.tmp.dll
c:\windows\system32\_006243_.tmp.dll
c:\windows\system32\_006244_.tmp.dll
c:\windows\system32\_006245_.tmp.dll
c:\windows\system32\_006250_.tmp.dll
c:\windows\system32\_006252_.tmp.dll
c:\windows\system32\awtqnolI.dll
c:\windows\system32\cbXNHYsR.dll
c:\windows\system32\cbXPiHaw.dll
c:\windows\system32\dooljftd.dll
c:\windows\system32\geBtTLbb.dll
c:\windows\system32\JjjlnUtv.ini
c:\windows\system32\JjjlnUtv.ini2
c:\windows\system32\ljJDSjGV.dll
c:\windows\system32\pcqkqwgl.ini
c:\windows\system32\Process.exe
c:\windows\system32\winsecurityxp
c:\windows\system32\winsecurityxp\rk.exe
c:\windows\Tasks\pjatmrzq.job
----- BITS: Il y a peut-être des sites infectés -----
hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_VFILT
-------\Service_npf
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.
2208-05-12 11:19 . 2208-05-12 11:19 3,120 --a--c--- c:\windows\MF_C421.lfa
2208-05-12 11:19 . 2208-05-12 11:19 3,120 --a--c--- c:\windows\MF_C420.lfa
2008-12-16 17:30 . 2008-12-16 17:31 <REP> d-------- c:\windows\ERUNT
2008-12-16 17:26 . 2008-12-16 17:49 <REP> d-------- C:\SDFix
2008-12-16 17:00 . 2008-12-16 17:00 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\IE7pro
2008-12-16 16:14 . 2008-12-16 16:15 70,144 --a------ c:\windows\system32\yaywwTjj.dll
2008-12-16 16:13 . 2008-12-13 01:16 52,786 --a------ c:\windows\fxstaller.MSNFix
2008-12-15 12:46 . 2008-12-15 12:46 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-11 23:52 . 2004-08-20 01:09 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-11 23:52 . 2001-08-23 17:47 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-08 13:04 . 2008-12-08 13:04 <REP> d-------- c:\documents and settings\Jenny\Application Data\AidMaker
2008-12-05 01:03 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2008-12-03 19:23 . 2008-12-03 19:23 <REP> d-------- c:\windows\AidMaker
2008-12-02 12:28 . 2008-12-02 12:28 268 --ah----- C:\sqmdata08.sqm
2008-12-02 12:28 . 2008-12-02 12:28 244 --ah----- C:\sqmnoopt08.sqm
2008-12-01 12:54 . 2008-12-01 12:54 268 --ah----- C:\sqmdata07.sqm
2008-12-01 12:54 . 2008-12-01 12:54 244 --ah----- C:\sqmnoopt07.sqm
2008-11-24 20:18 . 2008-11-24 20:19 <REP> d-------- c:\program files\iTunes
2008-11-24 20:18 . 2008-11-24 20:18 <REP> d-------- c:\program files\iPod
2008-11-24 20:18 . 2008-11-24 20:19 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-24 20:12 . 2008-11-24 20:13 <REP> d-------- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 17:05 --------- d-----w c:\program files\RamBoost XP
2008-12-16 16:55 --------- d-----w c:\documents and settings\Jenny\Application Data\OpenOffice.org2
2008-12-16 12:57 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-15 11:46 --------- d-----w c:\program files\Java
2008-12-14 20:41 --------- d-----w c:\documents and settings\Jenny\Application Data\dvdcss
2008-12-11 22:56 --------- d-----w c:\documents and settings\Jenny\Application Data\Apple Computer
2008-12-08 11:58 --------- d-----w c:\program files\Google
2008-12-08 11:58 --------- d-----w c:\program files\7-Zip
2008-12-07 22:59 --------- d-----w c:\program files\SweetIM
2008-12-07 22:59 --------- d-----w c:\documents and settings\All Users\Application Data\SweetIM
2008-12-07 22:56 --------- d-----w c:\program files\VirginMega
2008-12-07 22:53 --------- d-----w c:\program files\Netlor Studio
2008-12-03 18:37 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-24 20:27 --------- d-----w c:\program files\PokerStars
2008-11-24 19:18 --------- d-----w c:\program files\Fichiers communs\Apple
2008-11-15 13:15 --------- d-----w c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-11 01:00 --------- d-----w c:\documents and settings\Jenny\Application Data\LimeWire
2008-11-10 02:48 --------- d-----w c:\program files\VirtualDubMOD
2008-11-09 11:09 --------- d-----w c:\program files\DivX
2008-11-01 20:05 --------- d-----w c:\program files\SFR
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 22:41 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 18:20 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:17 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2007-06-07 22:21 47,360 ----a-w c:\documents and settings\Jenny\Application Data\pcouffin.sys
2007-05-06 20:36 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2005-11-04 07:29 72,832 ----a-w c:\windows\inf\CamAvb.sys
2001-03-28 11:02 122,880 ----a-w c:\windows\inf\AGFA\message.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
"Neuf Media Center"="c:\program files\SFR\Media Center\MediaCenter.exe" [2008-10-10 726336]
"RamBoostXp"="c:\program files\RamBoost XP\rambxpfr.exe" [2004-03-09 1542144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-09-21 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-10-22 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 262401]
"e-TF1"="c:\program files\TF1Vision\TF1vision.exe" [2008-03-05 397312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-17 111928]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\Jenny\Menu D‚marrer\Programmes\D‚marrage\
Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-10-07 155648]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
Stardock ObjectDock.lnk - c:\windows\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885]
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-20 2913584]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
SiWake.lnk - c:\program files\Wireless LAN Utility\SiWake.exe [2007-05-06 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.DIV3"= DivXc32.dll
"VIDC.DIV4"= DivXc32f.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= DivXa32.acm
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\Jenny\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^MagicDisc.lnk]
path=c:\documents and settings\Jenny\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Jenny^Menu Démarrer^Programmes^Démarrage^Y'z ToolBar.lnk]
path=c:\documents and settings\Jenny\Menu Démarrer\Programmes\Démarrage\Y'z ToolBar.lnk
backup=c:\windows\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 21:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
--------- 2005-10-27 11:00 299008 c:\program files\Creative\Shared Files\CamTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2006-03-23 17:06 1398272 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-10-11 18:25 1961984 c:\program files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-02-20 16:19 360448 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 2006-07-07 17:45 1052672 c:\program files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-23 01:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-10-22 22:52 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
--a------ 2007-02-20 02:07 199752 c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EXPLORER.EXE]
--a------ 2007-06-13 14:22 1037312 c:\windows\explorer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\WINDOWS\\system32\\mcoinstall.exe"=
"c:\\Program Files\\installer\\mcoinstall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%SystemDir%\\winsecurityxp\\mswinup.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\SFR\Media Center\httpd\httpd.exe"= c:\program files\SFR\Media Center\httpd\httpd.exe:172.16.255.0/255.255.255.0,192.168.1.0/255.255.255.0:Enabled:Serveur de partage Media Center (Player SFR)
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S1 aswSP;avast! Self Protection; []
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys []
S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\Drivers\Ca533av.sys []
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\DRIVERS\alcan5ln.sys [2006-12-04 36256]
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2007-06-11 16512]
S3 BelkinNGservicename;NDIS5.1 Miniport Driver for Belkin Gigabit Desktop Card;c:\windows\system32\DRIVERS\GigNIC.sys [2006-10-10 226432]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-02-27 13352]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-05-06 215552]
S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\Drivers\Bulk533.sys []
S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2007-02-21 178913]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}]
\Shell\AutoRun\command - I:\EXPLORER.EXE
\Shell\explore\Command - I:\EXPLORER.EXE
\Shell\open\Command - I:\EXPLORER.EXE
.
Contenu du dossier 'Tâches planifiées'
2008-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
2008-12-16 c:\windows\Tasks\User_Feed_Synchronization-{606B986D-FB81-4356-AF54-80AEE279432C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{441BED50-24F0-4773-B959-7BC2D4B1CB2B} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{620395C9-5C2B-4474-89B6-D2A63CEA2EF8} - (no file)
HKCU-Run-MsnMsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKCU-Run-wsctf.exe - wsctf.exe
Notify-ddcCTjHX - ddcCTjHX.dll
Notify-dimsntfy - (no file)
MSConfigStartUp-MySpaceIM - c:\program files\MySpace\IM\MySpaceIM.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://home.neuf.fr/
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar =
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://www.free.fr/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
c:\windows\Downloaded Program Files\Rawflow.ocx - O16 -: {029FDBA6-3547-11D7-AA4C-0050BF051A00}
hxxp://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_12.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
O16 -: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
c:\windows\Downloaded Program Files\setup.inf
c:\windows\Downloaded Program Files\OberonGameHost.dll - O16 -: {D0C0F75C-683A-4390-A791-1ACFD5599AB8}
hxxp://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
c:\windows\Downloaded Program Files\OberonGameHost_dbg.inf
FF - ProfilePath - c:\documents and settings\Jenny\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]6l5q5bd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.live.com/default.aspx?mkt=fr-fr&wa=wsignin1.0
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npalnn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npornap.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-16 18:04:21
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Heure de fin: 2008-12-16 18:08:52 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-16 17:08:44
Avant-CF: 4 398 145 536 octets libres
Après-CF: 4,306,022,400 octets libres
427 --- E O F --- 2008-12-11 22:50:47
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 18:20
16 déc. 2008 à 18:20
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
c:\windows\system32\yaywwTjj.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_____________________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
__________________________
remets ensuite un rapport combofix et dis tes soucis actuels
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)
:files
c:\windows\system32\yaywwTjj.dll
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
_____________________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
__________________________
remets ensuite un rapport combofix et dis tes soucis actuels
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 18:50
16 déc. 2008 à 18:50
Voici les deux rapports.
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\yaywwTjj.dll
c:\windows\system32\yaywwTjj.dll NOT unregistered.
c:\windows\system32\yaywwTjj.dll moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12162008_182644
-------------- UsbFix V2.413.4 ---------------
* User : Jenny - DELL-JENNY
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 18:35:53 le 16/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\DOCUME~1\Jenny\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
J: - Lecteur amovible
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[25/10/2006 09:11][---------] C:\AUTOEXEC.BAT
[07/10/2006 02:40][-rahs----] C:\NTDETECT.COM
[24/04/2008 20:15][--ahs----] C:\boot.ini
[16/12/2008 18:08][--a------] C:\ComboFix.txt
[16/12/2008 18:08][--a------] C:\UsbFix.txt
[07/10/2006 00:54][--a------] C:\CONFIG.SYS
[07/10/2006 00:54][--a------] C:\IO.SYS
[07/10/2006 00:54][--a------] C:\MSDOS.SYS
[07/10/2006 00:54][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[07/12/2006 21:29][--ahs----] D:\desktop.ini
[04/10/2006 13:31][--a------] D:\Dell.txt
--------------- [ Lecteur E ] ----------------
E: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur J ] ----------------
J: - Lecteur amovible
+- Listing des fichiers présents :
[22/09/2008 21:15][--a------] J:\PortableApps.com_Suite_Light_Setup_1.1.exe
[22/09/2008 21:15][--a------] J:\antivir_workstation_win7u_en_h.exe
[22/09/2008 21:15][--a------] J:\StartPortableApps.exe
[22/09/2008 21:15][--a------] J:\zaSetup_fr.exe
[22/09/2008 21:15][--a------] J:\VistaCodecs_v503.exe
[22/09/2008 21:15][--a------] J:\Norton_Removal_Tool.exe
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center="C:\Program Files\SFR\Media Center\MediaCenter.exe"
RamBoostXp=C:\Program Files\RamBoost XP\rambxpfr.exe
msnmsgr=~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
diagent="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
UpdReg=C:\WINDOWS\UpdReg.EXE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check=RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1=C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[25/10/2006 09:11][---------] C:\AUTOEXEC.BAT
[07/10/2006 02:40][-rahs----] C:\NTDETECT.COM
[24/04/2008 20:15][--ahs----] C:\boot.ini
[07/12/2006 21:29][--ahs----] D:\desktop.ini
[22/09/2008 21:15][--a------] J:\PortableApps.com_Suite_Light_Setup_1.1.exe
[22/09/2008 21:15][--a------] J:\antivir_workstation_win7u_en_h.exe
[22/09/2008 21:15][--a------] J:\StartPortableApps.exe
[22/09/2008 21:15][--a------] J:\zaSetup_fr.exe
[22/09/2008 21:15][--a------] J:\VistaCodecs_v503.exe
[22/09/2008 21:15][--a------] J:\Norton_Removal_Tool.exe
--------------- ! Fin du rapport ! ----------------
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\yaywwTjj.dll
c:\windows\system32\yaywwTjj.dll NOT unregistered.
c:\windows\system32\yaywwTjj.dll moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12162008_182644
-------------- UsbFix V2.413.4 ---------------
* User : Jenny - DELL-JENNY
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 18:35:53 le 16/12/2008
* Windows Xp - Internet Explorer 7.0.5730.11
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\DOCUME~1\Jenny\LOCALS~1\Temp\1.tmp\b2e.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
J: - Lecteur amovible
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[25/10/2006 09:11][---------] C:\AUTOEXEC.BAT
[07/10/2006 02:40][-rahs----] C:\NTDETECT.COM
[24/04/2008 20:15][--ahs----] C:\boot.ini
[16/12/2008 18:08][--a------] C:\ComboFix.txt
[16/12/2008 18:08][--a------] C:\UsbFix.txt
[07/10/2006 00:54][--a------] C:\CONFIG.SYS
[07/10/2006 00:54][--a------] C:\IO.SYS
[07/10/2006 00:54][--a------] C:\MSDOS.SYS
[07/10/2006 00:54][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[07/12/2006 21:29][--ahs----] D:\desktop.ini
[04/10/2006 13:31][--a------] D:\Dell.txt
--------------- [ Lecteur E ] ----------------
E: - Lecteur fixe
+- Listing des fichiers présents :
--------------- [ Lecteur J ] ----------------
J: - Lecteur amovible
+- Listing des fichiers présents :
[22/09/2008 21:15][--a------] J:\PortableApps.com_Suite_Light_Setup_1.1.exe
[22/09/2008 21:15][--a------] J:\antivir_workstation_win7u_en_h.exe
[22/09/2008 21:15][--a------] J:\StartPortableApps.exe
[22/09/2008 21:15][--a------] J:\zaSetup_fr.exe
[22/09/2008 21:15][--a------] J:\VistaCodecs_v503.exe
[22/09/2008 21:15][--a------] J:\Norton_Removal_Tool.exe
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center="C:\Program Files\SFR\Media Center\MediaCenter.exe"
RamBoostXp=C:\Program Files\RamBoost XP\rambxpfr.exe
msnmsgr=~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
diagent="C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
UpdReg=C:\WINDOWS\UpdReg.EXE
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check=RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1=C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
SweetIM=C:\Program Files\SweetIM\Messenger\SweetIM.exe
ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a52e342e-5599-11db-841f-ca73c7fb917e}\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e7f56124-53d4-11dc-badf-00032f3584ba}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[25/10/2006 09:11][---------] C:\AUTOEXEC.BAT
[07/10/2006 02:40][-rahs----] C:\NTDETECT.COM
[24/04/2008 20:15][--ahs----] C:\boot.ini
[07/12/2006 21:29][--ahs----] D:\desktop.ini
[22/09/2008 21:15][--a------] J:\PortableApps.com_Suite_Light_Setup_1.1.exe
[22/09/2008 21:15][--a------] J:\antivir_workstation_win7u_en_h.exe
[22/09/2008 21:15][--a------] J:\StartPortableApps.exe
[22/09/2008 21:15][--a------] J:\zaSetup_fr.exe
[22/09/2008 21:15][--a------] J:\VistaCodecs_v503.exe
[22/09/2008 21:15][--a------] J:\Norton_Removal_Tool.exe
--------------- ! Fin du rapport ! ----------------
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 18:55
16 déc. 2008 à 18:55
Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
_____________________________
analyse ces ficheirs sur virus total et si infectés tu les vire: https://www.virustotal.com/gui/
J:\PortableApps.com_Suite_Light_Setup_1.1.exe
J:\antivir_workstation_win7u_en_h.exe
J:\StartPortableApps.exe
J:\zaSetup_fr.exe
J:\VistaCodecs_v503.exe
J:\Norton_Removal_Tool.exe
___________________
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnectes toi et fermes toutes applications en cours
● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .
( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
_____________________________
analyse ces ficheirs sur virus total et si infectés tu les vire: https://www.virustotal.com/gui/
J:\PortableApps.com_Suite_Light_Setup_1.1.exe
J:\antivir_workstation_win7u_en_h.exe
J:\StartPortableApps.exe
J:\zaSetup_fr.exe
J:\VistaCodecs_v503.exe
J:\Norton_Removal_Tool.exe
___________________
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 19:08
16 déc. 2008 à 19:08
Voici le rapport AD-Remover
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
# START at: 19:03:01 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: DELL-JENNY | USER: Jenny ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
# Internet Explorer v7.0.5730.11
--------- [ RUNNING PROCESSES: 53 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| Messenger Skinner Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[07/12/2008 23:59|d--------] C:\PROGRA~1\SweetIM
[03/12/2008 19:46|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\default.xml
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMA~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGARCH~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgcommon.dll
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGCOMM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgconfig.dll
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGFLAS~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGHOOK~1.DLL
[17/11/2008 11:32|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQA~1.DLL
[17/11/2008 11:32|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGIEPL~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mglogger.dll
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMEDI~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNA~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNM~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSIMC~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSWEE~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGUPDA~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGXML_~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~2.DLL
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcp71.dll
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[03/12/2008 19:46|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\SweetIM.exe
[03/12/2008 19:46|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\AUDIBL~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\DISPLA~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\EMOTIC~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\NUDGEB~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\SOUNDF~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\WINKSB~1.PNG
[03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\chrome
[27/04/2008 14:12|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
[08/10/2008 11:59|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
[01/07/2008 15:54|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
[03/12/2008 20:10|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SWEETI~1
[03/12/2008 20:10|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SWEETI~1\logs
[07/12/2008 23:59|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[27/07/2008 01:36|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\logs
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\update
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\adapter.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\AUTOUP~1.XML
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\logger.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\messages.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\sweetim.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\SWEETI~1.XML
[11/12/2008 21:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[07/12/2008 19:13|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR
[03/12/2008 19:48|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR
[03/12/2008 19:48|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[11/12/2008 21:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM
[07/12/2008 19:14|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR\CONTEN~1.XML
[05/10/2008 15:38|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR\EMOTIC~1.XML
[12/08/2008 19:35|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR\USER_C~1.XML
[16/12/2008 18:23|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\CONTEN~1.XML
[12/08/2008 22:44|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\EMOTIC~1.XML
[12/08/2008 19:01|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\LASTUS~1.XML
[27/07/2008 01:36|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\USER_C~1.XML
[11/12/2008 21:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM\CONTEN~1.XML
[11/12/2008 21:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM\EMOTIC~1.XML
[11/12/2008 21:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM\USER_C~1.XML
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[23/08/2006 18:57|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010859.dat
[10/01/2007 10:27|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001088C.dat
[11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010896.dat
[13/05/2007 20:13|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001089B.dat
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[17/09/2007 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108AA.dat
[02/12/2007 12:30|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108BE.dat
[16/12/2007 09:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108C2.dat
[14/08/2008 11:34|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001091C.dat
[14/08/2008 11:34|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010937.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006A.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[10/01/2007 10:27|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002013F.dat
[01/03/2007 15:52|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020144.dat
[09/10/2007 10:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020185.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BD.dat
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00030048.dat
[21/08/2007 14:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00030053.dat
[17/09/2007 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00030056.dat
[05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0004002B.dat
[31/07/2006 19:25|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00040062.dat
[13/09/2006 18:22|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00040073.dat
[11/07/2007 12:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00050005.dat
[24/04/2008 17:18|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601A5.dat
[16/04/2008 12:13|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008000D.dat
[24/04/2008 17:18|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080014.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008001A.dat
[23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[21/08/2007 14:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\01030046.dat
[21/08/2007 14:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\01030047.dat
[11/07/2007 12:19|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\01050002.dat
[05/10/2008 15:38|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[16/12/2008 18:05|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\06l5q5bd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
Start Page : "https://outlook.live.com/owa/"
+----------+
FOUND - user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA1");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{F1F64FE5-FF03-4A5C-82FB-DC91253769C2}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center REG_SZ "C:\Program Files\SFR\Media Center\MediaCenter.exe"
msnmsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RamBoostXp REG_SZ C:\Program Files\RamBoost XP\rambxpfr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
diagent REG_SZ "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check REG_SZ RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1 REG_SZ C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-16.12.2008.log" (~23562 bytes)
# END at: 19:03:21 | 16/12/2008 - Time elapsed: 20.3 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 284 lines ]
+---------------------------------------------------------------------------+
Aucun fichier infecté sous J:\. De tte façon aucun soucis pour les virer, ce ne sont que des fichiers d'install que j'ai téléchargé pour la confuig d'un autre ordi
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
# START at: 19:03:01 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: DELL-JENNY | USER: Jenny ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
# Internet Explorer v7.0.5730.11
--------- [ RUNNING PROCESSES: 53 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
+-----------------------| Boonty/Boonty Games Elements found :
.
+-----------------------| Eorezo Elements found :
.
+-----------------------| Everest Poker Elements found :
.
+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :
.
+-----------------------| Messenger Skinner Elements found :
.
+-----------------------| Sweetim Elements found :
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
[07/12/2008 23:59|d--------] C:\PROGRA~1\SweetIM
[03/12/2008 19:46|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\default.xml
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMA~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGAIMM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGARCH~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgcommon.dll
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGCOMM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mgconfig.dll
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGFLAS~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGHOOK~1.DLL
[17/11/2008 11:32|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQA~1.DLL
[17/11/2008 11:32|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\MGICQM~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGIEPL~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\mglogger.dll
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMEDI~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNA~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGMSNM~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSIMC~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGSWEE~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGUPDA~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGXML_~1.DLL
[17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~1.DLL
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGYAHO~2.DLL
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcp71.dll
[11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
[03/12/2008 19:46|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1
[17/11/2008 11:32|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\SweetIM.exe
[03/12/2008 19:46|d--------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\AUDIBL~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\DISPLA~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\EMOTIC~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\NUDGEB~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\SOUNDF~1.PNG
[08/10/2008 11:56|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\RESOUR~1\images\WINKSB~1.PNG
[03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\chrome
[27/04/2008 14:12|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\CHROME~1.MAN
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1
[08/10/2008 11:59|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\install.rdf
[03/12/2008 19:46|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\chrome\SWEETI~1.JAR
[01/07/2008 15:54|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\COMPON~1\SIMAUT~1.JS
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF\manifest.mf
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.rsa
[08/10/2008 12:01|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\EXTENS~1\{EEE6C~1\META-INF\zigbert.sf
[03/12/2008 20:10|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SWEETI~1
[03/12/2008 20:10|d--------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SWEETI~1\logs
[07/12/2008 23:59|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf
[27/07/2008 01:36|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\logs
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\update
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\adapter.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\AUTOUP~1.XML
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\logger.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\messages.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\sweetim.xml
[08/10/2008 11:56|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\SWEETI~1.XML
[11/12/2008 21:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users
[07/12/2008 19:13|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR
[03/12/2008 19:48|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR
[03/12/2008 19:48|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\MAIN_U~1.XML
[11/12/2008 21:20|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM
[07/12/2008 19:14|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR\CONTEN~1.XML
[05/10/2008 15:38|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR\EMOTIC~1.XML
[12/08/2008 19:35|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\GOUIGO~1.FR\USER_C~1.XML
[16/12/2008 18:23|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\CONTEN~1.XML
[12/08/2008 22:44|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\EMOTIC~1.XML
[12/08/2008 19:01|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\LASTUS~1.XML
[27/07/2008 01:36|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\JENNY1~1.FR\USER_C~1.XML
[11/12/2008 21:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM\CONTEN~1.XML
[11/12/2008 21:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM\EMOTIC~1.XML
[11/12/2008 21:20|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\conf\users\NAI010~1.COM\USER_C~1.XML
[03/12/2008 19:46|d--------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1
[23/08/2006 18:57|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010859.dat
[10/01/2007 10:27|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001088C.dat
[11/04/2007 17:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010896.dat
[13/05/2007 20:13|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001089B.dat
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108A9.dat
[17/09/2007 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108AA.dat
[02/12/2007 12:30|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108BE.dat
[16/12/2007 09:54|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000108C2.dat
[14/08/2008 11:34|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0001091C.dat
[14/08/2008 11:34|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00010937.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006A.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002006E.dat
[10/01/2007 10:27|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0002013F.dat
[01/03/2007 15:52|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020144.dat
[09/10/2007 10:41|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00020185.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000202BD.dat
[13/08/2007 21:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00030048.dat
[21/08/2007 14:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00030053.dat
[17/09/2007 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00030056.dat
[05/06/2008 11:06|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0003009A.dat
[16/12/2005 11:23|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0004002B.dat
[31/07/2006 19:25|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00040062.dat
[13/09/2006 18:22|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00040073.dat
[11/07/2007 12:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00050005.dat
[24/04/2008 17:18|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\000601A5.dat
[16/04/2008 12:13|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008000D.dat
[24/04/2008 17:18|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080014.dat
[22/05/2008 20:20|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\0008001A.dat
[23/06/2008 16:32|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\00080024.dat
[21/08/2007 14:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\01030046.dat
[21/08/2007 14:21|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\01030047.dat
[11/07/2007 12:19|-ra------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\01050002.dat
[05/10/2008 15:38|--a------] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\MESSEN~1\data\CONTEN~1\CACHE_~1.DAT
[16/12/2008 18:05|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\06l5q5bd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
Start Page : "https://outlook.live.com/owa/"
+----------+
FOUND - user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
FOUND - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
FOUND - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
FOUND - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
FOUND - user_pref("sweetim.toolbar.mode.debug", "false");
FOUND - user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA1");
FOUND - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
FOUND - user_pref("sweetim.toolbar.search.history.capacity", "10");
FOUND - user_pref("sweetim.toolbar.simapp_id", "{F1F64FE5-FF03-4A5C-82FB-DC91253769C2}");
FOUND - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center REG_SZ "C:\Program Files\SFR\Media Center\MediaCenter.exe"
msnmsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RamBoostXp REG_SZ C:\Program Files\RamBoost XP\rambxpfr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
diagent REG_SZ "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check REG_SZ RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1 REG_SZ C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
SweetIM REG_SZ C:\Program Files\SweetIM\Messenger\SweetIM.exe
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Scan-16.12.2008.log" (~23562 bytes)
# END at: 19:03:21 | 16/12/2008 - Time elapsed: 20.3 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 284 lines ]
+---------------------------------------------------------------------------+
Aucun fichier infecté sous J:\. De tte façon aucun soucis pour les virer, ce ne sont que des fichiers d'install que j'ai téléchargé pour la confuig d'un autre ordi
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 19:11
16 déc. 2008 à 19:11
ok relance ad remover et choisi l'option B et tape le chiffre correspondant a sweetim et supprime le
puis mets le rapport et un nouveau rapport hijackthis ou RSIT
puis mets le rapport et un nouveau rapport hijackthis ou RSIT
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 19:22
16 déc. 2008 à 19:22
Le nouveau rapport Ad Remover
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Sweetim
******************
# START at: 19:16:31 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: DELL-JENNY | USER: Jenny ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
# Internet Explorer v7.0.5730.11
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
/!\ NOT DELETED - [07/12/2008 23:59|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [16/12/2008 19:16|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
/!\ NOT DELETED - [03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|d--------] C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\06l5q5bd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[03/12/2008 20:10|d--------] C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\06l5q5bd.default\SweetIMToolbarData
[07/12/2008 23:59|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
/!\ NOT DELETED - [16/12/2008 18:05|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
Second run ...
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"" - RESIST !
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"" - RESIST !
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
"C:\Program Files\SweetIM\Messenger" - DELETED !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - DELETED !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - DELETED !
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf" - RESIST !
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\06l5q5bd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
Start Page : "https://outlook.live.com/owa/"
+----------+
REMOVED - user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA1");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{F1F64FE5-FF03-4A5C-82FB-DC91253769C2}");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center REG_SZ "C:\Program Files\SFR\Media Center\MediaCenter.exe"
msnmsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RamBoostXp REG_SZ C:\Program Files\RamBoost XP\rambxpfr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
diagent REG_SZ "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check REG_SZ RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1 REG_SZ C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-16.12.2008.log" (~14443 bytes)
- "C:\AD-report-Scan-16.12.2008.log" (~23898 bytes)
# END at: 19:19:25 | 16/12/2008 - Time elapsed: 2 minutes, 53 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 191 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Sweetim
******************
# START at: 19:16:31 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: DELL-JENNY | USER: Jenny ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
# Internet Explorer v7.0.5730.11
--------- [ RUNNING PROCESSES: 52 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Sweetim Elements Deleted :
"HKEY_CLASSES_ROOT\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}"
"HKEY_CLASSES_ROOT\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}"
"HKEY_CLASSES_ROOT\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
"HKEY_CURRENT_USER\SOFTWARE\SweetIM"
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run" /v "SweetIM"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E"
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9"
"HKEY_LOCAL_MACHINE\SOFTWARE\SweetIM"
.
/!\ NOT DELETED - [07/12/2008 23:59|d--------] C:\PROGRA~1\SweetIM
/!\ NOT DELETED - [16/12/2008 19:16|d--------] C:\PROGRA~1\SweetIM\MESSEN~1
/!\ NOT DELETED - [17/11/2008 11:31|-ra------] C:\PROGRA~1\SweetIM\MESSEN~1\MGADAP~1.DLL
/!\ NOT DELETED - [11/07/2006 18:35|--a------] C:\PROGRA~1\SweetIM\MESSEN~1\msvcr71.dll
/!\ NOT DELETED - [03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|--a------] C:\DOCUME~1\Jenny\APPLIC~1\Mozilla\Firefox\Profiles\06L5Q5~1.DEF\SEARCH~1\sweetim.xml
[03/12/2008 19:46|d--------] C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\06l5q5bd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[03/12/2008 20:10|d--------] C:\Documents and Settings\Jenny\Application Data\Mozilla\Firefox\Profiles\06l5q5bd.default\SweetIMToolbarData
[07/12/2008 23:59|d--------] C:\Documents and Settings\All Users\Application Data\SweetIM
/!\ NOT DELETED - [16/12/2008 18:05|--a------] C:\WINDOWS\Prefetch\SWEETI~1.PF
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
Second run ...
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"" - RESIST !
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"" - RESIST !
************* /!\ File(s)/Folder(s) Not Deleted /!\ *************
"C:\Program Files\SweetIM\Messenger"
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll"
"C:\Program Files\SweetIM\Messenger\msvcr71.dll"
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf"
Second run ...
"C:\Program Files\SweetIM\Messenger" - DELETED !
"C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll" - DELETED !
"C:\Program Files\SweetIM\Messenger\msvcr71.dll" - DELETED !
"C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf" - RESIST !
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\06l5q5bd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
Start Page : "https://outlook.live.com/owa/"
+----------+
REMOVED - user_pref("keyword.URL", "https://search.sweetim.com/search.asp?src=2&q=");
REMOVED - user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
REMOVED - user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
REMOVED - user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
REMOVED - user_pref("sweetim.toolbar.mode.debug", "false");
REMOVED - user_pref("sweetim.toolbar.previous.keyword.URL", "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=MIMWA1");
REMOVED - user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"http://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"https://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"http://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"http://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"http://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"http://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
REMOVED - user_pref("sweetim.toolbar.search.history.capacity", "10");
REMOVED - user_pref("sweetim.toolbar.simapp_id", "{F1F64FE5-FF03-4A5C-82FB-DC91253769C2}");
REMOVED - user_pref("sweetim.toolbar.version", "1.0.0.8");
+---------------------------------------------------------------------------+
+--[HKEY_CURRENT_USER\..\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center REG_SZ "C:\Program Files\SFR\Media Center\MediaCenter.exe"
msnmsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RamBoostXp REG_SZ C:\Program Files\RamBoost XP\rambxpfr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
diagent REG_SZ "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check REG_SZ RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1 REG_SZ C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-16.12.2008.log" (~14443 bytes)
- "C:\AD-report-Scan-16.12.2008.log" (~23898 bytes)
# END at: 19:19:25 | 16/12/2008 - Time elapsed: 2 minutes, 53 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 191 lines ]
+---------------------------------------------------------------------------+
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 19:23
16 déc. 2008 à 19:23
et le nouveau rapport Hijack this
Mon pc avait des problèmes de lenteur avant aujourd'hui et cette fichue infection via msn, tu penses qu'il y avait d'autres problèmes ??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:50, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jenny\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2ebae11f979b012.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Mon pc avait des problèmes de lenteur avant aujourd'hui et cette fichue infection via msn, tu penses qu'il y avait d'autres problèmes ??
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:50, on 16/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jenny\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: IEbho Class - {68C55168-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: IE7pro - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Ctrl+Alt+7 - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f2ebae11f979b012.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} (VirginMega DownloadManager) - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 20:00
16 déc. 2008 à 20:00
refais ad remover option B svp et remet le rapport
puis
colle un rapport avec antivir que tu as pour verifier
puis
colle un rapport avec antivir que tu as pour verifier
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 20:12
16 déc. 2008 à 20:12
Oki le revoilà !!
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Sweetim
******************
# START at: 20:06:59 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: DELL-JENNY | USER: Jenny ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
# Internet Explorer v7.0.5730.11
--------- [ RUNNING PROCESSES: 50 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Sweetim Elements Deleted :
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
.
[16/12/2008 19:19|d--------] C:\Program Files\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
Second run ...
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"" - RESIST !
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"" - RESIST !
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\06l5q5bd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
Start Page : "https://outlook.live.com/owa/"
+----------+
+--[HKEY_CURRENT_USER\..\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center REG_SZ "C:\Program Files\SFR\Media Center\MediaCenter.exe"
msnmsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RamBoostXp REG_SZ C:\Program Files\RamBoost XP\rambxpfr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
diagent REG_SZ "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check REG_SZ RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1 REG_SZ C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-16.12.2008.log" (~5639 bytes)
# END at: 20:08:40 | 16/12/2008 - Time elapsed: 1 minute, 40 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 303 lines ]
+---------------------------------------------------------------------------+
--------- Logfile of AD-Remover 1.0.7.7 by C_XX ---------
*** Limited to ***
Sweetim
******************
# START at: 20:06:59 | Mar 16/12/2008 | Microsoft® Windows XP™ (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: DELL-JENNY | USER: Jenny ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
- E:\ (File System: NTFS)
# Internet Explorer v7.0.5730.11
--------- [ RUNNING PROCESSES: 50 ] ---------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\TF1Vision\TF1vision.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
-----------------------------------
(!) ---- IE start pages reset
+-----------------------| Sweetim Elements Deleted :
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
/!\ NOT DELETED -"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
.
[16/12/2008 19:19|d--------] C:\Program Files\SweetIM
(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.
************* /!\ Registry Element(s) Not Deleted /!\ *************
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"
"HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"
Second run ...
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator"" - RESIST !
""HKEY_CLASSES_ROOT\MgMediaPlayer.GifAnimator.1"" - RESIST !
+-----------------------| ADDED SCAN :
+---------- Scanning prefs.js ... ( # Mozilla User Preferences )
...\06l5q5bd.default\prefs.js :
~~~~ Mozilla FireFox version 3.0.4 ~~~~
Start Page : "https://outlook.live.com/owa/"
+----------+
+--[HKEY_CURRENT_USER\..\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
IncrediMail REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe /c
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Neuf Media Center REG_SZ "C:\Program Files\SFR\Media Center\MediaCenter.exe"
msnmsgr REG_SZ ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
RamBoostXp REG_SZ C:\Program Files\RamBoost XP\rambxpfr.exe
+--[HKEY_LOCAL_MACHINE\..\Run]
diagent REG_SZ "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
USB2Check REG_SZ RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
e-TF1 REG_SZ C:\Program Files\TF1Vision\TF1vision.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
+--[HKEY_USERS\.DEFAULT\..\Run]
CTFMON.EXE REG_SZ C:\WINDOWS\System32\CTFMON.EXE
DWQueuedReporting REG_SZ "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]
Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]
Start Page : hxxp://fr.msn.com/
+---------------------------------------------------------------------------+
- "C:\AD-report-Clean-16.12.2008.log" (~5639 bytes)
# END at: 20:08:40 | 16/12/2008 - Time elapsed: 1 minute, 40 seconds
+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 303 lines ]
+---------------------------------------------------------------------------+
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 20:16
16 déc. 2008 à 20:16
colle un rapport avec antivir que tu as pour verifier
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 20:38
16 déc. 2008 à 20:38
il est en train de faire un scan complet et c'est assez long...je te le colle dès que c'est fini
A tte
A tte
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 20:39
16 déc. 2008 à 20:39
ok
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
16 déc. 2008 à 21:48
16 déc. 2008 à 21:48
Voici le rapport Antivir
Il a trouvé un fichier mp3 infecté je l'ai supprimé direct !!
Avira AntiVir Personal
Report file date: mardi 16 décembre 2008 20:13
Scanning for 1059587 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DELL-JENNY
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:59:33
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 23:15:19
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 12:16:32
ANTIVIR3.VDF : 7.1.0.159 206848 Bytes 29/11/2008 18:07:47
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 18:18:35
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 23:45:10
AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 14:35:13
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 22:43:19
AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 23:45:03
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 08/11/2008 14:35:12
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 08/11/2008 14:35:12
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 11:52:32
AEGEN.DLL : 8.1.1.6 323955 Bytes 28/11/2008 18:42:52
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 18:18:29
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 18:42:51
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 18:18:27
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.2 98344 Bytes 04/08/2008 21:52:09
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 16 décembre 2008 20:13
Starting search for hidden objects.
'67773' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'SiWake.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'TF1vision.exe' - '1' Module(s) have been scanned
Scan process 'diagent.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '28' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Jenny\Bureau\Direction I tunes\Duffy - Rockferry (2008)\07 Mercy.mp3
[DETECTION] Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\' <Mes documents>
Begin scan in 'E:\' <Mes vidéos>
End of the scan: mardi 16 décembre 2008 21:44
Used time: 1:31:25 min
The scan has been done completely.
15070 Scanning directories
558452 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
558451 Files not concerned
7504 Archives were scanned
1 Warnings
1 Notes
67773 Objects were scanned with rootkit scan
0 Hidden objects were found
Il a trouvé un fichier mp3 infecté je l'ai supprimé direct !!
Avira AntiVir Personal
Report file date: mardi 16 décembre 2008 20:13
Scanning for 1059587 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DELL-JENNY
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:59:33
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 23:15:19
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 23/11/2008 12:16:32
ANTIVIR3.VDF : 7.1.0.159 206848 Bytes 29/11/2008 18:07:47
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 18:18:35
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 12/11/2008 23:45:10
AESCN.DLL : 8.1.1.5 123251 Bytes 08/11/2008 14:35:13
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 22:43:19
AEPACK.DLL : 8.1.3.4 393591 Bytes 12/11/2008 23:45:03
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 08/11/2008 14:35:12
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 08/11/2008 14:35:12
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/11/2008 11:52:32
AEGEN.DLL : 8.1.1.6 323955 Bytes 28/11/2008 18:42:52
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 18:18:29
AECORE.DLL : 8.1.5.2 172405 Bytes 28/11/2008 18:42:51
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 18:18:27
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.2 98344 Bytes 04/08/2008 21:52:09
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 16 décembre 2008 20:13
Starting search for hidden objects.
'67773' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'SiWake.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'TF1vision.exe' - '1' Module(s) have been scanned
Scan process 'diagent.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '28' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Jenny\Bureau\Direction I tunes\Duffy - Rockferry (2008)\07 Mercy.mp3
[DETECTION] Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen
[NOTE] The file was deleted!
Begin scan in 'D:\' <Mes documents>
Begin scan in 'E:\' <Mes vidéos>
End of the scan: mardi 16 décembre 2008 21:44
Used time: 1:31:25 min
The scan has been done completely.
15070 Scanning directories
558452 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
558451 Files not concerned
7504 Archives were scanned
1 Warnings
1 Notes
67773 Objects were scanned with rootkit scan
0 Hidden objects were found
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 déc. 2008 à 22:05
16 déc. 2008 à 22:05
les jeux de pokers il faut faire gaffe:
PokerStars
_____________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
_______________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
__________________________
pour finir et virer ce qui a été utilisé:
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
voilà tu dira si encore des soucis?
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
PokerStars
_____________
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
_______________________
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
__________________________
pour finir et virer ce qui a été utilisé:
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
voilà tu dira si encore des soucis?
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
ANTIVIR ou AVG8 ou (AVAST )
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
WINDOWS DEFENDER ou SPYWARE TERMINATOR
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
https://forum.pcastuces.com/sujet.asp?f=25&s=35606
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
17 déc. 2008 à 00:12
17 déc. 2008 à 00:12
Voici le rapport
[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\Jenny\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Jenny\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Jenny\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\Jenny\Recent\MSNFix.lnk: trouvé !
C:\Program Files\HijackThis: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: trouvé !
C:\Program Files\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\*.msnfix: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
Franchement merci beaucoup pour ton aide...mon pc va beaucoup mieux !!! J'ai déjà ccleaner, zone alarm, antivir koi ke j pensais kil était gratuit mais là il me demande payer maintenant !!! J'utilise Firefox...bon j'aime le poker :ppp c'est sur !!! Si encore qq chose traine fais moi signe
Merci pour tout
Jenny
[ Rapport ToolsCleaner version 2.2.7 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\Qoobox: trouvé !
C:\Documents and Settings\Jenny\Bureau\HijackThis.exe: trouvé !
C:\Documents and Settings\Jenny\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Jenny\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\Jenny\Recent\MSNFix.lnk: trouvé !
C:\Program Files\HijackThis: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Ad-remover\TOOLS\NIRCMD.exe: trouvé !
C:\Program Files\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\HijackThis\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !
C:\WINDOWS\*.msnfix: trouvé !
C:\WINDOWS\NIRCMD.exe: trouvé !
Corbeille vidée!
Fichiers temporaires nettoyés !
Point de restauration crée !
Franchement merci beaucoup pour ton aide...mon pc va beaucoup mieux !!! J'ai déjà ccleaner, zone alarm, antivir koi ke j pensais kil était gratuit mais là il me demande payer maintenant !!! J'utilise Firefox...bon j'aime le poker :ppp c'est sur !!! Si encore qq chose traine fais moi signe
Merci pour tout
Jenny
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 déc. 2008 à 10:09
17 déc. 2008 à 10:09
non tout est bon
bonne suite
bonne suite
jenny131078
Messages postés
170
Date d'inscription
mardi 22 mai 2007
Statut
Membre
Dernière intervention
23 mars 2014
2
17 déc. 2008 à 11:57
17 déc. 2008 à 11:57
Merci beaucoup pour ton aide