Merci Regis59.
Voila le log donné par Hijackthis


Logfile of HijackThis v1.99.1
Scan saved at 17:41:47, on 09/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=7&key=MED
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dash view] D:\DOCUME~1\CHRIST~1\APPLIC~1\THIRDT~1\Tick Draw.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vivi-tito.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:38, on 01/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATICAE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\ben ben\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb­arNotifier.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\ben ben\Documents\HijackThis\HiJackThis.exe
C:\Program Files\Windows Media Player\wmplayer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\Windows\TEMP\E_S16BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\ben ben\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Error mail] "C:\ProgramData\Upload Bags Bags.71l8ud"
O4 - HKCU\..\Run: [LESS CITY AMEN SETUP] "C:\ProgramData\axis rule frag.2kaa3eh"
O4 - HKCU\..\Run: [AdwareBot] C:\Program Files\AdwareBot\AdwareBot.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [] (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
End of file - 11659 bytes

Logfile of HijackThis v1.99.1
Scan saved at 15:11:38, on 01/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Connect\mswmcls.exe
C:\WINDOWS\system32\drivers\Icon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe­
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Shareaza\Shareaza.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iWizz\iWizz.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\MSN Toolbar Suite\SL\02.05.0001.1119\fr-fr\msn_sl.exe
C:\DOCUME~1\Fabien\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Icon] C:\WINDOWS\system32\drivers\Icon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [EmailChecker] C:\APPS\EmailChecker\ech.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Cake Wipe Inside Wma] C:\Documents and Settings\All Users\Application Data\flag barb cake wipe\16 Bore.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [way meet] C:\DOCUME~1\Fabien\APPLIC~1\ONCEAU~1\find wma.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\microsoft office\Office\OSA9.EXE
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe

Merci encore

Voici le rapport:

Rapport fait à 22:13:48,71 le 09/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\aa42012516fb491ead0f72

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\Documents and Settings

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\MSOCache

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\Nouveau dossier

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\RECYCLER

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\System Volume Information

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\T‚l‚chargements

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 8CB4-F7B5

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
13/01/2006 21:07 <REP> Identities
13/01/2006 21:07 <REP> Macromedia
16/08/2004 18:16 <REP> Microsoft
13/01/2006 21:07 <REP> Real
13/01/2006 21:07 <REP> Symantec
13/01/2006 21:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:16 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 9ÿ661ÿ644ÿ800 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 8CB4-F7B5

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
13/01/2006 21:07 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150020}
13/01/2006 21:07 <REP> ApplicationHistory
16/08/2004 18:16 <REP> Microsoft
13/01/2006 21:07 <REP> PowerCinema
13/01/2006 21:07 135 fusioncache.dat
13/01/2006 21:07 34ÿ232 GDIPFONTCACHEV1.DAT
13/01/2006 21:07 2ÿ692ÿ438 IconCache.db
3 fichier(s) 2ÿ726ÿ805 octets
6 R‚p(s) 9ÿ661ÿ644ÿ800 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\

29/01/2007 21:03 <REP> Nouveau dossier
05/01/2007 00:59 268 sqmdata19.sqm
05/01/2007 00:59 244 sqmnoopt19.sqm
06/12/2006 01:12 268 sqmdata18.sqm
06/12/2006 01:12 0 sqmnoopt18.sqm
05/12/2006 23:56 268 sqmdata17.sqm
05/12/2006 23:56 244 sqmnoopt17.sqm
01/12/2006 01:38 268 sqmdata16.sqm
01/12/2006 01:38 244 sqmnoopt16.sqm
29/11/2006 01:46 268 sqmdata15.sqm
29/11/2006 01:46 244 sqmnoopt15.sqm
28/11/2006 12:42 268 sqmdata14.sqm
28/11/2006 12:42 244 sqmnoopt14.sqm
27/11/2006 23:39 268 sqmdata13.sqm
27/11/2006 23:39 244 sqmnoopt13.sqm
15/11/2006 20:24 <REP> aa42012516fb491ead0f72
14/11/2006 00:23 268 sqmdata12.sqm
14/11/2006 00:23 244 sqmnoopt12.sqm
13/11/2006 16:36 268 sqmdata11.sqm
13/11/2006 16:36 244 sqmnoopt11.sqm
11/11/2006 11:37 <REP> T‚l‚chargements
10/11/2006 18:24 268 sqmdata10.sqm
10/11/2006 18:24 244 sqmnoopt10.sqm
10/11/2006 16:23 268 sqmdata09.sqm
10/11/2006 16:23 244 sqmnoopt09.sqm
09/11/2006 20:54 244 sqmnoopt08.sqm
09/11/2006 20:54 268 sqmdata08.sqm
24/10/2006 18:12 244 sqmnoopt07.sqm
24/10/2006 18:12 268 sqmdata07.sqm
23/10/2006 21:46 268 sqmdata06.sqm
23/10/2006 21:46 244 sqmnoopt06.sqm
23/10/2006 21:40 268 sqmdata05.sqm
23/10/2006 21:40 244 sqmnoopt05.sqm
23/10/2006 17:53 244 sqmnoopt04.sqm
23/10/2006 17:53 268 sqmdata04.sqm
23/10/2006 17:45 244 sqmnoopt03.sqm
23/10/2006 17:45 268 sqmdata03.sqm
17/10/2006 20:52 244 sqmnoopt02.sqm
17/10/2006 20:52 268 sqmdata02.sqm
16/10/2006 23:17 268 sqmdata01.sqm
16/10/2006 23:17 244 sqmnoopt01.sqm
15/10/2006 20:00 268 sqmdata00.sqm
15/10/2006 20:00 244 sqmnoopt00.sqm
11/02/2006 17:23 <REP> MSOCache
07/11/2005 09:11 <REP> Documents and Settings
07/11/2005 00:50 <REP> RECYCLER
07/11/2005 00:12 <REP> System Volume Information
40 fichier(s) 9ÿ996 octets
7 R‚p(s) 20ÿ038ÿ459ÿ392 octets libres

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 8CB4-F7B5

R‚pertoire de C:\Program Files

26/02/2007 12:12 <REP> .
26/02/2007 12:12 <REP> ..
06/12/2006 20:27 <REP> Adobe
11/02/2006 16:18 <REP> Ahead
12/02/2007 21:59 <REP> Aladdin Systems
02/08/2006 19:12 <REP> Alcohol Soft
07/11/2005 00:19 <REP> AMD
17/01/2006 15:21 <REP> AOL 9.0
07/11/2005 00:30 <REP> AOL Compagnon
02/12/2006 14:32 <REP> AVI to VCD SVCD DVD Converter
13/11/2006 13:57 <REP> BitComet
09/02/2007 16:11 <REP> BitDownload
13/01/2006 22:38 <REP> Ciel
02/08/2006 19:24 <REP> Codemasters
16/08/2004 18:05 <REP> ComPlus Applications
18/01/2006 22:28 <REP> Convertor
25/09/2006 16:04 <REP> Cubemaster 2000
07/11/2005 00:39 <REP> CyberLink
29/11/2006 01:38 <REP> DelMp3Kok
09/10/2006 14:38 <REP> Disney Interactive
22/01/2007 13:48 <REP> Doom 3
02/12/2006 14:38 <REP> DVDx
08/03/2007 20:33 <REP> eMule
09/02/2007 16:09 <REP> Fichiers communs
11/01/2007 23:41 <REP> FlashFXP
09/02/2007 16:56 <REP> GecoMaes
07/11/2005 00:36 <REP> GMixon
09/02/2007 17:33 <REP> Google
26/01/2007 13:41 <REP> GrabIt
11/01/2007 13:04 <REP> Heredis 8
29/11/2006 01:24 <REP> Illustrate
16/02/2007 13:00 <REP> Internet Explorer
13/01/2006 22:40 <REP> ISSENDIS
07/11/2005 00:23 <REP> Java
23/10/2006 19:09 <REP> K!TV
05/12/2006 23:19 <REP> KaraFun
15/01/2006 19:30 <REP> K-Lite Codec Pack
02/08/2006 19:48 <REP> KONAMI
18/01/2006 22:28 <REP> Lavalys
12/01/2007 15:06 <REP> Lavasoft
07/11/2005 00:30 <REP> Learn2.com
02/08/2006 20:40 <REP> Logitech
16/08/2004 18:03 <REP> Messenger
02/02/2006 19:59 <REP> MeuhMeuhTV
04/02/2006 14:01 <REP> Micro Application
16/08/2004 18:11 <REP> microsoft frontpage
11/02/2006 17:25 <REP> Microsoft Office
11/02/2006 17:24 <REP> Microsoft.NET
16/08/2004 18:06 <REP> Movie Maker
15/01/2007 00:54 <REP> Mozilla Firefox
16/08/2004 18:03 <REP> MSN
16/08/2004 18:03 <REP> MSN Gaming Zone
08/03/2007 16:47 <REP> MSN Messenger
15/11/2006 20:24 <REP> MSXML 4.0
25/02/2006 09:44 <REP> National Instruments
16/08/2004 18:06 <REP> NetMeeting
15/01/2007 00:31 <REP> Norton
25/01/2007 16:48 <REP> Norton AntiVirus
13/01/2006 22:40 <REP> OFFICE One6.5
16/08/2004 18:03 <REP> Online Services
15/12/2006 02:36 <REP> Outlook Express
09/03/2007 00:26 <REP> PacificPoker
12/01/2007 15:05 <REP> Picasa2
01/12/2006 00:20 <REP> QuickTime
13/01/2006 22:39 <REP> Readiris Pro 8
07/11/2005 00:30 <REP> Real
02/08/2006 20:50 <REP> ReflexiveArcade
11/01/2007 02:48 <REP> RegCleaner
05/09/2006 12:05 <REP> Ricochet Xtreme
16/08/2004 18:07 <REP> Services en ligne
01/12/2006 00:21 <REP> SmartSound Software
07/11/2005 00:40 <REP> Sonic
15/01/2007 01:10 <REP> Symantec
17/10/2006 15:09 <REP> SymNetDrv
26/02/2007 12:12 <REP> THIRDTHUNKHELP
15/01/2006 19:37 <REP> ToniArts
14/12/2006 18:59 <REP> Ubi soft
05/12/2006 23:23 <REP> Ulead Systems
23/01/2006 22:17 <REP> VideoLAN
07/11/2005 00:30 <REP> Viewpoint
30/11/2006 21:52 <REP> VirtualDub
02/08/2006 20:49 <REP> WildTangent
25/09/2006 15:22 <REP> Win G‚n‚alogic
12/01/2007 17:06 <REP> Windows Installer Clean Up
07/11/2005 00:38 <REP> Windows Media Components
27/11/2006 23:35 <REP> Windows Media Connect 2
27/11/2006 23:35 <REP> Windows Media Player
16/08/2004 18:03 <REP> Windows NT
01/12/2006 22:04 <REP> winOKE Ltd
11/01/2007 13:04 <REP> WinRAR
16/08/2004 18:11 <REP> xerox
11/01/2007 00:16 <REP> XisoManager
0 fichier(s) 0 octets
92 R‚p(s) 9ÿ661ÿ636ÿ608 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.packardbell.fr REG_NONE
www.3suisses.fr REG_BINARY
www.cmonjour.com REG_BINARY
www.laredoute.fr REG_BINARY
www.super-secretaire.com REG_BINARY
www.manpower.fr REG_BINARY
www.anpe.fr REG_BINARY
www.grattage.com REG_BINARY 0000
*.fr.prizee.com REG_BINARY
www.code-hit.com REG_BINARY
www.concours.fr REG_BINARY
www.keljob.com REG_BINARY
www.skihorizon.com REG_BINARY
www.travelski.com REG_BINARY
fr.france-montagnes.com REG_BINARY
www.skibed.com REG_BINARY
www.sports-hiver.com REG_BINARY
www.homelidays.com REG_BINARY
www.skifrance.fr REG_BINARY
www.2alpeservices.com REG_BINARY
www.chalets-des-alpes.fr REG_BINARY
www.123skichalets.com REG_BINARY
www.les2alpes.com REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
netsearchsoft.com REG_SZ
www.netsearchsoft.com REG_SZ
www.carriereonline.com REG_BINARY
www.ameli.fr REG_BINARY
www.chalet-montagne.com REG_BINARY
www38.mappy.com REG_BINARY

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.od2.com
<SANS NOM> REG_SZ 0

* Mozilla Firefox (1 autorisé 2 interdit)

---------- D:\DOCUMENTS AND SETTINGS\CHRISTOPHE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T81LBB6A.DEFAULT\HOSTPERM.1

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://format.packardbell.com/...

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Dash view REG_SZ D:\DOCUME~1\CHRIST~1\APPLIC~1\THIRDT~1\Tick Draw.exe

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
command REG_SZ D:\Documents and Settings\All Users\Application Data\Play Tick Copy For\Dash Logo.exe
command REG_SZ D:\DOCUME~1\CHRIST~1\APPLIC~1\THIRDT~1\Tick Draw.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************

Salut voila le rapport

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 11:48:01 12/03/2007

+ Résultat de l'analyse:



D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\R­P191\A0035942.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP192\A0035944.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP192\A0036942.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP192\A0036953.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP193\A0036955.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP193\A0036985.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP194\A0036987.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP196\A0037143.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP197\A0037153.exe -> Downloader.Agent.aii : Nettoyé et sauvegardé (mise en quarantaine).
C:\SET UP\Programmes-Cracks Télechargés\WinOKE_v3[1].23_WORKING-DIGERATI.rar/run.exe -> Downloader.Zlob.bbs : Nettoyé et sauvegardé (mise en quarantaine).
C:\SET UP\Programmes-Cracks Télechargés\WinOke[1].v3.23.WinAll.Incl.Patch-EiTheL.rar/run.exe -> Downloader.Zlob.bbs : Nettoyé et sauvegardé (mise en quarantaine).
D:\Documents and Settings\Christophe\Mes documents\Mes jeux\JEUX PC\LE MAILLON FAIBLE\TEST 1\CRACK\Le_Maillon_Faible_NoCD[GJeux]\le_maillon_faible_1001.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Nettoyé et sauvegardé (mise en quarantaine).
D:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP195\A0037107.exe -> Proxy.Horst.vs : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.114:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.115:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.116:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.117:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.118:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@msnlivefavorites.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@notrefamille.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@partygaming.122.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.34:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.35:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.36:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.42:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.43:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.92:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.93:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.94:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.71:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.113:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.99:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.112:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
:mozilla.145:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@banner.casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@casinoking[1].txt -> TrackingCookie.Casinoking : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.151:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Nettoyé.
:mozilla.22:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.23:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.26:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@banner.goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@goldenpalace[1].txt -> TrackingCookie.Goldenpalace : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@ehg-discoverynetwork.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@ilead.itrack[1].txt -> TrackingCookie.Itrack : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@www.lop[2].txt -> TrackingCookie.Lop : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.119:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.120:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.121:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.122:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.138:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.139:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.140:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.141:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé.
:mozilla.136:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.137:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.81:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
:mozilla.87:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.88:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.89:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Valuead : Nettoyé.
:mozilla.76:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.12:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.13:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.14:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.15:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.16:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.17:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.18:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.19:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.20:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.21:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.24:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.7:D:\Documents and Settings\Christophe\Application Data\Mozilla\Firefox\Profiles\t81lbb6a.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
D:\Documents and Settings\Christophe\Cookies\christophe@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
C:\Program Files\BitDownload\ZM\minime.exe -> Trojan.Inject.ba : Nettoyé et sauvegardé (mise en quarantaine).

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 15:17:42 14/03/2007

+ Résultat de l'analyse:

Rien à signaler.

Fin du rapport
______________________________________________________
______________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 15:19:30, on 14/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\niSvcLoc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dash view] D:\DOCUME~1\CHRIST~1\APPLIC~1\THIRDT~1\Tick Draw.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vivi-tito.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Unknown owner - C:\Program Files\Norton Internet Security\ISSVC.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NILM License manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments - C:\WINDOWS\system32\niSvcLoc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
____________________________________________________________________________________________________________

Rapport fait à 15:20:52,51 le 14/03/2007

******************************************
## Répertoires Application Data

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\aa42012516fb491ead0f72

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\Documents and Settings

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\MSOCache

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\RECYCLER

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\System Volume Information

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\T‚l‚chargements

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 8CB4-F7B5

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
13/01/2006 21:07 <REP> Identities
13/01/2006 21:07 <REP> Macromedia
16/08/2004 18:16 <REP> Microsoft
13/01/2006 21:07 <REP> Real
13/01/2006 21:07 <REP> Symantec
13/01/2006 21:07 <REP> You've Got Pictures Screensaver
16/08/2004 18:16 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 9ÿ434ÿ992ÿ640 octets libres
Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 8CB4-F7B5

R‚pertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

16/08/2004 18:16 <REP> .
16/08/2004 18:16 <REP> ..
13/01/2006 21:07 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150020}
13/01/2006 21:07 <REP> ApplicationHistory
16/08/2004 18:16 <REP> Microsoft
13/01/2006 21:07 <REP> PowerCinema
13/01/2006 21:07 135 fusioncache.dat
13/01/2006 21:07 34ÿ232 GDIPFONTCACHEV1.DAT
13/01/2006 21:07 2ÿ692ÿ438 IconCache.db
3 fichier(s) 2ÿ726ÿ805 octets
6 R‚p(s) 9ÿ434ÿ992ÿ640 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur D s'appelle DATA
Le num‚ro de s‚rie du volume est B0C9-D054

R‚pertoire de D:\

05/01/2007 00:59 268 sqmdata19.sqm
05/01/2007 00:59 244 sqmnoopt19.sqm
06/12/2006 01:12 268 sqmdata18.sqm
06/12/2006 01:12 0 sqmnoopt18.sqm
05/12/2006 23:56 268 sqmdata17.sqm
05/12/2006 23:56 244 sqmnoopt17.sqm
01/12/2006 01:38 268 sqmdata16.sqm
01/12/2006 01:38 244 sqmnoopt16.sqm
29/11/2006 01:46 268 sqmdata15.sqm
29/11/2006 01:46 244 sqmnoopt15.sqm
28/11/2006 12:42 268 sqmdata14.sqm
28/11/2006 12:42 244 sqmnoopt14.sqm
27/11/2006 23:39 268 sqmdata13.sqm
27/11/2006 23:39 244 sqmnoopt13.sqm
15/11/2006 20:24 <REP> aa42012516fb491ead0f72
14/11/2006 00:23 268 sqmdata12.sqm
14/11/2006 00:23 244 sqmnoopt12.sqm
13/11/2006 16:36 268 sqmdata11.sqm
13/11/2006 16:36 244 sqmnoopt11.sqm
11/11/2006 11:37 <REP> T‚l‚chargements
10/11/2006 18:24 268 sqmdata10.sqm
10/11/2006 18:24 244 sqmnoopt10.sqm
10/11/2006 16:23 268 sqmdata09.sqm
10/11/2006 16:23 244 sqmnoopt09.sqm
09/11/2006 20:54 244 sqmnoopt08.sqm
09/11/2006 20:54 268 sqmdata08.sqm
24/10/2006 18:12 244 sqmnoopt07.sqm
24/10/2006 18:12 268 sqmdata07.sqm
23/10/2006 21:46 268 sqmdata06.sqm
23/10/2006 21:46 244 sqmnoopt06.sqm
23/10/2006 21:40 268 sqmdata05.sqm
23/10/2006 21:40 244 sqmnoopt05.sqm
23/10/2006 17:53 244 sqmnoopt04.sqm
23/10/2006 17:53 268 sqmdata04.sqm
23/10/2006 17:45 244 sqmnoopt03.sqm
23/10/2006 17:45 268 sqmdata03.sqm
17/10/2006 20:52 244 sqmnoopt02.sqm
17/10/2006 20:52 268 sqmdata02.sqm
16/10/2006 23:17 268 sqmdata01.sqm
16/10/2006 23:17 244 sqmnoopt01.sqm
15/10/2006 20:00 268 sqmdata00.sqm
15/10/2006 20:00 244 sqmnoopt00.sqm
11/02/2006 17:23 <REP> MSOCache
07/11/2005 09:11 <REP> Documents and Settings
07/11/2005 00:50 <REP> RECYCLER
07/11/2005 00:12 <REP> System Volume Information
40 fichier(s) 9ÿ996 octets
6 R‚p(s) 26ÿ024ÿ087ÿ552 octets libres

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle HDD
Le num‚ro de s‚rie du volume est 8CB4-F7B5

R‚pertoire de C:\Program Files

13/03/2007 16:04 <REP> .
13/03/2007 16:04 <REP> ..
06/12/2006 20:27 <REP> Adobe
11/02/2006 16:18 <REP> Ahead
12/02/2007 21:59 <REP> Aladdin Systems
02/08/2006 19:12 <REP> Alcohol Soft
07/11/2005 00:19 <REP> AMD
17/01/2006 15:21 <REP> AOL 9.0
07/11/2005 00:30 <REP> AOL Compagnon
02/12/2006 14:32 <REP> AVI to VCD SVCD DVD Converter
13/11/2006 13:57 <REP> BitComet
09/02/2007 16:11 <REP> BitDownload
13/01/2006 22:38 <REP> Ciel
02/08/2006 19:24 <REP> Codemasters
16/08/2004 18:05 <REP> ComPlus Applications
18/01/2006 22:28 <REP> Convertor
25/09/2006 16:04 <REP> Cubemaster 2000
07/11/2005 00:39 <REP> CyberLink
29/11/2006 01:38 <REP> DelMp3Kok
09/10/2006 14:38 <REP> Disney Interactive
22/01/2007 13:48 <REP> Doom 3
02/12/2006 14:38 <REP> DVDx
08/03/2007 20:33 <REP> eMule
13/03/2007 16:04 <REP> Fichiers communs
11/01/2007 23:41 <REP> FlashFXP
09/02/2007 16:56 <REP> GecoMaes
07/11/2005 00:36 <REP> GMixon
09/02/2007 17:33 <REP> Google
26/01/2007 13:41 <REP> GrabIt
12/03/2007 10:54 <REP> Grisoft
11/01/2007 13:04 <REP> Heredis 8
29/11/2006 01:24 <REP> Illustrate
16/02/2007 13:00 <REP> Internet Explorer
13/01/2006 22:40 <REP> ISSENDIS
13/03/2007 15:50 <REP> Java
23/10/2006 19:09 <REP> K!TV
05/12/2006 23:19 <REP> KaraFun
15/01/2006 19:30 <REP> K-Lite Codec Pack
02/08/2006 19:48 <REP> KONAMI
18/01/2006 22:28 <REP> Lavalys
12/01/2007 15:06 <REP> Lavasoft
07/11/2005 00:30 <REP> Learn2.com
02/08/2006 20:40 <REP> Logitech
16/08/2004 18:03 <REP> Messenger
02/02/2006 19:59 <REP> MeuhMeuhTV
04/02/2006 14:01 <REP> Micro Application
16/08/2004 18:11 <REP> microsoft frontpage
11/02/2006 17:25 <REP> Microsoft Office
11/02/2006 17:24 <REP> Microsoft.NET
16/08/2004 18:06 <REP> Movie Maker
15/01/2007 00:54 <REP> Mozilla Firefox
16/08/2004 18:03 <REP> MSN
16/08/2004 18:03 <REP> MSN Gaming Zone
08/03/2007 16:47 <REP> MSN Messenger
15/11/2006 20:24 <REP> MSXML 4.0
25/02/2006 09:44 <REP> National Instruments
16/08/2004 18:06 <REP> NetMeeting
15/01/2007 00:31 <REP> Norton
25/01/2007 16:48 <REP> Norton AntiVirus
13/01/2006 22:40 <REP> OFFICE One6.5
16/08/2004 18:03 <REP> Online Services
15/12/2006 02:36 <REP> Outlook Express
09/03/2007 00:26 <REP> PacificPoker
12/01/2007 15:05 <REP> Picasa2
01/12/2006 00:20 <REP> QuickTime
13/01/2006 22:39 <REP> Readiris Pro 8
07/11/2005 00:30 <REP> Real
02/08/2006 20:50 <REP> ReflexiveArcade
11/01/2007 02:48 <REP> RegCleaner
05/09/2006 12:05 <REP> Ricochet Xtreme
13/03/2007 15:41 <REP> Services en ligne
01/12/2006 00:21 <REP> SmartSound Software
07/11/2005 00:40 <REP> Sonic
15/01/2007 01:10 <REP> Symantec
17/10/2006 15:09 <REP> SymNetDrv
26/02/2007 12:12 <REP> THIRDTHUNKHELP
15/01/2006 19:37 <REP> ToniArts
14/12/2006 18:59 <REP> Ubi soft
05/12/2006 23:23 <REP> Ulead Systems
23/01/2006 22:17 <REP> VideoLAN
07/11/2005 00:30 <REP> Viewpoint
30/11/2006 21:52 <REP> VirtualDub
02/08/2006 20:49 <REP> WildTangent
25/09/2006 15:22 <REP> Win G‚n‚alogic
12/01/2007 17:06 <REP> Windows Installer Clean Up
07/11/2005 00:38 <REP> Windows Media Components
27/11/2006 23:35 <REP> Windows Media Connect 2
27/11/2006 23:35 <REP> Windows Media Player
16/08/2004 18:03 <REP> Windows NT
01/12/2006 22:04 <REP> winOKE Ltd
11/01/2007 13:04 <REP> WinRAR
16/08/2004 18:11 <REP> xerox
11/01/2007 00:16 <REP> XisoManager
0 fichier(s) 0 octets
93 R‚p(s) 9ÿ434ÿ984ÿ448 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.packardbell.fr REG_NONE
www.3suisses.fr REG_BINARY
www.cmonjour.com REG_BINARY
www.laredoute.fr REG_BINARY
www.super-secretaire.com REG_BINARY
www.manpower.fr REG_BINARY
www.anpe.fr REG_BINARY
www.grattage.com REG_BINARY 0000
*.fr.prizee.com REG_BINARY
www.code-hit.com REG_BINARY
www.concours.fr REG_BINARY
www.keljob.com REG_BINARY
www.skihorizon.com REG_BINARY
www.travelski.com REG_BINARY
fr.france-montagnes.com REG_BINARY
www.skibed.com REG_BINARY
www.sports-hiver.com REG_BINARY
www.homelidays.com REG_BINARY
www.skifrance.fr REG_BINARY
www.2alpeservices.com REG_BINARY
www.chalets-des-alpes.fr REG_BINARY
www.123skichalets.com REG_BINARY
www.les2alpes.com REG_BINARY
netbios-wait.com REG_SZ
www.netbios-wait.com REG_SZ
netsearchsoft.com REG_SZ
www.netsearchsoft.com REG_SZ
www.carriereonline.com REG_BINARY
www.ameli.fr REG_BINARY
www.chalet-montagne.com REG_BINARY
www38.mappy.com REG_BINARY
www.valence-major.fr REG_BINARY
www.assedic.fr REG_BINARY
www.aufeminin.com REG_BINARY

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\*.od2.com
<SANS NOM> REG_SZ 0

* Mozilla Firefox (1 autorisé 2 interdit)

---------- D:\DOCUMENTS AND SETTINGS\CHRISTOPHE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\T81LBB6A.DEFAULT\HOSTPERM.1

******************************************
## Registre

* [HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main]
Search Bar REG_SZ http://format.packardbell.com/...

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Dash view REG_SZ D:\DOCUME~1\CHRIST~1\APPLIC~1\THIRDT~1\Tick Draw.exe

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
command REG_SZ D:\Documents and Settings\All Users\Application Data\Play Tick Copy For\Dash Logo.exe
command REG_SZ D:\DOCUME~1\CHRIST~1\APPLIC~1\THIRDT~1\Tick Draw.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"

*************** Fin du rapport ****************

"Tu comprends bien le francais?"
- Oui.

"faire un copier coller du log entier "
- Voila:

Logfile of HijackThis v1.99.1
Scan saved at 17:57:26, on 1/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Documents and Settings\test\Bureau\SAVE3\USD1\USDownloader.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\DOCUME~1\test\Bureau\SAVE2\FOXITR~1.0BE\FOXITR~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\\IC Card Reader Driver v1.8e2\Disk_Monitor.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [start blue] C:\DOCUME~1\test\APPLIC~1\PUREBO~1\bikemfcd.exe
O4 - HKCU\..\Run: [USDownloader] "C:\Documents and Settings\test\Bureau\SAVE3\USD1\USDownloader.exe"
O4 - Global Startup: Contrôleur de calendrier Ulead.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Multitran - http://multitran.ru/ietran.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} (WaveTab Control) - file:///D:/setup/RiffLick.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe