[Résolu]trojan.horse.downloader .generic6.AKQG : Aide pour supprimer les virus

[Résolu]trojan.horse.downloader .generic6.AKQG

Si vous avez des problèmes pour supprimer virus ou troyens installés sur votre ordinateur, vous pouvez demander de l'aide dans ce forum.

Modérateur: Modérateurs

Répondre

[Résolu]trojan.horse.downloader .generic6.AKQG



Publicité
 
Haut

[Résolu]trojan.horse.downloader .generic6.AKQG

Messagepar Mickael_14 » 11 Mar 2008, 00:15

Bonjour :hello:

comme de nombreux iinternautes, je viens vers vous car AVG a détecté un virus dont il ne semble pas pouvoir se débarasser

Vous trouverez ci-dessous le rapport HijackThis

Merci de ce que vous pourrez faire pour moi :wink:




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07:04, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-9120869-2118672845-1218969601-1009\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Pierre')
O4 - HKUS\S-1-5-21-9120869-2118672845-1218969601-1009\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Pierre')
O4 - HKUS\S-1-5-21-9120869-2118672845-1218969601-1009\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe (User 'Pierre')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://zen.atalan.net/Remote/msrdp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateu ... Helper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0246FC-23BA-4BBF-9F28-57F34B0BAAAC}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 12507 bytes
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Marie » 11 Mar 2008, 09:32

Bonjour Mickael et bienvenue sur le forum :sourire:


:arrow: Affiche les fichiers cachés de XP: Pour afficher les fichiers cachés de XP


:arrow: Télécharge SDFix de AndyManchesta et sauvegarde le sur ton Bureau.
  • Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié à la racine de ta partition système. (C:/SDFix généralement)
  • Redémarre ton ordinateur en mode sans échec. Pour démarrer en mode sans échec.
    Tu choisis ton nom d'utilisateur pour ouvrir la session.
  • Ouvre le dossier SDFix qui vient d'être créé à la racine de C:\ et double clique sur RunThis.bat pour lancer le script.
  • Appuie sur Y pour commencer le processus de nettoyage.
  • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    Appuie donc sur une touche.
  • Ton système sera plus long pour redémarrer que d'habitude car l'outil va continuer à s'exécuter et supprimer des fichiers.
  • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
  • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
  • Une fois les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt (C:/SDFix/Report.txt). Il faudra coller ce rapport dans ta prochaine réponse.




:arrow: Une fois le PC redémarré poste un nouveau log HijackThis.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagepar Mickael_14 » 11 Mar 2008, 22:35

Bonjour :hello: , merci pour votre message de ce matin

la manip s'est bien déroulée ; voici le rapport de SDFIX

SDFix: Version 1.155

Run by HP_Propri‚taire on 11/03/2008 at 21:06

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\Program Files\WinPop\winpop.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\WINDOWS\wr.txt - Deleted



Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\WinPop - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-11 21:25:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe [1312] 0x840AFDA0

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 1
hidden services: 0
hidden files: 1031


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Eidos Interactive\\Pyro Studios\\Praetorians\\Praetorians.exe"="C:\\Program Files\\Eidos Interactive\\Pyro Studios\\Praetorians\\Praetorians.exe:*:Disabled:Praetorians"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\Marine\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Marine\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 8 Dec 2005 218 A.SHR --- "C:\BOOT.BAK"
Fri 19 Oct 2007 5,903,928 A..H. --- "C:\Program Files\PICASA\setup.exe"
Thu 8 Dec 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Thu 9 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL0005.tmp"
Wed 23 Jan 2008 27,648 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL0625.tmp"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL0778.tmp"
Sun 20 Jan 2008 765,440 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL1612.tmp"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL1883.tmp"
Wed 23 Jan 2008 32,256 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL2062.tmp"
Wed 23 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL2519.tmp"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL2582.tmp"
Sun 20 Jan 2008 39,424 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3105.tmp"
Wed 23 Jan 2008 27,136 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3148.tmp"
Wed 23 Jan 2008 32,256 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3741.tmp"
Sat 19 Jan 2008 24,064 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3942.tmp"
Sun 17 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 19 Jan 2008 19,456 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0004.tmp"
Sat 19 Jan 2008 21,504 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0250.tmp"
Sun 20 Jan 2008 285,184 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0645.tmp"
Wed 23 Jan 2008 29,184 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0681.tmp"
Sun 20 Jan 2008 286,720 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0684.tmp"
Sat 19 Jan 2008 20,480 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0735.tmp"
Sat 19 Jan 2008 19,968 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0764.tmp"
Sat 19 Jan 2008 19,456 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL0794.tmp"
Sun 20 Jan 2008 293,888 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL1137.tmp"
Wed 23 Jan 2008 32,256 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL1268.tmp"
Wed 23 Jan 2008 19,456 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL1345.tmp"
Sun 20 Jan 2008 303,616 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL1717.tmp"
Sun 20 Jan 2008 280,576 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL2142.tmp"
Wed 23 Jan 2008 27,648 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL2178.tmp"
Wed 23 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL2198.tmp"
Sun 20 Jan 2008 286,208 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL2254.tmp"
Wed 23 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL2633.tmp"
Wed 23 Jan 2008 26,624 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL2856.tmp"
Wed 23 Jan 2008 22,016 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL3048.tmp"
Sat 19 Jan 2008 23,040 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL3460.tmp"
Wed 23 Jan 2008 20,480 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL3569.tmp"
Sun 20 Jan 2008 277,504 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL3721.tmp"
Sun 20 Jan 2008 286,208 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL3848.tmp"
Sat 19 Jan 2008 26,112 ...H. --- "C:\Documents and Settings\Marine\Local Settings\Temp\~WRL4018.tmp"
Sun 11 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off2.tmp"
Sun 11 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off3.tmp"
Sat 10 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off4.tmp"
Sun 11 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off5.tmp"
Sun 27 Jan 2008 38,400 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\Mairie\~WRL0414.tmp"
Mon 8 Oct 2007 25,088 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\Mairie\~WRL3426.tmp"
Sun 11 Nov 2007 6,837 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\Michel\~WRL1732.tmp"
Sat 30 Sep 2006 30,720 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2006\Fˆte de cheux\~WRL0122.tmp"
Thu 31 Aug 2006 62,976 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2006\Fˆte de cheux\~WRL3423.tmp"
Wed 23 May 2007 53,248 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2007\Foire au grenier\~WRL1360.tmp"
Sun 9 Sep 2007 28,160 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2006\Fˆte de cheux\STANDS\~WRL0678.tmp"

Finished!

puis celui de HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:39, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://zen.atalan.net/Remote/msrdp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateu ... Helper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0246FC-23BA-4BBF-9F28-57F34B0BAAAC}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 12146 bytes

voilà

Merci encore :ciao:

dans l'attente du verdict

Mickael
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Marie » 11 Mar 2008, 23:05

Bonsoir :sourire:


:arrow: Relance HijackThis et coche la ligne suivante:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe

Clique sur Fix Checked et confirme le message qui suit.


:arrow: Redémarre le PC <-- important


:arrow: Poste un nouveau log HijackThis.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagepar Mickael_14 » 11 Mar 2008, 23:48

Bonsoir :hello:

quelle réactivité ! :bravo:

:arrow: et voilà le travail



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:12, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://zen.atalan.net/Remote/msrdp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateu ... Helper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0246FC-23BA-4BBF-9F28-57F34B0BAAAC}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 12078 bytes

c'est grave docteur ? :seek:

Merci et à bientôt pour la suite :ciao:

Mickael
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Marie » 12 Mar 2008, 09:52

Bonjour :sourire:

La bête résiste.
Peut-être une raison à cela: Il y a 2 comptes utilisateurs sur ton PC.

  • Le compte de Marine. C'est ce compte qui est infecté.
  • Le compte de HP_Propri‚taire.

Tu as lancé SDFix à partir du compte HP_Propriétaire. A mon avis, il vaut mieux le lancer à partir de Marine.

Donc, fais ceci:

  • Redémarre en mode sans échec en choisissant cette fois le compte de Marine.
  • Affiche les fichiers cachés de XP.
  • Lance SDFix (à partir de C:/SDFix/Runthis.bat)
  • Lorsque le PC va redémarrer, redémarre en mode normal toujours sur le compte de Marine.
  • Poste alors le rapport SDFix et un nouveau log HijackThis.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagepar Mickael_14 » 12 Mar 2008, 22:17

Bonsoir :hello:

mission acomplie, voici le rapport sdfix (issue de la session de Marine)

b]SDFix: Version 1.155 [/b]

Run by Marine on 12/03/2008 at 21:24

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\Marine\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\real.txt - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 21:43:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1538


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Eidos Interactive\\Pyro Studios\\Praetorians\\Praetorians.exe"="C:\\Program Files\\Eidos Interactive\\Pyro Studios\\Praetorians\\Praetorians.exe:*:Disabled:Praetorians"
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe:*:Disabled:Nero Home"
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"="C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe:*:Enabled:pes6.exe"
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"="C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe:*:Enabled:Nero ShowTime"
"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\Marine\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Marine\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 8 Dec 2005 218 A.SHR --- "C:\BOOT.BAK"
Fri 19 Oct 2007 5,903,928 A..H. --- "C:\Program Files\PICASA\setup.exe"
Thu 8 Dec 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Thu 9 Feb 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL0005.tmp"
Wed 23 Jan 2008 27,648 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL0625.tmp"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL0778.tmp"
Sun 20 Jan 2008 765,440 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL1612.tmp"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL1883.tmp"
Wed 23 Jan 2008 32,256 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL2062.tmp"
Wed 23 Jan 2008 32,768 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL2519.tmp"
Mon 21 Jan 2008 777,216 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL2582.tmp"
Sun 20 Jan 2008 39,424 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3105.tmp"
Wed 23 Jan 2008 27,136 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3148.tmp"
Wed 23 Jan 2008 32,256 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3741.tmp"
Sat 19 Jan 2008 24,064 ...H. --- "C:\Documents and Settings\Marine\Mes documents\~WRL3942.tmp"
Sun 17 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sun 11 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off2.tmp"
Sun 11 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off3.tmp"
Sat 10 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off4.tmp"
Sun 11 Dec 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off5.tmp"
Sun 27 Jan 2008 38,400 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\Mairie\~WRL0414.tmp"
Mon 8 Oct 2007 25,088 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\Mairie\~WRL3426.tmp"
Sun 11 Nov 2007 6,837 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\Michel\~WRL1732.tmp"
Sat 30 Sep 2006 30,720 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2006\Fˆte de cheux\~WRL0122.tmp"
Thu 31 Aug 2006 62,976 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2006\Fˆte de cheux\~WRL3423.tmp"
Wed 23 May 2007 53,248 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2007\Foire au grenier\~WRL1360.tmp"
Sun 9 Sep 2007 28,160 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Nos documents\CFC\2006\Fˆte de cheux\STANDS\~WRL0678.tmp"

Finished!


infos complémentaires :
:arrow: le demarrage en mode sans échec sur la session de Marine a été beaucoup plus rapide que celui d'hier sur la session HP_propriétaire. idem pour l'execution de sdfix
:arrow: le logiciel a indiqué qu'il n'arrivait pas à ouvrir le fichier c\Document~\Marine\Local~\TEMP\SERVICES.EXE
:arrow: comme hier windows au moment de l'arrivée du rapport TXT informe qu'il a récupéré une erreur sérieuse (j'ai copié le détail (imprim écran) sur un doc word), me dire si vous voulez que je vous l'envoie et comment
:arrow: enfin, j'ai de plus en plus souvent un écran bleu en arrétant l'ordi qui indique le même type d'élement et propose un démarrage en mode sans échec etc..

voici le rapport HijackThis lancé de la session HP_propriétaire

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:15:56, on 12/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WPSC3PSW.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office\Winword.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [WpsRePsw] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\WpsRePsw.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-9120869-2118672845-1218969601-1010\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User 'Marine')
O4 - HKUS\S-1-5-21-9120869-2118672845-1218969601-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Marine')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - S-1-5-21-9120869-2118672845-1218969601-1010 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Marine')
O4 - S-1-5-21-9120869-2118672845-1218969601-1010 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Marine')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-U ... E_UNO1.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.cg14.fr/sig/mg65ctrl_windows_activex_ie.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://zen.atalan.net/Remote/msrdp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://register.tiscali.fr/configurateu ... Helper.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0246FC-23BA-4BBF-9F28-57F34B0BAAAC}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe

--
End of file - 12589 bytes

Voilà

Merci et à bientôt sur le front :ciao:

Mickael
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Marie » 12 Mar 2008, 23:18

Bonsoir :sourire:

Je n'ai pas encore regardé en détails les différents rapports mais apparemment l'infection est bien partie.

:arrow: comme hier windows au moment de l'arrivée du rapport TXT informe qu'il a récupéré une erreur sérieuse (j'ai copié le détail (imprim écran) sur un doc word), me dire si vous voulez que je vous l'envoie et comment
:arrow: enfin, j'ai de plus en plus souvent un écran bleu en arrétant l'ordi qui indique le même type d'élement et propose un démarrage en mode sans échec etc..


Embêtant ça! :hein:

Pour poster la capture d'écran sur le forum, suis ce qui est indiqué ICI à partir de 2) Hébergement de l'image sur le site imagehotel.net:

Si tu n'as pas conservé l'image et que tu n'as que le document Word, uploade le sur ci-joint.fr.

( Tu cliques sur Parcourir, tu recherches le fichier sur ton disque, tu cliques sur Cliquer ici pour déposer le fichier, puis tu récupères l'url qu'il te donne et tu la poste dans ton prochain message).


:arrow: En ce qui concerne l'écran bleu, est ce qu'il apparait toujours à la fermeture de Windows?
La prochaine fois que tu l'obtiens, note le code erreur (de la forme 0xXXXXXXXX), et s'il y a un nom de fichier mentionné (xxxxx.sys) donne le moi aussi.

Est ce que cet écran bleu apparaissait déjà avant la désinfection?


:arrow: Fais un scan antivirus en ligne chez Kaspersky pour savoir s'il reste des fichiers infectés. A la fin du scan, sauvegarde le rapport et poste le dans ta prochaine réponse.
Si besoin, consulte ce tuto pour lancer le scan.
Tu seras peut-être obligé de cliquer plusieurs fois sur J'accepte (à chaque fois que la page se présente) pour installer les contrôles ActiveX.
Désactive ton antivirus le temps de l'installation des contrôles ActiveX de Kaspersky.

Je regarde tes rapports et je te donne des nouvelles dès que j'ai fini. :wink:
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagepar Marie » 12 Mar 2008, 23:29

L'infection est bien partie.
On va voir ce que dit Kaspersky. :wink:
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagepar Mickael_14 » 13 Mar 2008, 00:50

Bonsoir :hello:


:arrow: voici l'adresse pour récupérer la copie écran de l'erreur sérieuse : http://www.cijoint.fr/cjlink.php?file=c ... 007126.doc.

:arrow:
Est ce que cet écran bleu apparaissait déjà avant la désinfection?
: oui, mais seulement depuis que le virus a été détecté par AVG

Le scan anti virus Kaspersky est en cours, je vous posterai le rapport demain

:arrow: aucours des 20 % premiers % du scan, AVG a intercepté 4 virus : Trojan Horse Downloader.Generic6.AMBN

A bientôt et merci encore pour le coatching ! :ciao:

Mickael
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Mickael_14 » 13 Mar 2008, 07:19

Bonjour :hello:

Et bien je crois que nous avons encore un peu de travail ! :hum:

ci joint le rapport de Kaspersky

KASPERSKY ONLINE SCANNER REPORT
Thursday, March 13, 2008 7:10:02 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/03/2008
Kaspersky Anti-Virus database records: 626476


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 224251
Number of viruses found 7
Number of infected objects 22
Number of suspicious objects 0
Duration of the scan process 02:47:48

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Identities\{03089365-441A-4383-BA8D-4736B9AC7834}\Microsoft\Outlook Express\Boîte de réception.dbx Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Identities\{03089365-441A-4383-BA8D-4736B9AC7834}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Identities\{03089365-441A-4383-BA8D-4736B9AC7834}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Identities\{03089365-441A-4383-BA8D-4736B9AC7834}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Historique\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\_hphtra07.log Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temp\~DFF8AF.tmp Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\6XH7900I\addz[1].exe Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\6XH7900I\addz[2].exe Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\ONOL8BTC\addz[1].exe Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Mes documents\Mes images\2006_pas sauvegardé\Fête cheux2006A\CHEUX 455bis.jpg Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\Mes documents\Sauv_Outlook\Michel archives.dbx/[From "antoine14@cegetel.net" ][Date Mon, 26 Feb 2007 07:15:59 +0100]/Anniversaire.asx Infected: Trojan-Downloader.Win32.VB.ft skipped

C:\Documents and Settings\HP_Propriétaire\Mes documents\Sauv_Outlook\Michel archives.dbx Mail MS Outlook 5: infected - 1 skipped

C:\Documents and Settings\HP_Propriétaire\ntuser.dat Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\HP_Propriétaire\wznbku.exe Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Marine\Bureau\catchme.zip/services.exe Infected: Trojan.Win32.Pakes.cgr skipped

C:\Documents and Settings\Marine\Bureau\catchme.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Marine\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbc2e.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbdam Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbdao Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbeam Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbeao Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbm Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbu2d.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbvm.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\dbvmh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\fii.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\fiih.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\hp Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\hpt2i.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\rpm.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\rpm1m.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\rpm1mh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\rpmh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-black-enchashm.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-black-enchashmh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-black-urlm.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-black-urlmh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-malware-domainm.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-malware-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-white-domainm.cf1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Google\Google Desktop\84a72bd7e577\safeweb\goog-white-domainmh.ht1 Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Historique\History.IE5\MSHist012008031220080313\index.dat Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Temp\_hphtra07.log Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Temp\~DF38EC.tmp Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Temporary Internet Files\Content.IE5\GZKHBY2G\maririne9-photo5[1].com Infected: Trojan.Win32.Agent.gil skipped

C:\Documents and Settings\Marine\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Marine\Local Settings\Temporary Internet Files\Content.IE5\SNJ2GRL9\addz[1].exe Object is locked skipped

C:\Documents and Settings\Marine\ntuser.dat Object is locked skipped

C:\Documents and Settings\Marine\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Marine\xinokm.exe Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Acrobat\Distiller 5\Cache\PSHFList1 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Acrobat\Distiller 5\messages.log Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Acrobat\Preferences\WebCaptr.prefs Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Acrobat\WHAPI\WHAppList.xml Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Contours.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Couleurs Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Dégradés.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Formes personnalisées.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Formes.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Motifs.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Nuancier.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Palette Scripts.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Préfs Adobe Photoshop 6.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Adobe\Photoshop\6.0\Paramètres Adobe Photoshop 6\Styles.psp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\Nero BackItUp\Cache\NBService.log Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\Nero BackItUp\ToolbarSettings.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\Nero Burning ROM\UserImages.bmp Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroShowTime.bmk Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroVision\GCHWCfg.bak Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroVision\GCHWCfg.xml Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroVision\NeroVisionLog.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroVision\nve-am.bin Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroVision\nve-mtmpl.bin Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Ahead\NeroVision\nve-vobmap.bin Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_19.1.1.2.ipsw Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_19.1.1.2.ipsw.signature Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_19.1.1.3.ipsw Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_19.1.1.3.ipsw.signature Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater 1.log Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater 2.log Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater 3.log Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater.log Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Apple Computer\iTunes\iTunesPrefs.xml Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\ArcSoft\ArcRegister\1.0\ArcRegister.INI Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\ArcSoft\PhotoImpression\4.0.0\PhotoImpression.ini Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\desktop.ini Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\FUJIFILM\G-FNAP2\Settings\GFNAPWIN.INI Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Google\Local Search History\google%2Eimages.w Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\Google\Local Search History\google%2Eweb.w Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\020106ta222_em.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\020106ta222_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\030105_animi14_img.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\030105_animi14_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\040104_ecz3_ec.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\040104_ecz3_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\eskin\FileManager.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1056045.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1070524.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1383356.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1383771.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1387273.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1388730.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1404879.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\1418656.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\2475134.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\2697919.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\2883904.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\2896152.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\3251993.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\3783087.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\499863.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\566217.sdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003030 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000003674 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000023602 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024237 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024478 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024848 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024874 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000024917 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025050 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025311 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025790 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000025957 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026075 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026401 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026427 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026567 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026693 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026952 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000026967 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027598 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000027713 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028825 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028841 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028868 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\1000028889 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\10807 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\130921 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13306 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\13546 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\182864 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\223385 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\244692 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\251549 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\281638 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\32639 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\35006 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\396771 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44228 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\44306 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\48166 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\53501 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\578081 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\580789 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\59283 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\611476 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\613373 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\641647 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\641659 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64414 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64444 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\64763 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\67226 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\68098 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\703600 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705021 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705035 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705060 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705076 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705133 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705208 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705293 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705314 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705343 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705345 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705438 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\705439 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707408 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\707579 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\708401 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\709652 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\710839 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\711062 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\712548 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\72123 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\75013 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\80639 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\82292 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\86379 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\87770 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93921 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\94356 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\95701 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\99795 Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\33e0.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\country.exe Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\progress.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\ads.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\btntrans.idx Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\btntrans1.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\business_promo.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\buttondir.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\components.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\country.exe Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\default.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_511745-514279.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz1.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz10.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz11.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz12.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz13.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz14.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz15.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz16.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz17.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz18.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz19.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz2.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz20.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz3.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz4.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz5.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz6.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz7.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz8.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_bidz9.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_categorize.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_comparison.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_em_PROFL_CA_flow_b_IEB.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-Mails.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_explorer-people.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_favorites.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_Games.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hide.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_hotbarcom.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_Hotmail.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_hsskin.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemster.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsterie.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_jemsteruk.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_jobsearch.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_Mails.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_new.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_premium.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_reun.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_ringtones.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_SearchBoxTrapper.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchfor.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_searchgo.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_weather.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Default_yellowpages.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_1000.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_2000.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_3000.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bar.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_bbar1.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_logos.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_buttons_other.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\d_icons_weather.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-548964.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\email-def-511724-9595.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\email-t1-bg.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium-hotbar-premium.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\hotbar-premium.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\hotbar_promo.htm Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\icons2.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\keywords.idx Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\keywords1.dat Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\layout.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\linkpathlegal.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\progress.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\sales_buttons.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\s_icons_buttons.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\t2_bg.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\theweb.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\top7.cdf Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\Top7_theweb.mnu Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\2\tsd_bg.res Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\country.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte10_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte11_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte12_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte13_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte14_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte19_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte20_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte21_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030104_emte9_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\030203lib_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102angel_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102bigluf_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102bigsmile_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102birthday_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102cheers_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102flo_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102good_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102jump_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102king_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102lough_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102luf_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102smiled_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102smile_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102sor_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102thanx_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\033102uhu_1_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\040103ahh_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\040103wow_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\040104_emi2_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\042102_1134_112_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\050103big_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\050103gig_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\050103hm_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\050103nomail_emoti_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\static\1\050103norm_prv.gif Object is locked skipped

C:\Documents and Settings\Pierre\Application Data\HbTools\v3.0\HostOI\
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Mickael_14 » 13 Mar 2008, 07:30

Rebonjour :sourire:

je crois que le rapport n'est pas passé en totalité

ci-joint un lien pour le télécharger : http://www.cijoint.fr/cjlink.php?file=c ... 557200.txt.

Bonne journée et merci de ce que vous pourrez faire :ciao:

Mickael
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Marie » 14 Mar 2008, 10:40

Bonjour :sourire:

Il reste encore du ménage à faire.


:arrow: Télécharge OTMoveIt2 à partir du lien ci-dessous:
http://download.bleepingcomputer.com/ol ... oveIt2.exe
Enregistre le fichier sur le Bureau.

  • Ferme toutes les fenêtres d'Internet Explorer: on va nettoyer les fichiers internet Temporaires.
  • Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
  • Copie-colle la commande suivante dans la zone de saisie Paste Custom list of Files/Folders to move:


    EmptyTemp


    Image
  • Clique sur le bouton MoveIt!
    Attends la fin du travail de l'outil puis ferme OTMoveIt2.
    Le résultat va s'inscrire dans le cadre de droite (Results) et devra ressembler à ceci:

    Image

Poste le rapport qui est situé dans C:\_OTMoveIt\MovedFiles. Il se nomme mmddyyyy_hhmmss.log (ddmmaaaa étant la date du jour et hhmmss l'heure à laquelle OTMoveIt2 a été lancé).

Remarque: Un redémarrage du PC est parfois nécessaire pour déplacer certains fichiers. S'il est demandé, clique sur Oui/Yes


:arrow: Relance OTMoveIt2.exe

  • Copie l'intégralité du texte dans le cadre ci-dessous et colle le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved

    C:\Documents and Settings\HP_Propriétaire\wznbku.exe
    C:\Documents and Settings\Marine\Bureau\catchme.zip
    C:\Documents and Settings\Marine\xinokm.exe
    C:\Documents and Settings\Pierre\Bureau\services.exe
    C:\Documents and Settings\Pierre\kjcrwv.exe
    C:\WINDOWS\system32\asxwip.exe
    C:\WINDOWS\system32\ggtnfl.exe
    C:\WINDOWS\system32\gpkssf.exe


    Ta fenêtre doit ressembler à celle-ci:

    Image
  • Clique sur le bouton MoveIt!
    Attends la fin du travail de l'outil puis ferme OTMoveIt2.


Poste le rapport qui est situé dans C:\_OTMoveIt\MovedFiles. Il se nomme mmddyyyy_hhmmss.log (ddmmaaaa étant la date du jour et hhmmss l'heure à laquelle OTMoveIt2 a été lancé).

Remarque: Un redémarrage du PC est parfois nécessaire pour déplacer certains fichiers. S'il est demandé, clique sur Oui/Yes



:arrow: Refais un scan antivirus en ligne Kaspersky.
Pour que ce soit moins long, choisis comme cible d'analyse: Zones critiques

Image

Poste le rapport de scan dans ta prochaine réponse.
Dis moi aussi si tu continues, après ça, à recevoir des écrans bleus.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut

Messagepar Mickael_14 » 15 Mar 2008, 00:48

bonsoir :hello:

:arrow: voici les deux rapports Moveit 2

[Custom Input]
< EmptyTemp >
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DF18F.tmp scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03142008_235954


File/Folder C:\Documents and Settings\HP_Propriétaire\wznbku.exe not found.
C:\Documents and Settings\Marine\Bureau\catchme.zip moved successfully.
File/Folder C:\Documents and Settings\Marine\xinokm.exe not found.
C:\Documents and Settings\Pierre\Bureau\services.exe moved successfully.
File/Folder C:\Documents and Settings\Pierre\kjcrwv.exe not found.
C:\WINDOWS\system32\asxwip.exe moved successfully.
C:\WINDOWS\system32\ggtnfl.exe moved successfully.
C:\WINDOWS\system32\gpkssf.exe moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03152008_001225


:arrow: durant le second SCAN, AVG a détécté 3 virus dont voici les noms
Trojan horse Download.Generic6AMBM 2x
Trojan horse Download.Generic6AKQG

:arrow: plus d'écran bleu depuis le 12 mars !

:arrow: sinon, l'ordi met beaucoup de temps à démarer et à s'arreter : il mouline beaucoup ! et je trouve que le phénomène s'accentue depuis quelques temps.


:arrow: Ci joint le rapport Karpersky de l'analyse des zones critiques

KASPERSKY ON-LINE SCANNER REPORT
Saturday, March 15, 2008 12:42:29 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.98.0
Dernière mise à jour de la base antivirus Kaspersky : 14/03/2008
Enregistrements dans la base antivirus Kaspersky : 630518


Paramètres d'analyse
Analyser avec la base antivirus suivante étendue
Analyser les archives vrai
Analyser les bases de messagerie vrai

Cible de l'analyse Zones critiques
C:\WINDOWS
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\

Statistiques de l'analyse
Total d'objets analysés 23328
Nombre de virus trouvés 0
Nombre d'objets infectés 0
Nombre d'objets suspects 0
Durée de l'analyse 00:22:21

Nom de l'objet infecté Nom du virus Dernière action
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\EventCache\{6DB7B983-4036-488D-AE9A-F5FED947411B}.bin L'objet est verrouillé ignoré

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\hpodvd09.log L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\_hphtra07.log L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFCB80.tmp L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFD6CD.tmp L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFD884.tmp L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~DFE656.tmp L'objet est verrouillé ignoré

C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\~WRF0000.tmp L'objet est verrouillé ignoré

Analyse terminée.

Le verdict parait encourageant ! :yesss:
Faut-il pour autant considérer que tou est clean ? :sarcastique:

A vous de me dire

Merci encore et à bientôt :ciao:

Mickael
Avatar de l’utilisateur
Mickael_14
Nouveau
Nouveau
 
Messages: 9
Inscription: 10 Mar 2008, 23:41
Haut

Messagepar Marie » 15 Mar 2008, 11:08

Bonjour :sourire:

Niveau infection, tout est clean. :ok:

Pour Terminer la désinfection, fais ceci:

:arrow: Supprime/désinstalle tous les programmes que je t'ai fait installer (HijackThis par ajout/Suppression de programmes et SDFix en supprimant directement le dossier C:/SDFix)


:arrow: Vide les points de restauration système qui sont inévitablement infectés.
Ceci t'évitera de remonter un point de sauvegarde infecté si un jour tu veux lancer une restauration système.

Pour cela
  • Dans Panneau de configuration/Système/onglet Restauration du système, coche Désactiver la restauration du système sur tous les lecteurs puis clique sur OK.
  • Tout de suite après, décoche la case Désactiver ... puis clique sur OK de façon à remettre la restauration système en fonction.



:arrow: Enfin, ce serait cool que tu déclares ton infection sur Malware Complaints. Qu'est ce que Malware Complaints
Pour faire entendre notre voix, nous devons être le plus nombreux possible à témoigner.
  • Voir les règles de Malware-Complaints : http://www.malwarecomplaints.info/viewtopic.php?t=5
  • Enregistre toi sur le forum à partir du bouton register en haut :
    - Si tu as plus de 13 ans, choisis : I Agree to these terms and am over or exactly 13 years of age
    - Si tu as moins de 13 ans, clique sur : I Agree to these terms and am under 13 years of age
  • Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, crée un message dans le sujet "Autres infections" conforme aux règles du forum (age, ville, département etc..) (Dans ton cas, il s'agit d'une infection Restarter.F)
  • Pour poster un message, clique sur le bouton "post reply" et saisis les informations.
    NE PAS CREER UN NOUVEAU SUJET avec le bouton New Topic.

    NB: Si tu as de la difficulté pour l'inscription sur Malware Complaints, tout est expliqué ICI



Pour sécuriser au maximum ton PC:


:arrow: Ton antivirus est AVG.

Il me semble que tu serais mieux protégé avec Antivir.

Antivir est un antivirus gratuit et léger dont les mises à jour sont quotidiennes et les nouvelles menaces sont rapidement intégrées dans sa base virale. (D'où la meilleure protection).
Son seul défaut: il est en anglais (ou en allemand). Mais tu l'installes et tu l'oublies (2 modifs à faire dans la configuration par défaut et après ça roule).


  • Si tu es d'accord pour changer, désinstalle AVG par Ajout/Suppression de programmes
  • Redémarre le PC pour achever la désinstallation
  • Télécharge Antivir ICI (ou LA) et installe le.
  • Paramètre le comme indiqué sur cette page: Régler la configuration d'Antivir

PS: Quand un fichier infecté est détecté par Antivir, une fenêtre semblable à celle-ci s'ouvre:

Image


Antivir te demande ce qu'il doit faire du fichier infecté.
Choisis Move to quarantine puis clique sur OK pour le mettre en quarantaine.



:arrow: Installe la dernière version de la machine Java (une machine Java non à jour est source d'infections):

  • Commence par désinstaller toutes les anciennes versions de JAVA par Ajout/Suppression de programmes.
    Tu désinstalles tout ce qui a rapport avec Java Runtime Environment.
  • Avec Internet Explorer, va sur la page de téléchargement de Java.
  • Installe la nouvelle version.
    Si besoin, tu as un guide d'installation sur cette page (Partie Instructions d'installation)




:arrow: Une dernière chose mais qui a beaucoup d'importance:
Les logiciels de sécurité (antivirus, anti-troyens ...), même les meilleurs, ne sont pas efficaces à 100% contre les menaces actuelles. Pour protéger efficacement ton PC il faut que tu connaisses les pièges tendus sur le net et que tu apprennes à les éviter. Pour cela, je t'invite à lire ce document de la Lutte Antimalwares. (Au format PDF)
Il est très complet alors prends ton temps pour le lire et fais le circuler autour de toi.

NB: Les vers MSN sont très répandus et se propagent par MSN (bien sûr!). Donc préviens Marine qu'elle ne doit en aucun cas télécharger un fichier ou cliquer sur un lien dans MSN, même si elle connait l'expéditeur.
Avant d'ouvrir le lien ou de télécharger le fichier, il faut qu'elle demande à l'expéditeur si c'est vraiment lui qui lui a envoyé tout ça. :wink:





:arrow: Pour les problèmes de lenteur du PC, il suffit peut-être de défragmenter tes partitions pour que Windows accède plus rapidement aux fichiers.
Dans tous les cas, ça ne peut pas faire de mal, au contraire.
Pour ça, suis ce tuto: Lancer une défragmentation sous Windows XP.
Image
Avatar de l’utilisateur
Marie
Administratrice
Administratrice
 
Messages: 21960
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var
Haut
Suivante
Répondre

Retourner vers Aide pour supprimer les virus

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités

Powered by phpBB® Forum Software © phpBB Group
Spider tracking tool for webmaster - SEO script - Outil de suivi des robots pour webmaster
Traduction par: phpBB-fr.com
phpBB SEO