Double^^ ¨¨qui me prend la tête
Résolu
Chomei
Messages postés
3
Date d'inscription
Statut
Membre
Dernière intervention
-
Chomei Messages postés 3 Date d'inscription Statut Membre Dernière intervention -
Chomei Messages postés 3 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Depuis vendredi matin je me bats avec cet accent ^^¨¨
aprés avoir utilisé Hijackthis voici son rapport mais je ne comprend rien
J'ai changé de clavier
refait une restauration antérieure
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:04, on 23/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [bdyhegr] c:\windows\system32\bdyhegr.exe bdyhegr
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSN Optimized;FR)" -"http://ww12.gamevial.com"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweapon/sis/popcaploader_v10.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Depuis vendredi matin je me bats avec cet accent ^^¨¨
aprés avoir utilisé Hijackthis voici son rapport mais je ne comprend rien
J'ai changé de clavier
refait une restauration antérieure
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:04, on 23/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.370.0\OEAddOn.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\system32\lnaccess.exe /res
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [bdyhegr] c:\windows\system32\bdyhegr.exe bdyhegr
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSN Optimized;FR)" -"http://ww12.gamevial.com"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.26\ShoppingReport.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/heavyweapon/sis/popcaploader_v10.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:
- Double^^ ¨¨qui me prend la tête
- Double ecran - Guide
- Whatsapp double sim - Guide
- Double driver - Télécharger - Pilotes & Matériel
- Double appel - Guide
- Double boot - Guide
20 réponses
oui c'est moi même mais je peux l'enlever si tu veux
Je viens de m'apercevoir que l'accent remarche comme il faut
mais dis moi si il y a quelque chose à enlever quand même
Merci
Je viens de m'apercevoir que l'accent remarche comme il faut
mais dis moi si il y a quelque chose à enlever quand même
Merci
Tu peux dors et déjà supprimer SweetIM qui est un logiciel non recommandé si tu veux garder ton PC propre.
Et tu as choppé "Instant Access". On va déjà voir si avec Malwarebytes anti-malware, il part ou pas.
Pour ça, télécharge et installe ce programme, demande la mise à jour en fin d'installation.
Ensuite, redémarre ton PC en mode sans échec (F8 en rafale au démarrage du Bios) lance MBAM et choisis "Faire un examen complet". Ça peut être asser long si tu as beaucoup de données à analyser.
Attends la fin de l'analyse, un rapport va être généré (il faut cliquer sur "afficher le rapport" en bas à droite) et colle-le ici. Ne referme pas le logiciel
Et tu as choppé "Instant Access". On va déjà voir si avec Malwarebytes anti-malware, il part ou pas.
Pour ça, télécharge et installe ce programme, demande la mise à jour en fin d'installation.
Ensuite, redémarre ton PC en mode sans échec (F8 en rafale au démarrage du Bios) lance MBAM et choisis "Faire un examen complet". Ça peut être asser long si tu as beaucoup de données à analyser.
Attends la fin de l'analyse, un rapport va être généré (il faut cliquer sur "afficher le rapport" en bas à droite) et colle-le ici. Ne referme pas le logiciel
Voici le rapport que j'ai eu en faisant une étude compléte
(je n'ai pas réussi à faire par F8 car je ne savais ce qu'il fallait faire une fois le panneau bleu ouvert)
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
29/12/2008 10:11:02
mbam-log-2008-12-29 (10-10-43).txt
Type de recherche: Examen complet (C:\|D:\|I:\|)
Eléments examinés: 242471
Temps écoulé: 3 hour(s), 5 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 70
Fichier(s) infecté(s): 115
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl.dat (Adware.Navipromo.H) -> No action taken.
C:\Program Files\Instant Access\Center\CrazyGirls.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\GamesDesktop.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\SerialPlayers.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\SerialPlayers.lnk (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits\ddffd1077aac0f1de77fb2c13d07abe8 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js\72fec2c397e9615ca3a4fdd702fe0cc2 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_05.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_06.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_07.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_08.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_10.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits\96378f02d6abc1f07b7f9bc2c4ba0af3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js\3b793f3a127bce4906d17a8b92aba6dc (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\head01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\null.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\text00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\2702d8568fcf8708e32eb2130151469a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\urchin.js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits\03157665e062297af7663196bfe18c80 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js\de03eb7b5d65fc8cd6764361a3a9c53b (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits\74df60e1c813b799f151d34b23a10c3f (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js\ab8a2a77307f30d57b6b5b486ff52b2a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_07.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_09.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_10.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits\0318f9b23ad047ee30b8b38fe7f17753 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits\1574e673f91d9c5614a2074eab37e4e7 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js\6666550953e2145a4c02760b20359fd0 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\bg.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button1.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button2.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits\9ab3eb38ad9c756de1e0e54df837f595 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js\c4460f0877e460e28dd894c5a1667b76 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits\c50a90f1d4dad566c71b20d60ab62d9e (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits\e431e62ebd4061c2e7dc3726f6d18e9d (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js\583428b3d8008eef575c362a9e1234b3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32\007EAD04.uf (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\LDPackage.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
(je n'ai pas réussi à faire par F8 car je ne savais ce qu'il fallait faire une fois le panneau bleu ouvert)
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
29/12/2008 10:11:02
mbam-log-2008-12-29 (10-10-43).txt
Type de recherche: Examen complet (C:\|D:\|I:\|)
Eléments examinés: 242471
Temps écoulé: 3 hour(s), 5 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 70
Fichier(s) infecté(s): 115
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl.dat (Adware.Navipromo.H) -> No action taken.
C:\Program Files\Instant Access\Center\CrazyGirls.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\GamesDesktop.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\SerialPlayers.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\SerialPlayers.lnk (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits\ddffd1077aac0f1de77fb2c13d07abe8 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js\72fec2c397e9615ca3a4fdd702fe0cc2 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_05.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_06.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_07.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_08.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_10.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits\96378f02d6abc1f07b7f9bc2c4ba0af3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js\3b793f3a127bce4906d17a8b92aba6dc (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\head01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\null.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\text00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\2702d8568fcf8708e32eb2130151469a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\urchin.js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits\03157665e062297af7663196bfe18c80 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js\de03eb7b5d65fc8cd6764361a3a9c53b (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits\74df60e1c813b799f151d34b23a10c3f (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js\ab8a2a77307f30d57b6b5b486ff52b2a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_07.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_09.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_10.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits\0318f9b23ad047ee30b8b38fe7f17753 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits\1574e673f91d9c5614a2074eab37e4e7 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js\6666550953e2145a4c02760b20359fd0 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\bg.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button1.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button2.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits\9ab3eb38ad9c756de1e0e54df837f595 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js\c4460f0877e460e28dd894c5a1667b76 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits\c50a90f1d4dad566c71b20d60ab62d9e (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits\e431e62ebd4061c2e7dc3726f6d18e9d (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js\583428b3d8008eef575c362a9e1234b3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32\007EAD04.uf (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\LDPackage.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
voilà j'ai réussi à démarrer "mode sans echec"
le résultat:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
30/12/2008 09:16:01
mbam-log-2008-12-30 (09-15-58).txt
Type de recherche: Examen complet (C:\|D:\|I:\|)
Eléments examinés: 257722
Temps écoulé: 2 hour(s), 35 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 70
Fichier(s) infecté(s): 115
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl.dat (Adware.Navipromo.H) -> No action taken.
C:\Program Files\Instant Access\Center\CrazyGirls.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\GamesDesktop.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\SerialPlayers.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\SerialPlayers.lnk (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits\ddffd1077aac0f1de77fb2c13d07abe8 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js\72fec2c397e9615ca3a4fdd702fe0cc2 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_05.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_06.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_07.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_08.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_10.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits\96378f02d6abc1f07b7f9bc2c4ba0af3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js\3b793f3a127bce4906d17a8b92aba6dc (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\head01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\null.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\text00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\2702d8568fcf8708e32eb2130151469a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\urchin.js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits\03157665e062297af7663196bfe18c80 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js\de03eb7b5d65fc8cd6764361a3a9c53b (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits\74df60e1c813b799f151d34b23a10c3f (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js\ab8a2a77307f30d57b6b5b486ff52b2a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_07.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_09.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_10.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits\0318f9b23ad047ee30b8b38fe7f17753 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits\1574e673f91d9c5614a2074eab37e4e7 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js\6666550953e2145a4c02760b20359fd0 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\bg.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button1.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button2.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits\9ab3eb38ad9c756de1e0e54df837f595 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js\c4460f0877e460e28dd894c5a1667b76 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits\c50a90f1d4dad566c71b20d60ab62d9e (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits\e431e62ebd4061c2e7dc3726f6d18e9d (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js\583428b3d8008eef575c362a9e1234b3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32\007EAD04.uf (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\LDPackage.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
J'ai mis en quarantaine tout ce qui concerne "Instant Access"
Que dois-je faire maintenant?
le résultat:
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
30/12/2008 09:16:01
mbam-log-2008-12-30 (09-15-58).txt
Type de recherche: Examen complet (C:\|D:\|I:\|)
Eléments examinés: 257722
Temps écoulé: 2 hour(s), 35 minute(s), 17 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 43
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 70
Fichier(s) infecté(s): 115
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access (Adware.InstantAccess) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Instant Access (Adware.InstantAccess) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Instant Access (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_navps.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_nav.dat (Adware.Navipromo.H) -> No action taken.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl.dat (Adware.Navipromo.H) -> No action taken.
C:\Program Files\Instant Access\Center\CrazyGirls.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\GamesDesktop.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\SerialPlayers.upd (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Center\tray1.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\SerialPlayers.lnk (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\hits\ddffd1077aac0f1de77fb2c13d07abe8 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\external-api.dlv4.com\js\72fec2c397e9615ca3a4fdd702fe0cc2 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\d89e9d1bfbe26ffee314f7b623eb6120.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_05.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_06.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_07.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_08.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\index_10.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1054272810\fp.pc-on-internet.com\50251\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\hits\96378f02d6abc1f07b7f9bc2c4ba0af3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\external-api.dlv4.com\js\3b793f3a127bce4906d17a8b92aba6dc (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\29a145fdddfd8887e1d4984182574b1e.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\bg00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\head01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\null.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\fp.pc-on-internet.com\50295\images\text00.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\2702d8568fcf8708e32eb2130151469a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\1097398822\www.google-analytics.com\urchin.js (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\hits\03157665e062297af7663196bfe18c80 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\external-api.dlv4.com\js\de03eb7b5d65fc8cd6764361a3a9c53b (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\ba65ababd5c72f29595f3bda44ace2f5.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\146488743\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\hits\74df60e1c813b799f151d34b23a10c3f (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\external-api.dlv4.com\js\ab8a2a77307f30d57b6b5b486ff52b2a (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\2d37137c7567a0b2bdc7634936291cbe.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_02.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_03.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_04.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_07.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_09.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\index_10.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\228597935\fp.pc-on-internet.com\50287\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\hits\0318f9b23ad047ee30b8b38fe7f17753 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\428360174\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\hits\1574e673f91d9c5614a2074eab37e4e7 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\external-api.dlv4.com\js\6666550953e2145a4c02760b20359fd0 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\379906f4f31fdd46a234549bfe4fa7f6.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\bg.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button1.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\button2.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_01.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\492771288\fp.pc-on-internet.com\50081\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\hits\9ab3eb38ad9c756de1e0e54df837f595 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\external-api.dlv4.com\js\c4460f0877e460e28dd894c5a1667b76 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\49632f4ba2e78c0c0e5096f45f470242.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\loading.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\67248272\fp.pc-on-internet.com\50264\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\hits\c50a90f1d4dad566c71b20d60ab62d9e (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\external-api.dlv4.com\js\64335831ea3c241ef36f3df6acc46f46 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\e94e6fdbef503a74cdcb371f1e866a10.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_05.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\index_06.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\756000861\fp.pc-on-internet.com\50246\images\product.ico (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\hits\e431e62ebd4061c2e7dc3726f6d18e9d (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\external-api.dlv4.com\js\583428b3d8008eef575c362a9e1234b3 (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\831fd574298679f5174deba4893527df.html_0.loginvis (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\button.gif (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_01.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_02.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_03.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\Instant Access\Dialer\929659008\fp.pc-on-internet.com\50220\images\index_04.jpg (Adware.EGDAccess) -> No action taken.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> No action taken.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> No action taken.
C:\WINDOWS\system32\twain_32\007EAD04.uf (Backdoor.Bot) -> No action taken.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\LDPackage.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> No action taken.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> No action taken.
J'ai mis en quarantaine tout ce qui concerne "Instant Access"
Que dois-je faire maintenant?
Bonjour et bonne année,
Je vois que tu es superbement bien infecté. Tout ce que Malwarebytes a trouvé et marqué comme infecté doit être supprimé sans état d'âme.
Je pense qu'il va falloir que tu refasses ton scan complet en mode sans échec et à la fin, soit Malwarebytes va supprimer tout seul soit tu devras le lui signifier en cliquant sur "Tout supprimer" en bas à gauche sous la liste des éléments infectés.
Je vois que tu es superbement bien infecté. Tout ce que Malwarebytes a trouvé et marqué comme infecté doit être supprimé sans état d'âme.
Je pense qu'il va falloir que tu refasses ton scan complet en mode sans échec et à la fin, soit Malwarebytes va supprimer tout seul soit tu devras le lui signifier en cliquant sur "Tout supprimer" en bas à gauche sous la liste des éléments infectés.
Salut,
▶ Ouvre Malwarebyte,
▶ Clic sur l'onglet Quarantaine,
▶ Supprime tout ce que la quarantaine contient,
▶ Si il te propose de redémarrer ton PC =>Accepte
▶ Si il ne te le propose pas =>Redémarre normalement ton PC
▶ Poste le rapport suite à la suppression sur le forum.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Installe NAVILOG1
Remarque concernant la détection de Navilog1 par certains programmes de sécurités :
▶ Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\
Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe
(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)
Une fois l'installation terminé, pour lancer le fix :
- en utilisant le raccourci crée sur le bureau : Navilog1
- Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1
Après le choix de la langue et les messages d'avertissement, le menu s'affiche.
Faite le choix 1
Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.
(si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)
Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Ouvre Malwarebyte,
▶ Clic sur l'onglet Quarantaine,
▶ Supprime tout ce que la quarantaine contient,
▶ Si il te propose de redémarrer ton PC =>Accepte
▶ Si il ne te le propose pas =>Redémarre normalement ton PC
▶ Poste le rapport suite à la suppression sur le forum.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
▶ Installe NAVILOG1
Remarque concernant la détection de Navilog1 par certains programmes de sécurités :
▶ Certains fichiers de Navilog1.exe peuvent être considérés comme dangereux et donc supprimés ou neutralisés par certains programmes de sécurités. Ce sont des faux positifs et dans certains cas, vous serez amener à désactiver votre protection le temps du téléchargement/utilisation de Navilog1.
/ !\ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement. / !\
Le lancement de l'installation de Navilog1 se fait en exécutant Navilog1.exe
(Si vous avez téléchargé navilog1.zip, Veuillez auparavant décompresser ce fichier)
Une fois l'installation terminé, pour lancer le fix :
- en utilisant le raccourci crée sur le bureau : Navilog1
- Via le poste de travail, en exécutant le fichier Navilog1.bat se trouvant dans %program files%Navilog1
Après le choix de la langue et les messages d'avertissement, le menu s'affiche.
Faite le choix 1
Effectue la vérification du système à la recherche de l'adware. Un scan avec catchme de GMER est également éffectué pour Windows XP. Cette analyse peut durer une dizaine de minutes. Patientez alors jusqu'au message «Analyse terminée le ....». Appuyez sur une touche comme demandé et le bloc note va souvrir , Enregistrez-le sur votre disque. Puis Ouvrez-le et Copiez-Collez l'intégralité de ce rapport sur le forum qui vous l'auras demandé.
(si le bloc-note ne s'ouvre pas : Rendez-vous dans votre poste de travail, à la racine du disque C vous trouverez le rapport sous le nom de fixnavi.txt)
Attention : Ne lancez-pas la partie désinfection (choix 2, 3 ou 4) sans l'avis/accord express de l'Helper qui vous as pris en charge sur le forum d'aide ou vous aurez exposer votre problème.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Hier j'ai relancé Malwarebytes' Anti-Malware et fais ce que Zpoupette m'a conseillé.
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
07/01/2009 10:30:54
mbam-log-2009-01-07 (10-30-54).txt
Type de recherche: Examen complet (C:\|D:\|I:\|)
Eléments examinés: 262378
Temps écoulé: 2 hour(s), 52 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 41
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\007EAD04.uf (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LDPackage.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
J'en referai une autre dans la journée pour voir si tout va bien.
Dois-je faire quand même ce que V-X me conseille de faire?
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1550
Windows 5.1.2600 Service Pack 2
07/01/2009 10:30:54
mbam-log-2009-01-07 (10-30-54).txt
Type de recherche: Examen complet (C:\|D:\|I:\|)
Eléments examinés: 262378
Temps écoulé: 2 hour(s), 52 minute(s), 3 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 41
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.Navipromo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07aa283a-43d7-4cbe-a064-32a21112d94d} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\OneStepSearch (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet (Adware.NewDotNet) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Local Settings\Application Data\irlvwabl.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\home.js (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\Program Files\OneStepSearch\readme.html (Adware.OneStepSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\007EAD04.uf (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\model.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\LDPackage.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\silc.dat (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rlph.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
J'en referai une autre dans la journée pour voir si tout va bien.
Dois-je faire quand même ce que V-X me conseille de faire?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voci le résultat
Search Navipromo version 3.7.1 commencé le 08/01/2009 à 11:45:15,39
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Rev 1.00
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:47 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Utilisateur\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Sylvia\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Utilisateur\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Sylvia\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bdyhegr"="c:\\windows\\system32\\bdyhegr.exe bdyhegr"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
bdyhegr.exe.bd.ren trouvé !
bdyhegr.dat trouvé !
bdyhegr.dat.bd.ren trouvé !
bdyhegr_nav.dat.bd.ren trouvé !
bdyhegr_navps.dat.bd.ren trouvé !
* Dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 08/01/2009 à 12:03:25,04 ***
Search Navipromo version 3.7.1 commencé le 08/01/2009 à 11:45:15,39
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Rev 1.00
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:47 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Utilisateur\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Sylvia\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\Utilisateur\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Sylvia\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!
HKEY_CURRENT_USER\Software\Lanconfig
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bdyhegr"="c:\\windows\\system32\\bdyhegr.exe bdyhegr"
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
bdyhegr.exe.bd.ren trouvé !
bdyhegr.dat trouvé !
bdyhegr.dat.bd.ren trouvé !
bdyhegr_nav.dat.bd.ren trouvé !
bdyhegr_navps.dat.bd.ren trouvé !
* Dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat Montorgueil absent !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche autres dossiers et fichiers connus :
*** Analyse terminée le 08/01/2009 à 12:03:25,04 ***
Re,
▶ Navilog1 option2
▶ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement.
▶ Double-clique sur le raccourci Navilog1 présent sur ton Bureau.
▶ Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts.
Appuie sur une touche comme demandé.
(Si ton PC ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
▶ Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport sur ton Bureau de manière à le retrouver.
Referme le Bloc-notes. Ton Bureau va réapparaître
PS : Si ton Bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Cela te fera apparaître ton Bureau
▶ Poste le rapport de Navilog1 (contenu du fichier navi2.txt) en réponse et dis moi si tu constates des améliorations.
/!\Pense à ré-activer ton antivirus et antispyware résident avant de te reconnecter sur "la toile"./!\
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Navilog1 option2
▶ Déconnecte toi du net et désactive ton antivirus et antispyware résident pour que Navilog1 puisse s'exécuter normalement.
▶ Double-clique sur le raccourci Navilog1 présent sur ton Bureau.
▶ Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts.
Appuie sur une touche comme demandé.
(Si ton PC ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
▶ Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport sur ton Bureau de manière à le retrouver.
Referme le Bloc-notes. Ton Bureau va réapparaître
PS : Si ton Bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Cela te fera apparaître ton Bureau
▶ Poste le rapport de Navilog1 (contenu du fichier navi2.txt) en réponse et dis moi si tu constates des améliorations.
/!\Pense à ré-activer ton antivirus et antispyware résident avant de te reconnecter sur "la toile"./!\
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Revoilou
Clean Navipromo version 3.7.1 commencé le 08/01/2009 à 12:39:44,95
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Rev 1.00
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:47 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Utilisateur\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Sylvia\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Utilisateur\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Sylvia\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Utilisateur\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
bdyhegr.exe.bd.ren trouvé !
Copie bdyhegr.exe.bd.ren réalisée avec succès !
bdyhegr.exe.bd.ren supprimé !
bdyhegr.dat trouvé !
Copie bdyhegr.dat réalisée avec succès !
bdyhegr.dat supprimé !
bdyhegr.dat.bd.ren trouvé !
Copie bdyhegr.dat.bd.ren réalisée avec succès !
bdyhegr.dat.bd.ren supprimé !
bdyhegr_nav.dat.bd.ren trouvé !
Copie bdyhegr_nav.dat.bd.ren réalisée avec succès !
bdyhegr_nav.dat.bd.ren supprimé !
bdyhegr_navps.dat.bd.ren trouvé !
Copie bdyhegr_navps.dat.bd.ren réalisée avec succès !
bdyhegr_navps.dat.bd.ren supprimé !
* Dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" *
* Dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 08/01/2009 à 12:51:37,71 ***
Clean Navipromo version 3.7.1 commencé le 08/01/2009 à 12:39:44,95
Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.66GHz )
BIOS : Rev 1.00
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:29 Go (Free:7 Go)
D:\ (Local Disk) - NTFS - Total:47 Go (Free:25 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (USB)
I:\ (Local Disk) - NTFS - Total:74 Go (Free:29 Go)
Mode suppression automatique
avec prise en charge résultats Catchme et GNS
Nettoyage exécuté au redémarrage de l'ordinateur
*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)
*** Suppression avec sauvegardes résultats GenericNaviSearch ***
* Suppression dans "C:\WINDOWS\System32" *
* Suppression dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" *
* Suppression dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" *
*** Suppression dossiers dans "C:\WINDOWS" ***
*** Suppression dossiers dans "C:\Program Files" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***
*** Suppression dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Utilisateur\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Sylvia\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" ***
*** Suppression dossiers dans "C:\Documents and Settings\Utilisateur\menudm~1\progra~1" ***
*** Suppression dossiers dans "C:\DOCUME~1\Sylvia\menudm~1\progra~1" ***
*** Suppression fichiers ***
*** Suppression fichiers temporaires ***
Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Utilisateur\locals~1\Temp effectué !
*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Suppression avec sauvegardes nouveaux fichiers Instant Access :
2)Recherche, création sauvegardes et suppression Heuristique :
* Dans "C:\WINDOWS\system32" *
bdyhegr.exe.bd.ren trouvé !
Copie bdyhegr.exe.bd.ren réalisée avec succès !
bdyhegr.exe.bd.ren supprimé !
bdyhegr.dat trouvé !
Copie bdyhegr.dat réalisée avec succès !
bdyhegr.dat supprimé !
bdyhegr.dat.bd.ren trouvé !
Copie bdyhegr.dat.bd.ren réalisée avec succès !
bdyhegr.dat.bd.ren supprimé !
bdyhegr_nav.dat.bd.ren trouvé !
Copie bdyhegr_nav.dat.bd.ren réalisée avec succès !
bdyhegr_nav.dat.bd.ren supprimé !
bdyhegr_navps.dat.bd.ren trouvé !
Copie bdyhegr_navps.dat.bd.ren réalisée avec succès !
bdyhegr_navps.dat.bd.ren supprimé !
* Dans "C:\Documents and Settings\Utilisateur\locals~1\applic~1" *
* Dans "C:\DOCUME~1\Sylvia\locals~1\applic~1" *
*** Sauvegarde du Registre vers dossier Safebackup ***
sauvegarde du Registre réalisée avec succès !
*** Nettoyage Registre ***
Nettoyage Registre Ok
*** Certificats ***
Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat Montorgueil absent !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !
*** Recherche autres dossiers et fichiers connus ***
*** Nettoyage terminé le 08/01/2009 à 12:51:37,71 ***
Re,
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Logfile of random's system information tool 1.05 (written by random/random)
Run by Utilisateur at 2009-01-08 14:14:55
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 9 GB (29%) free of 30 GB
Total RAM: 511 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:22, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\VAKUUPJ6\RSIT[1].exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\Utilisateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSN Optimized;FR)" -"https://www.mofunzone.com/popups/driversed.shtml"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Run by Utilisateur at 2009-01-08 14:14:55
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 9 GB (29%) free of 30 GB
Total RAM: 511 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:22, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\VAKUUPJ6\RSIT[1].exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\Utilisateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSN Optimized;FR)" -"https://www.mofunzone.com/popups/driversed.shtml"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Utilisateur at 2009-01-08 14:14:55
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 9 GB (29%) free of 30 GB
Total RAM: 511 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:22, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\VAKUUPJ6\RSIT[1].exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\Utilisateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSN Optimized;FR)" -"https://www.mofunzone.com/popups/driversed.shtml"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Run by Utilisateur at 2009-01-08 14:14:55
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 9 GB (29%) free of 30 GB
Total RAM: 511 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:15:22, on 08/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\Lexmark 6200 Series\ezprint.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\lxbucoms.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utilisateur\Local Settings\Temporary Internet Files\Content.IE5\VAKUUPJ6\RSIT[1].exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\Utilisateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.370.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MSN Optimized;FR)" -"https://www.mofunzone.com/popups/driversed.shtml"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NNServ - Unknown owner - C:\Program Files\NewDotNet\nnrun.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Re,
Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...
Fais exactement ce qui suit :
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...
--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).
Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
Double-clique sur C-Fix.exe (= combofix.exe ) .
Appuie sur une touche pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Combofix. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts...
Fais exactement ce qui suit :
Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide :
--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation (si jamais tu en as et que je ne les ai pas vu sur le rapport hijackthis....)
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...
--->Je te conseil d'installer la console de récupération.(Voir le tutoriel).
Tuto ici : TUTO
---------------------------------------------------------------------------------------------------------------------------------
Ensuite :
Double-clique sur C-Fix.exe (= combofix.exe ) .
Appuie sur une touche pour démarrer le scan .
Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer
Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
ComboFix 09-01-07.02 - Utilisateur 2009-01-08 14:35:02.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.219 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Utilisateur\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\INSTALL.LOG
c:\windows\system32\launcher.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NNSERV
-------\Legacy_OREANS32
-------\Service_NNServ
-------\Service_oreans32
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.
2009-01-08 14:14 . 2009-01-08 14:15 <REP> d-------- C:\rsit
2009-01-08 11:42 . 2009-01-08 12:51 <REP> d-------- c:\program files\Navilog1
2009-01-04 16:50 . 2009-01-04 16:50 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\springlobby
2008-12-26 11:05 . 2009-01-08 08:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-26 11:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 11:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 15:56 . 2008-12-24 15:56 <REP> d-------- c:\program files\Common Files
2008-12-24 15:43 . 2008-12-24 15:43 <REP> d-------- c:\program files\NHN USA
2008-12-24 15:43 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe
2008-12-24 15:43 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-12-24 15:43 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll
2008-12-24 13:47 . 2008-12-24 13:47 <REP> d-------- c:\program files\3DGroove
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d--hs---- c:\windows\ftpcache
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\fizzy
2008-12-23 18:05 . 2008-12-23 18:12 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Dreamlords
2008-12-23 18:02 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-23 18:02 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-23 18:02 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-23 18:02 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-23 18:02 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll
2008-12-23 18:02 . 2007-10-22 03:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll
2008-12-23 18:02 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-23 18:02 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-23 18:01 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-23 18:01 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2008-12-23 18:01 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2008-12-23 18:01 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2008-12-23 18:01 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2008-12-23 18:01 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2008-12-23 18:00 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-23 18:00 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-23 18:00 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-23 18:00 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-23 18:00 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-12-23 18:00 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-12-23 17:59 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-23 17:59 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-23 17:49 . 2008-12-23 17:49 <REP> d-------- c:\program files\OpenAL
2008-12-23 17:49 . 2008-12-25 21:09 413,696 --a------ c:\windows\system32\wrap_oal.dll
2008-12-23 17:49 . 2008-12-25 21:09 110,592 --a------ c:\windows\system32\OpenAL32.dll
2008-12-23 14:19 . 2008-12-23 14:19 <REP> d-------- c:\windows\nvidia icons
2008-12-23 14:17 . 2008-05-03 05:46 442,368 --a------ c:\windows\system32\nvudisp.exe
2008-12-23 14:17 . 2008-05-03 05:46 200,405 --a------ c:\windows\system32\nvdspara.chm
2008-12-23 14:17 . 2008-05-03 05:46 181,895 --a------ c:\windows\system32\nvdsp.chm
2008-12-23 14:17 . 2008-05-03 05:46 128,544 --a------ c:\windows\system32\nv3dara.chm
2008-12-23 14:17 . 2008-05-03 05:46 125,735 --a------ c:\windows\system32\nvcplara.chm
2008-12-23 14:17 . 2008-05-03 05:46 121,529 --a------ c:\windows\system32\nvcpl.chm
2008-12-23 14:17 . 2008-05-03 05:46 116,384 --a------ c:\windows\system32\nv3d.chm
2008-12-23 14:17 . 2008-05-03 05:46 57,328 --a------ c:\windows\system32\nvmobara.chm
2008-12-23 14:17 . 2008-05-03 05:46 54,988 --a------ c:\windows\system32\nvmob.chm
2008-12-23 14:15 . 2008-04-30 17:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-23 14:09 . 2008-12-23 14:09 <REP> d-------- c:\program files\SystemRequirementsLab
2008-12-23 11:57 . 2008-12-23 11:57 <REP> d-------- c:\program files\AVS4YOU
2008-12-23 11:56 . 2008-12-23 11:56 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Oberongames
2008-12-22 20:05 . 2009-01-08 14:40 177,348 --a------ c:\windows\system32\nvapps.xml
2008-12-22 20:03 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-12-22 20:01 . 2008-12-22 20:01 <REP> d-------- C:\NVIDIA
2008-12-11 09:35 . 2008-12-11 09:35 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Icone
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 13:27 --------- d-----w c:\program files\Lx_cats
2009-01-08 10:12 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Azureus
2009-01-07 14:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 11:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-12-24 14:43 --------- d--h--w c:\documents and settings\Utilisateur\Application Data\ijjigame
2008-12-24 12:25 31 ----a-w c:\documents and settings\Utilisateur\jagex_runescape_preferences.dat
2008-12-23 11:15 --------- d-----w c:\program files\Java
2008-12-23 10:57 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-23 10:56 --------- d-----w c:\program files\Google
2008-12-01 07:37 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-01 07:37 --------- d-----w c:\program files\Wanadoo
2008-12-01 07:37 --------- d-----w c:\program files\Fichiers communs\Nullsoft
2008-12-01 07:37 --------- d-----w c:\program files\Ahead
2008-12-01 07:37 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-11-24 11:42 --------- d-----w c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2
2008-11-17 18:57 --------- d-----w c:\documents and settings\Utilisateur\Application Data\springsettings
2008-05-09 15:35 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-02-10 13:10 32 -c--a-r c:\documents and settings\All Users\hash.dat
1999-04-06 13:27 99,840 -c--a-w c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 70,144 -c--a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 48,640 -c--a-w c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 31,744 -c--a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 186,368 -c--a-w c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 17,920 -c--a-w c:\program files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 188416]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 61440]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-21 98304]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2004-08-24 13:26 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-02-12 14:27 1232896 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-21 11:59 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra--c--- 2005-04-26 20:22 589824 c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 16:32 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Vstep\\Shipsim\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\5000\\install\\ScrewjumperPC.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"i:\\Multiplayer\\silverback2.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\7000\\install\\Zap.exe"=
"i:\\Program Files\\Spring\\spring.exe"=
"i:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"i:\\Program Files\\Tremulous\\tremulous.exe"=
"i:\\Jeux\\swf\\StarSiege - Tribes\\Tribes.exe"=
"i:\\Program Files\\Glest_3.1.2\\SST2\\SST2.exe"=
"i:\\Program Files\\Spring\\SpringDownloader.exe"=
"i:\\Program Files\\Spring\\TASClient.exe"=
"i:\\Program Files\\Dreamlords\\dreamlords.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"19462:TCP"= 19462:TCP:*:Disabled:SolidNetworkManager
"19462:UDP"= 19462:UDP:*:Disabled:SolidNetworkManager
"57635:TCP"= 57635:TCP:SolidNetworkManager
"57635:UDP"= 57635:UDP:SolidNetworkManager
"49803:TCP"= 49803:TCP:*:Disabled:SolidNetworkManager
"49803:UDP"= 49803:UDP:*:Disabled:SolidNetworkManager
"32496:TCP"= 32496:TCP:*:Disabled:SolidNetworkManager
"32496:UDP"= 32496:UDP:*:Disabled:SolidNetworkManager
"28258:TCP"= 28258:TCP:*:Disabled:SolidNetworkManager
"28258:UDP"= 28258:UDP:*:Disabled:SolidNetworkManager
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-07-22 9344]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [2008-05-14 45568]
R3 SNPP106;PC CAMERA DATA SOURCE(6029)1.0(32-32);c:\windows\system32\drivers\snpp106.sys [2007-07-21 236544]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-07-22 389504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-01-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-HostManager - c:\program files\Fichiers communs\AOL\1186155638\ee\AOLSoftware.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://www.ustart.org
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf
c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\VoxsyncX.dll
O16 -: {3E82BB3F-ABE4-458D-9281-0187286A4E51}
hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
c:\windows\Downloaded Program Files\VoxsyncX.inf
c:\windows\Downloaded Program Files\IDMFlash.dll - O16 -: {4A116A80-85B6-4299-A018-A717FD7AC66A}
hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
c:\windows\Downloaded Program Files\IDMFlash.inf
c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
hxxp://powersoccer.jeu.fr/applet/PowerLoader.cab
c:\windows\Downloaded Program Files\PowerLoader.inf
c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
c:\windows\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\Oberongamesloader.dll - O16 -: {E1342154-4889-42B5-BEF6-19237577048F}
hxxp://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
c:\windows\Downloaded Program Files\Oberongamesloader.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 14:40:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\UAService7.exe
c:\program files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\system32\lxbucoms.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 14:46:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-08 13:45:57
Avant-CF: 8 927 948 800 octets libres
Après-CF: 8,887,664,640 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /kernel=kernel1.exe
302 --- E O F --- 2008-12-23 11:16:04
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.219 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Utilisateur\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
c:\program files\INSTALL.LOG
c:\windows\system32\launcher.exe
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NNSERV
-------\Legacy_OREANS32
-------\Service_NNServ
-------\Service_oreans32
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-08 au 2009-01-08 ))))))))))))))))))))))))))))))))))))
.
2009-01-08 14:14 . 2009-01-08 14:15 <REP> d-------- C:\rsit
2009-01-08 11:42 . 2009-01-08 12:51 <REP> d-------- c:\program files\Navilog1
2009-01-04 16:50 . 2009-01-04 16:50 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\springlobby
2008-12-26 11:05 . 2009-01-08 08:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-26 11:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 11:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 15:56 . 2008-12-24 15:56 <REP> d-------- c:\program files\Common Files
2008-12-24 15:43 . 2008-12-24 15:43 <REP> d-------- c:\program files\NHN USA
2008-12-24 15:43 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe
2008-12-24 15:43 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-12-24 15:43 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll
2008-12-24 13:47 . 2008-12-24 13:47 <REP> d-------- c:\program files\3DGroove
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d--hs---- c:\windows\ftpcache
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\fizzy
2008-12-23 18:05 . 2008-12-23 18:12 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Dreamlords
2008-12-23 18:02 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-23 18:02 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-23 18:02 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-23 18:02 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-23 18:02 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll
2008-12-23 18:02 . 2007-10-22 03:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll
2008-12-23 18:02 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-23 18:02 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-23 18:01 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-23 18:01 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2008-12-23 18:01 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2008-12-23 18:01 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2008-12-23 18:01 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2008-12-23 18:01 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2008-12-23 18:00 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-23 18:00 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-23 18:00 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-23 18:00 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-23 18:00 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-12-23 18:00 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-12-23 17:59 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-23 17:59 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-23 17:49 . 2008-12-23 17:49 <REP> d-------- c:\program files\OpenAL
2008-12-23 17:49 . 2008-12-25 21:09 413,696 --a------ c:\windows\system32\wrap_oal.dll
2008-12-23 17:49 . 2008-12-25 21:09 110,592 --a------ c:\windows\system32\OpenAL32.dll
2008-12-23 14:19 . 2008-12-23 14:19 <REP> d-------- c:\windows\nvidia icons
2008-12-23 14:17 . 2008-05-03 05:46 442,368 --a------ c:\windows\system32\nvudisp.exe
2008-12-23 14:17 . 2008-05-03 05:46 200,405 --a------ c:\windows\system32\nvdspara.chm
2008-12-23 14:17 . 2008-05-03 05:46 181,895 --a------ c:\windows\system32\nvdsp.chm
2008-12-23 14:17 . 2008-05-03 05:46 128,544 --a------ c:\windows\system32\nv3dara.chm
2008-12-23 14:17 . 2008-05-03 05:46 125,735 --a------ c:\windows\system32\nvcplara.chm
2008-12-23 14:17 . 2008-05-03 05:46 121,529 --a------ c:\windows\system32\nvcpl.chm
2008-12-23 14:17 . 2008-05-03 05:46 116,384 --a------ c:\windows\system32\nv3d.chm
2008-12-23 14:17 . 2008-05-03 05:46 57,328 --a------ c:\windows\system32\nvmobara.chm
2008-12-23 14:17 . 2008-05-03 05:46 54,988 --a------ c:\windows\system32\nvmob.chm
2008-12-23 14:15 . 2008-04-30 17:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-23 14:09 . 2008-12-23 14:09 <REP> d-------- c:\program files\SystemRequirementsLab
2008-12-23 11:57 . 2008-12-23 11:57 <REP> d-------- c:\program files\AVS4YOU
2008-12-23 11:56 . 2008-12-23 11:56 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Oberongames
2008-12-22 20:05 . 2009-01-08 14:40 177,348 --a------ c:\windows\system32\nvapps.xml
2008-12-22 20:03 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-12-22 20:01 . 2008-12-22 20:01 <REP> d-------- C:\NVIDIA
2008-12-11 09:35 . 2008-12-11 09:35 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Icone
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 13:27 --------- d-----w c:\program files\Lx_cats
2009-01-08 10:12 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Azureus
2009-01-07 14:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 11:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-12-24 14:43 --------- d--h--w c:\documents and settings\Utilisateur\Application Data\ijjigame
2008-12-24 12:25 31 ----a-w c:\documents and settings\Utilisateur\jagex_runescape_preferences.dat
2008-12-23 11:15 --------- d-----w c:\program files\Java
2008-12-23 10:57 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-23 10:56 --------- d-----w c:\program files\Google
2008-12-01 07:37 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-01 07:37 --------- d-----w c:\program files\Wanadoo
2008-12-01 07:37 --------- d-----w c:\program files\Fichiers communs\Nullsoft
2008-12-01 07:37 --------- d-----w c:\program files\Ahead
2008-12-01 07:37 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-11-24 11:42 --------- d-----w c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2
2008-11-17 18:57 --------- d-----w c:\documents and settings\Utilisateur\Application Data\springsettings
2008-05-09 15:35 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-02-10 13:10 32 -c--a-r c:\documents and settings\All Users\hash.dat
1999-04-06 13:27 99,840 -c--a-w c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 70,144 -c--a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 48,640 -c--a-w c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 31,744 -c--a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 186,368 -c--a-w c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 17,920 -c--a-w c:\program files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 188416]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 61440]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-21 98304]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2004-08-24 13:26 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-02-12 14:27 1232896 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-21 11:59 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra--c--- 2005-04-26 20:22 589824 c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 16:32 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Vstep\\Shipsim\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\5000\\install\\ScrewjumperPC.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"i:\\Multiplayer\\silverback2.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\7000\\install\\Zap.exe"=
"i:\\Program Files\\Spring\\spring.exe"=
"i:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"i:\\Program Files\\Tremulous\\tremulous.exe"=
"i:\\Jeux\\swf\\StarSiege - Tribes\\Tribes.exe"=
"i:\\Program Files\\Glest_3.1.2\\SST2\\SST2.exe"=
"i:\\Program Files\\Spring\\SpringDownloader.exe"=
"i:\\Program Files\\Spring\\TASClient.exe"=
"i:\\Program Files\\Dreamlords\\dreamlords.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"19462:TCP"= 19462:TCP:*:Disabled:SolidNetworkManager
"19462:UDP"= 19462:UDP:*:Disabled:SolidNetworkManager
"57635:TCP"= 57635:TCP:SolidNetworkManager
"57635:UDP"= 57635:UDP:SolidNetworkManager
"49803:TCP"= 49803:TCP:*:Disabled:SolidNetworkManager
"49803:UDP"= 49803:UDP:*:Disabled:SolidNetworkManager
"32496:TCP"= 32496:TCP:*:Disabled:SolidNetworkManager
"32496:UDP"= 32496:UDP:*:Disabled:SolidNetworkManager
"28258:TCP"= 28258:TCP:*:Disabled:SolidNetworkManager
"28258:UDP"= 28258:UDP:*:Disabled:SolidNetworkManager
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-07-22 9344]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [2008-05-14 45568]
R3 SNPP106;PC CAMERA DATA SOURCE(6029)1.0(32-32);c:\windows\system32\drivers\snpp106.sys [2007-07-21 236544]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-07-22 389504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-01-08 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SIMBAR={4EDDF7BF-FD0E-4B59-B43D-7B2A57211C8B}; MSN Optimized;FR; .NET CLR 2.0.50727; .NET
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-HostManager - c:\program files\Fichiers communs\AOL\1186155638\ee\AOLSoftware.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://www.ustart.org
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf
c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\VoxsyncX.dll
O16 -: {3E82BB3F-ABE4-458D-9281-0187286A4E51}
hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
c:\windows\Downloaded Program Files\VoxsyncX.inf
c:\windows\Downloaded Program Files\IDMFlash.dll - O16 -: {4A116A80-85B6-4299-A018-A717FD7AC66A}
hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
c:\windows\Downloaded Program Files\IDMFlash.inf
c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
hxxp://powersoccer.jeu.fr/applet/PowerLoader.cab
c:\windows\Downloaded Program Files\PowerLoader.inf
c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
c:\windows\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\Oberongamesloader.dll - O16 -: {E1342154-4889-42B5-BEF6-19237577048F}
hxxp://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
c:\windows\Downloaded Program Files\Oberongamesloader.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-08 14:40:28
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\rundll32.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\UAService7.exe
c:\program files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
c:\program files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2008\vsserv.exe
c:\windows\system32\lxbucoms.exe
.
**************************************************************************
.
Heure de fin: 2009-01-08 14:46:58 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-08 13:45:57
Avant-CF: 8 927 948 800 octets libres
Après-CF: 8,887,664,640 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect /kernel=kernel1.exe
302 --- E O F --- 2008-12-23 11:16:04
Excuse moi du retard mais je n'ai pas eu le temps avant
Voici le résultat:
ComboFix 09-01-09.03 - Utilisateur 2009-01-10 10:15:15.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.238 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 ))))))))))))))))))))))))))))))))))))
.
2009-01-08 14:14 . 2009-01-08 14:15 <REP> d-------- C:\rsit
2009-01-08 11:42 . 2009-01-08 12:51 <REP> d-------- c:\program files\Navilog1
2009-01-04 16:50 . 2009-01-04 16:50 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\springlobby
2008-12-26 11:05 . 2009-01-08 08:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-26 11:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 11:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 15:56 . 2008-12-24 15:56 <REP> d-------- c:\program files\Common Files
2008-12-24 15:43 . 2008-12-24 15:43 <REP> d-------- c:\program files\NHN USA
2008-12-24 15:43 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe
2008-12-24 15:43 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-12-24 15:43 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll
2008-12-24 13:47 . 2008-12-24 13:47 <REP> d-------- c:\program files\3DGroove
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d--hs---- c:\windows\ftpcache
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\fizzy
2008-12-23 18:05 . 2008-12-23 18:12 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Dreamlords
2008-12-23 18:02 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-23 18:02 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-23 18:02 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-23 18:02 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-23 18:02 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll
2008-12-23 18:02 . 2007-10-22 03:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll
2008-12-23 18:02 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-23 18:02 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-23 18:01 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-23 18:01 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2008-12-23 18:01 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2008-12-23 18:01 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2008-12-23 18:01 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2008-12-23 18:01 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2008-12-23 18:00 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-23 18:00 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-23 18:00 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-23 18:00 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-23 18:00 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-12-23 18:00 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-12-23 17:59 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-23 17:59 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-23 17:49 . 2008-12-23 17:49 <REP> d-------- c:\program files\OpenAL
2008-12-23 17:49 . 2008-12-25 21:09 413,696 --a------ c:\windows\system32\wrap_oal.dll
2008-12-23 17:49 . 2008-12-25 21:09 110,592 --a------ c:\windows\system32\OpenAL32.dll
2008-12-23 14:19 . 2008-12-23 14:19 <REP> d-------- c:\windows\nvidia icons
2008-12-23 14:17 . 2008-05-03 05:46 442,368 --a------ c:\windows\system32\nvudisp.exe
2008-12-23 14:17 . 2008-05-03 05:46 200,405 --a------ c:\windows\system32\nvdspara.chm
2008-12-23 14:17 . 2008-05-03 05:46 181,895 --a------ c:\windows\system32\nvdsp.chm
2008-12-23 14:17 . 2008-05-03 05:46 128,544 --a------ c:\windows\system32\nv3dara.chm
2008-12-23 14:17 . 2008-05-03 05:46 125,735 --a------ c:\windows\system32\nvcplara.chm
2008-12-23 14:17 . 2008-05-03 05:46 121,529 --a------ c:\windows\system32\nvcpl.chm
2008-12-23 14:17 . 2008-05-03 05:46 116,384 --a------ c:\windows\system32\nv3d.chm
2008-12-23 14:17 . 2008-05-03 05:46 57,328 --a------ c:\windows\system32\nvmobara.chm
2008-12-23 14:17 . 2008-05-03 05:46 54,988 --a------ c:\windows\system32\nvmob.chm
2008-12-23 14:15 . 2008-04-30 17:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-23 14:09 . 2008-12-23 14:09 <REP> d-------- c:\program files\SystemRequirementsLab
2008-12-23 11:57 . 2008-12-23 11:57 <REP> d-------- c:\program files\AVS4YOU
2008-12-23 11:56 . 2008-12-23 11:56 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Oberongames
2008-12-22 20:05 . 2009-01-10 09:04 177,348 --a------ c:\windows\system32\nvapps.xml
2008-12-22 20:03 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-12-22 20:01 . 2008-12-22 20:01 <REP> d-------- C:\NVIDIA
2008-12-11 09:35 . 2008-12-11 09:35 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Icone
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 08:06 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-09 13:00 --------- d-----w c:\program files\Lx_cats
2009-01-09 11:57 --------- d-----w c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2
2009-01-08 10:12 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Azureus
2009-01-07 14:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 11:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-12-24 14:43 --------- d--h--w c:\documents and settings\Utilisateur\Application Data\ijjigame
2008-12-24 12:25 31 ----a-w c:\documents and settings\Utilisateur\jagex_runescape_preferences.dat
2008-12-23 11:15 --------- d-----w c:\program files\Java
2008-12-23 10:57 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-23 10:56 --------- d-----w c:\program files\Google
2008-12-01 07:37 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-01 07:37 --------- d-----w c:\program files\Wanadoo
2008-12-01 07:37 --------- d-----w c:\program files\Fichiers communs\Nullsoft
2008-12-01 07:37 --------- d-----w c:\program files\Ahead
2008-12-01 07:37 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-11-17 18:57 --------- d-----w c:\documents and settings\Utilisateur\Application Data\springsettings
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-05-09 15:35 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-02-10 13:10 32 -c--a-r c:\documents and settings\All Users\hash.dat
1999-04-06 13:27 99,840 -c--a-w c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 70,144 -c--a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 48,640 -c--a-w c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 31,744 -c--a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 186,368 -c--a-w c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 17,920 -c--a-w c:\program files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2009-01-08_14.44.26.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-10 08:04:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 188416]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 61440]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-21 98304]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2004-08-24 13:26 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-02-12 14:27 1232896 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-21 11:59 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra--c--- 2005-04-26 20:22 589824 c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 16:32 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Vstep\\Shipsim\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\5000\\install\\ScrewjumperPC.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"i:\\Multiplayer\\silverback2.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\7000\\install\\Zap.exe"=
"i:\\Program Files\\Spring\\spring.exe"=
"i:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"i:\\Program Files\\Tremulous\\tremulous.exe"=
"i:\\Jeux\\swf\\StarSiege - Tribes\\Tribes.exe"=
"i:\\Program Files\\Glest_3.1.2\\SST2\\SST2.exe"=
"i:\\Program Files\\Spring\\SpringDownloader.exe"=
"i:\\Program Files\\Spring\\TASClient.exe"=
"i:\\Program Files\\Dreamlords\\dreamlords.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"19462:TCP"= 19462:TCP:*:Disabled:SolidNetworkManager
"19462:UDP"= 19462:UDP:*:Disabled:SolidNetworkManager
"57635:TCP"= 57635:TCP:SolidNetworkManager
"57635:UDP"= 57635:UDP:SolidNetworkManager
"49803:TCP"= 49803:TCP:*:Disabled:SolidNetworkManager
"49803:UDP"= 49803:UDP:*:Disabled:SolidNetworkManager
"32496:TCP"= 32496:TCP:*:Disabled:SolidNetworkManager
"32496:UDP"= 32496:UDP:*:Disabled:SolidNetworkManager
"28258:TCP"= 28258:TCP:*:Disabled:SolidNetworkManager
"28258:UDP"= 28258:UDP:*:Disabled:SolidNetworkManager
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-07-22 9344]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [2008-05-14 45568]
R3 SNPP106;PC CAMERA DATA SOURCE(6029)1.0(32-32);c:\windows\system32\drivers\snpp106.sys [2007-07-21 236544]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-07-22 389504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://www.ustart.org
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf
c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\VoxsyncX.dll
O16 -: {3E82BB3F-ABE4-458D-9281-0187286A4E51}
hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
c:\windows\Downloaded Program Files\VoxsyncX.inf
c:\windows\Downloaded Program Files\IDMFlash.dll - O16 -: {4A116A80-85B6-4299-A018-A717FD7AC66A}
hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
c:\windows\Downloaded Program Files\IDMFlash.inf
c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
hxxp://powersoccer.jeu.fr/applet/PowerLoader.cab
c:\windows\Downloaded Program Files\PowerLoader.inf
c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
c:\windows\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\Oberongamesloader.dll - O16 -: {E1342154-4889-42B5-BEF6-19237577048F}
hxxp://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
c:\windows\Downloaded Program Files\Oberongamesloader.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 10:20:26
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Heure de fin: 2009-01-10 10:24:03
ComboFix-quarantined-files.txt 2009-01-10 09:23:02
ComboFix2.txt 2009-01-08 13:47:01
Avant-CF: 8 806 809 600 octets libres
Après-CF: 8,808,513,536 octets libres
283 --- E O F --- 2008-12-23 11:16:04
Voici le résultat:
ComboFix 09-01-09.03 - Utilisateur 2009-01-10 10:15:15.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.511.238 [GMT 1:00]
Lancé depuis: c:\documents and settings\Utilisateur\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
* Resident AV is active
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-10 au 2009-01-10 ))))))))))))))))))))))))))))))))))))
.
2009-01-08 14:14 . 2009-01-08 14:15 <REP> d-------- C:\rsit
2009-01-08 11:42 . 2009-01-08 12:51 <REP> d-------- c:\program files\Navilog1
2009-01-04 16:50 . 2009-01-04 16:50 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\springlobby
2008-12-26 11:05 . 2009-01-08 08:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Malwarebytes
2008-12-26 11:05 . 2008-12-26 11:05 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-12-26 11:05 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 11:05 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-24 15:56 . 2008-12-24 15:56 <REP> d-------- c:\program files\Common Files
2008-12-24 15:43 . 2008-12-24 15:43 <REP> d-------- c:\program files\NHN USA
2008-12-24 15:43 . 2008-06-17 19:28 710,064 --a------ c:\windows\system32\ijjiSetup.exe
2008-12-24 15:43 . 2008-04-23 14:02 157,152 --a------ c:\windows\system32\PubPlugin.dll
2008-12-24 15:43 . 2008-06-11 23:01 58,800 --a------ c:\windows\system32\ijjiPlugin2.dll
2008-12-24 13:47 . 2008-12-24 13:47 <REP> d-------- c:\program files\3DGroove
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d--hs---- c:\windows\ftpcache
2008-12-24 12:05 . 2008-12-24 12:05 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\fizzy
2008-12-23 18:05 . 2008-12-23 18:12 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Dreamlords
2008-12-23 18:02 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\system32\D3DX9_37.dll
2008-12-23 18:02 . 2008-03-05 15:56 1,420,824 --a------ c:\windows\system32\D3DCompiler_37.dll
2008-12-23 18:02 . 2008-03-05 16:03 479,752 --a------ c:\windows\system32\XAudio2_0.dll
2008-12-23 18:02 . 2008-02-05 23:07 462,864 --a------ c:\windows\system32\d3dx10_37.dll
2008-12-23 18:02 . 2007-10-02 09:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll
2008-12-23 18:02 . 2007-10-22 03:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll
2008-12-23 18:02 . 2008-03-05 16:03 238,088 --a------ c:\windows\system32\xactengine3_0.dll
2008-12-23 18:02 . 2008-03-05 16:00 25,608 --a------ c:\windows\system32\X3DAudio1_3.dll
2008-12-23 18:01 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\system32\d3dx9_35.dll
2008-12-23 18:01 . 2007-10-12 15:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll
2008-12-23 18:01 . 2007-07-19 18:14 1,358,192 --a------ c:\windows\system32\D3DCompiler_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
2008-12-23 18:01 . 2007-07-19 18:14 444,776 --a------ c:\windows\system32\d3dx10_35.dll
2008-12-23 18:01 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
2008-12-23 18:01 . 2007-07-20 00:57 267,112 --a------ c:\windows\system32\xactengine2_9.dll
2008-12-23 18:01 . 2007-06-20 20:46 266,088 --a------ c:\windows\system32\xactengine2_8.dll
2008-12-23 18:01 . 2007-10-22 03:37 17,928 --a------ c:\windows\system32\X3DAudio1_2.dll
2008-12-23 18:00 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2008-12-23 18:00 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-12-23 18:00 . 2007-03-12 16:42 1,123,696 --a------ c:\windows\system32\D3DCompiler_33.dll
2008-12-23 18:00 . 2007-03-15 16:57 443,752 --a------ c:\windows\system32\d3dx10_33.dll
2008-12-23 18:00 . 2007-04-04 18:55 261,480 --a------ c:\windows\system32\xactengine2_7.dll
2008-12-23 18:00 . 2007-01-24 15:27 255,848 --a------ c:\windows\system32\xactengine2_6.dll
2008-12-23 17:59 . 2006-11-29 13:06 3,426,072 --a------ c:\windows\system32\d3dx9_32.dll
2008-12-23 17:59 . 2006-12-08 12:02 251,672 --a------ c:\windows\system32\xactengine2_5.dll
2008-12-23 17:49 . 2008-12-23 17:49 <REP> d-------- c:\program files\OpenAL
2008-12-23 17:49 . 2008-12-25 21:09 413,696 --a------ c:\windows\system32\wrap_oal.dll
2008-12-23 17:49 . 2008-12-25 21:09 110,592 --a------ c:\windows\system32\OpenAL32.dll
2008-12-23 14:19 . 2008-12-23 14:19 <REP> d-------- c:\windows\nvidia icons
2008-12-23 14:17 . 2008-05-03 05:46 442,368 --a------ c:\windows\system32\nvudisp.exe
2008-12-23 14:17 . 2008-05-03 05:46 200,405 --a------ c:\windows\system32\nvdspara.chm
2008-12-23 14:17 . 2008-05-03 05:46 181,895 --a------ c:\windows\system32\nvdsp.chm
2008-12-23 14:17 . 2008-05-03 05:46 128,544 --a------ c:\windows\system32\nv3dara.chm
2008-12-23 14:17 . 2008-05-03 05:46 125,735 --a------ c:\windows\system32\nvcplara.chm
2008-12-23 14:17 . 2008-05-03 05:46 121,529 --a------ c:\windows\system32\nvcpl.chm
2008-12-23 14:17 . 2008-05-03 05:46 116,384 --a------ c:\windows\system32\nv3d.chm
2008-12-23 14:17 . 2008-05-03 05:46 57,328 --a------ c:\windows\system32\nvmobara.chm
2008-12-23 14:17 . 2008-05-03 05:46 54,988 --a------ c:\windows\system32\nvmob.chm
2008-12-23 14:15 . 2008-04-30 17:27 442,368 --a------ c:\windows\system32\NVUNINST.EXE
2008-12-23 14:09 . 2008-12-23 14:09 <REP> d-------- c:\program files\SystemRequirementsLab
2008-12-23 11:57 . 2008-12-23 11:57 <REP> d-------- c:\program files\AVS4YOU
2008-12-23 11:56 . 2008-12-23 11:56 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Oberongames
2008-12-22 20:05 . 2009-01-10 09:04 177,348 --a------ c:\windows\system32\nvapps.xml
2008-12-22 20:03 . 2008-05-03 05:46 18,070 --a------ c:\windows\system32\nvdisp.nvu
2008-12-22 20:01 . 2008-12-22 20:01 <REP> d-------- C:\NVIDIA
2008-12-11 09:35 . 2008-12-11 09:35 <REP> d-------- c:\documents and settings\Utilisateur\Application Data\Icone
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 08:06 81,984 ----a-w c:\windows\system32\bdod.bin
2009-01-09 13:00 --------- d-----w c:\program files\Lx_cats
2009-01-09 11:57 --------- d-----w c:\documents and settings\Utilisateur\Application Data\OpenOffice.org2
2009-01-08 10:12 --------- d-----w c:\documents and settings\Utilisateur\Application Data\Azureus
2009-01-07 14:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-03 11:37 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-12-24 14:43 --------- d--h--w c:\documents and settings\Utilisateur\Application Data\ijjigame
2008-12-24 12:25 31 ----a-w c:\documents and settings\Utilisateur\jagex_runescape_preferences.dat
2008-12-23 11:15 --------- d-----w c:\program files\Java
2008-12-23 10:57 --------- d-----w c:\program files\Fichiers communs\AVSMedia
2008-12-23 10:56 --------- d-----w c:\program files\Google
2008-12-01 07:37 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-01 07:37 --------- d-----w c:\program files\Wanadoo
2008-12-01 07:37 --------- d-----w c:\program files\Fichiers communs\Nullsoft
2008-12-01 07:37 --------- d-----w c:\program files\Ahead
2008-12-01 07:37 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-11-17 18:57 --------- d-----w c:\documents and settings\Utilisateur\Application Data\springsettings
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-05-09 15:35 278,528 -c--a-w c:\program files\Fichiers communs\FDEUnInstaller.exe
2008-02-10 13:10 32 -c--a-r c:\documents and settings\All Users\hash.dat
1999-04-06 13:27 99,840 -c--a-w c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 03:53 70,144 -c--a-w c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 03:53 48,640 -c--a-w c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 03:53 31,744 -c--a-w c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 03:53 186,368 -c--a-w c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 03:53 17,920 -c--a-w c:\program files\Fichiers communs\IRASRIAL.DLL
.
((((((((((((((((((((((((((((( snapshot@2009-01-08_14.44.26.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-10 08:04:49 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_600.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160]
"MsnMsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 68856]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2004-08-20 65536]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"lxbumon.exe"="c:\program files\Lexmark 6200 Series\lxbumon.exe" [2004-08-20 188416]
"EzPrint"="c:\program files\Lexmark 6200 Series\ezprint.exe" [2004-08-24 61440]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-21 98304]
"SystrayORAHSS"="c:\program files\Orange\Systray\SystrayApp.exe" [2007-09-25 94208]
"ORAHSSSessionManager"="c:\program files\Orange\SessionManager\SessionManager.exe" [2007-09-25 102400]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"nwiz"="nwiz.exe" [2008-05-03 c:\windows\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^AOL 9.0 Icône AOL.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\AOL 9.0 Icône AOL.lnk
backup=c:\windows\pss\AOL 9.0 Icône AOL.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 c:\program files\Adobe\Reader 8.0\Reader\Reader_SL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a--c--- 2004-08-24 13:26 299008 c:\program files\Lexmark Fax Solutions\fm3032.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-02-12 14:27 1232896 c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-05-03 05:46 13529088 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-07-21 11:59 98304 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool]
-ra--c--- 2005-04-26 20:22 589824 c:\program files\VIA\RAID\raid_tool.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-10 16:32 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-03 05:46 1630208 c:\windows\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbucoms.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Vstep\\Shipsim\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\5000\\install\\ScrewjumperPC.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"i:\\Multiplayer\\silverback2.exe"=
"c:\\Documents and Settings\\Utilisateur\\Application Data\\GarageGames\\IAPlayer\\products\\www_instantaction_com\\7000\\install\\Zap.exe"=
"i:\\Program Files\\Spring\\spring.exe"=
"i:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"i:\\Program Files\\Tremulous\\tremulous.exe"=
"i:\\Jeux\\swf\\StarSiege - Tribes\\Tribes.exe"=
"i:\\Program Files\\Glest_3.1.2\\SST2\\SST2.exe"=
"i:\\Program Files\\Spring\\SpringDownloader.exe"=
"i:\\Program Files\\Spring\\TASClient.exe"=
"i:\\Program Files\\Dreamlords\\dreamlords.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"19462:TCP"= 19462:TCP:*:Disabled:SolidNetworkManager
"19462:UDP"= 19462:UDP:*:Disabled:SolidNetworkManager
"57635:TCP"= 57635:TCP:SolidNetworkManager
"57635:UDP"= 57635:UDP:SolidNetworkManager
"49803:TCP"= 49803:TCP:*:Disabled:SolidNetworkManager
"49803:UDP"= 49803:UDP:*:Disabled:SolidNetworkManager
"32496:TCP"= 32496:TCP:*:Disabled:SolidNetworkManager
"32496:UDP"= 32496:UDP:*:Disabled:SolidNetworkManager
"28258:TCP"= 28258:TCP:*:Disabled:SolidNetworkManager
"28258:UDP"= 28258:UDP:*:Disabled:SolidNetworkManager
R0 BsStor;InCD Storage Helper Driver;c:\windows\system32\drivers\bsstor.sys [2007-07-22 9344]
R3 DFE528TX;D-Link DFE-528TX PCI Adapter;c:\windows\system32\drivers\DLKRTL.SYS [2008-05-14 45568]
R3 SNPP106;PC CAMERA DATA SOURCE(6029)1.0(32-32);c:\windows\system32\drivers\snpp106.sys [2007-07-21 236544]
R4 BsUDF;InCD UDF Driver;c:\windows\system32\drivers\bsudf.sys [2007-07-22 389504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Tâches planifiées'
2009-01-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8
mStart Page = hxxp://www.ustart.org
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk
c:\windows\system32\unicows.dll - c:\windows\Downloaded Program Files\telechargement-photoweb.ocx
O16 -: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB}
hxxp://www.photoweb.fr/telechargement/Photoweb_Uploader.cab
c:\windows\Downloaded Program Files\telechargement-photoweb.inf
c:\windows\system32\atl.dll - c:\windows\Downloaded Program Files\VoxsyncX.dll
O16 -: {3E82BB3F-ABE4-458D-9281-0187286A4E51}
hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
c:\windows\Downloaded Program Files\VoxsyncX.inf
c:\windows\Downloaded Program Files\IDMFlash.dll - O16 -: {4A116A80-85B6-4299-A018-A717FD7AC66A}
hxxp://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
c:\windows\Downloaded Program Files\IDMFlash.inf
c:\windows\Downloaded Program Files\PowerLoader.dll - O16 -: {4BFD075D-C36E-4F28-BB0A-5D472795197A}
hxxp://powersoccer.jeu.fr/applet/PowerLoader.cab
c:\windows\Downloaded Program Files\PowerLoader.inf
c:\windows\system32\msvcp60.dll - c:\windows\system32\atl.dll
c:\windows\Downloaded Program Files\AdVerifierADP.dll
c:\windows\Downloaded Program Files\AdSignerADP.dll
O16 -: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF}
hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
c:\windows\Downloaded Program Files\AdSignerADP.inf
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game08.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
c:\windows\Downloaded Program Files\iaplayer.dll - O16 -: {DB7BF79A-FC51-4B5A-92BC-A65731174380}
hxxp://www.instantaction.com/download/iaplayer.cab
c:\windows\Downloaded Program Files\cab.inf
c:\windows\Downloaded Program Files\Oberongamesloader.dll - O16 -: {E1342154-4889-42B5-BEF6-19237577048F}
hxxp://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
c:\windows\Downloaded Program Files\Oberongamesloader.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 10:20:26
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Heure de fin: 2009-01-10 10:24:03
ComboFix-quarantined-files.txt 2009-01-10 09:23:02
ComboFix2.txt 2009-01-08 13:47:01
Avant-CF: 8 806 809 600 octets libres
Après-CF: 8,808,513,536 octets libres
283 --- E O F --- 2008-12-23 11:16:04
Logfile of random's system information tool 1.05 (written by random/random)
Run by Utilisateur at 2009-01-10 10:37:23
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 8 GB (28%) free of 30 GB
Total RAM: 511 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:35, on 10/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\RSIT.exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\Utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Run by Utilisateur at 2009-01-10 10:37:23
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 8 GB (28%) free of 30 GB
Total RAM: 511 MB (27% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:35, on 10/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lexmark 6200 Series\lxbumon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MP4 Player\mp4Player.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\lxbucoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\RSIT.exe
I:\Logiciels Téléchargés\Antivirus et nettoyage\Utilisateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - D:\Mes fichiers reçus\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Solid State Networks IE Browser Plugin - {BD08A9D5-0E5C-4f42-99A3-C0CB5E860557} - C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidax.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - D:\Mes fichiers reçus\TAPBar.dll
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [lxbumon.exe] "C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6200 Series\ezprint.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MP4 Player] "C:\Program Files\MP4 Player\mp4Player.exe" hmw
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Maïckël\Menu Démarrer\Programmes\Jeux\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab
O16 - DPF: {104B0A37-AB99-4F06-8032-8BBDC3B77DDB} (Telechargement Control) - http://www.photoweb.fr/moncompte/Account/LogOn?ReturnUrl=%2ftransfert
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - https://pirates.disney.com/
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - https://www.jeu.fr/?utm_source=spildomains&utm_medium=redirect&utm_campaign=powersoccer.jeu.fr
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v5.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.photostation.fr/?404;http://www.photostation.fr:80/aurigma/ImageUploader4.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.playwhat.com/solidPlugin/solidstateion.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://gamenextfr.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/...
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://ww38.instantaction.com/download/iaplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/insaniquarium/oberongamesloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by111fd.bay111.hotmail.msn.com/activex/HMAtchmt.ocx
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: lxbu_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbucoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
Oui trés bien, je pense que les ptites bêbêtes sont bien supprimées.
Je vous remercie tous de l'aide que vous m'avez apportée.
Je vous remercie tous de l'aide que vous m'avez apportée.
Re,
OUi pour moi c tout bon.
Fait ce qui suis et A++
Télécharge toolscleaner sur ton Bureau :
toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Comment mettre en résolu le topic
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Des informations intéressantes pour toi et ton PC :
Conserve malwarebyte et CCLEANER et fait des scans régukliers avec malwarebyte en mode normal et en mode sans échec.
Nettoie ton PC avec CCLEANER toutes les semaines suit les information donner précèdement.
▶ Comportement à adopter avec son PC :ici
et pourquoi ( exemple ) :ici
▶ Surveillance :
Effectue des scan réguliers de surveillance (une fois tous les 15 jours, par exemple) avec ton antivirus puis avec ton anti-spyware (après les avoir mis à jour bien sur !) et supprime ce qu'ils peuvent trouver (où mets en quarantaine, en pensant à la vider ultérieurement).
▶ Pourquoi ? Pour éviter de se retrouver dans ce genre de situation ( peu commune mais ...) :
->ici
=============================================================
=> Il faut mettre a jour la console Java régulièrement aussi :
Pourquoi
Donc pour se faire, rends toi ici et télécharge la dernière version (si ta version actuelle n'est pas à jour) ou ici
Après avoir installé la dernière version, désinstalle les anciennes versions (de Java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions.
via Démarrer / Paramètres / Panneau de config / et dans Ajout/Suppression de programmes navigue jusqu'aux anciennes versions de la console Java qui s'y trouvent, puis clique sur « Supprimer », suis les invites de commandes dans la boite de dialogue qui va s'ouvrir afin d'amener la désinstallation à son terme.
Fais cela pour chacune d'elles, une à une, fais redémarrer ton PC quand cela te sera demandé .
Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.
=============================================================
▶ Afin d’éviter les autres failles de sécurité des différents programmes présents sur ton PC :
Vérifie tes mises à jours des différents softs régulièrement ici et mets à jour ce qui ne l’est pas. ici
Tutoriel
-Autre possibilité, t'abonner gratuitement a "la lettre hebdomadaire de secuser.com" ici a gauche en bas de page.
===========================================================
▶ teste l'efficacité de ton pare-feu ici ( à titre indicatif ):
ici
▶ tests firewall: ici
▶ Un complément au pare-feu pour fermer les ports risqués (dangereux, s’ils restent ouverts) :
ZebProtect (application ne nécessitant pas d’installation à lancer et paramétrer une unique fois) ici
Tutoriel
================================================================
▶ Pour une meilleur sécurité lorsque tu surfes , je te conseille d'utiliser FireFox :
télécharge le ici -> firefox firefox
( Attention : toujours garder IE sur son PC ! Il est indispensable pour les mises à jour de ton système ainsi que pour pas mal de choses, comme les scan d'antivirus en ligne, ect... )
Tutorial pour sécuriser Firefox
=================================================================
Rappel sur les principales causes d'infection :
▶ L'utilisation de cracks ou keygens est à proscrire, de même que le surf sur les sites de téléchargement de ceux-ci :
Les dangers des cracks
▶ Le crack dans toute sa splendeur, journal d'une infection attendue :
ici
▶ Autres exemples en image , où comment s'infiltre une infection par un pseudo crack :
ici
▶ Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent):
Les conséquences du P2P
▶ Pourquoi éviter le P2P :
> ici
> et ici
> et la
▶ Faire attention avec les ActiveX :
ici
et comment :
là
▶ Prévention sur deux autres types d'infection d'actualité :
▶ MSN prévention :
ici
-> autre danger grandissant , le " phishing " (= hameçonnage ) :
ici
▶ Infection par supports amovibles (clefs usb, flash, DD externes ..) :
ici
ici
=================================================================
▶ Prévention & Sécurité sur internet
projet anti-malware
OUi pour moi c tout bon.
Fait ce qui suis et A++
Télécharge toolscleaner sur ton Bureau :
toolscleaner
* Double-clique sur ToolsCleaner2.exe et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.
* Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Désactive et réactive la Restauration du système :
1 Dans la barre des tâches de Windows, clique sur Démarrer.
2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.
3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"
4 Clique sur Appliquer.
5 Ensuite décoche "Désactiver la restauration du systeme"
6 clique sur appliquer puis ok
7 vas créer un point de restauration dans accessoires----outils systeme----restauration du systeme.
Comment mettre en résolu le topic
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Des informations intéressantes pour toi et ton PC :
Conserve malwarebyte et CCLEANER et fait des scans régukliers avec malwarebyte en mode normal et en mode sans échec.
Nettoie ton PC avec CCLEANER toutes les semaines suit les information donner précèdement.
▶ Comportement à adopter avec son PC :ici
et pourquoi ( exemple ) :ici
▶ Surveillance :
Effectue des scan réguliers de surveillance (une fois tous les 15 jours, par exemple) avec ton antivirus puis avec ton anti-spyware (après les avoir mis à jour bien sur !) et supprime ce qu'ils peuvent trouver (où mets en quarantaine, en pensant à la vider ultérieurement).
▶ Pourquoi ? Pour éviter de se retrouver dans ce genre de situation ( peu commune mais ...) :
->ici
=============================================================
=> Il faut mettre a jour la console Java régulièrement aussi :
Pourquoi
Donc pour se faire, rends toi ici et télécharge la dernière version (si ta version actuelle n'est pas à jour) ou ici
Après avoir installé la dernière version, désinstalle les anciennes versions (de Java) afin d’éliminer les failles de sécurité présentes dans ces anciennes versions.
via Démarrer / Paramètres / Panneau de config / et dans Ajout/Suppression de programmes navigue jusqu'aux anciennes versions de la console Java qui s'y trouvent, puis clique sur « Supprimer », suis les invites de commandes dans la boite de dialogue qui va s'ouvrir afin d'amener la désinstallation à son terme.
Fais cela pour chacune d'elles, une à une, fais redémarrer ton PC quand cela te sera demandé .
Retourne ensuite chez Java ci-dessus et clique sur le bouton "Vérifier l'installation" pour t'assurer que tout est en ordre.
=============================================================
▶ Afin d’éviter les autres failles de sécurité des différents programmes présents sur ton PC :
Vérifie tes mises à jours des différents softs régulièrement ici et mets à jour ce qui ne l’est pas. ici
Tutoriel
-Autre possibilité, t'abonner gratuitement a "la lettre hebdomadaire de secuser.com" ici a gauche en bas de page.
===========================================================
▶ teste l'efficacité de ton pare-feu ici ( à titre indicatif ):
ici
▶ tests firewall: ici
▶ Un complément au pare-feu pour fermer les ports risqués (dangereux, s’ils restent ouverts) :
ZebProtect (application ne nécessitant pas d’installation à lancer et paramétrer une unique fois) ici
Tutoriel
================================================================
▶ Pour une meilleur sécurité lorsque tu surfes , je te conseille d'utiliser FireFox :
télécharge le ici -> firefox firefox
( Attention : toujours garder IE sur son PC ! Il est indispensable pour les mises à jour de ton système ainsi que pour pas mal de choses, comme les scan d'antivirus en ligne, ect... )
Tutorial pour sécuriser Firefox
=================================================================
Rappel sur les principales causes d'infection :
▶ L'utilisation de cracks ou keygens est à proscrire, de même que le surf sur les sites de téléchargement de ceux-ci :
Les dangers des cracks
▶ Le crack dans toute sa splendeur, journal d'une infection attendue :
ici
▶ Autres exemples en image , où comment s'infiltre une infection par un pseudo crack :
ici
▶ Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent):
Les conséquences du P2P
▶ Pourquoi éviter le P2P :
> ici
> et ici
> et la
▶ Faire attention avec les ActiveX :
ici
et comment :
là
▶ Prévention sur deux autres types d'infection d'actualité :
▶ MSN prévention :
ici
-> autre danger grandissant , le " phishing " (= hameçonnage ) :
ici
▶ Infection par supports amovibles (clefs usb, flash, DD externes ..) :
ici
ici
=================================================================
▶ Prévention & Sécurité sur internet
projet anti-malware
