Aide hijackthis svp !!

Résolu
brigitte8787 Messages postés 30 Statut Membre -  
brigitte8787 Messages postés 30 Statut Membre -
Bonjour à tous,

Je débute sur ce forum et je suis peu au fait des problèmes de PC.
Je trouve mon pc lent ces derniers temps.
Donc il a été lancé un ccleaner, une réparation des erreurs de registre, un nettoyage en profondeur des fichiers temp, etc.

J'ai lancé un rapport hijackthis que je vous soumets.
Pouvez vous me dire ce que vous en pensez svp.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:58, on 24/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\CORTE\Bureau\mes images\bin\iPodService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Securitoo\av_fw\FSGUI\fsavgui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CORTE\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\CORTE\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.shopnav.com/sidesearch.cgi?uid=10436237&id=5.20013
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.bns3.net
O1 - Hosts: 62.75.224.159 www.bns4.net
O1 - Hosts: 62.75.224.159 www.bns5.net
O1 - Hosts: 62.75.224.159 www.bns6.net
O1 - Hosts: 62.75.224.159 www.bns7.net
O1 - Hosts: 62.75.224.159 www.bns8.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 www.cms3.net
O1 - Hosts: 62.75.224.159 www.cms4.net
O1 - Hosts: 62.75.224.159 www.cms5.net
O1 - Hosts: 62.75.224.159 www.cms6.net
O1 - Hosts: 62.75.224.159 www.cms7.net
O1 - Hosts: 62.75.224.159 www.cms8.net
O1 - Hosts: 62.75.224.159 www.rg1.com
O1 - Hosts: 62.75.224.159 www.rg2.com
O1 - Hosts: 62.75.224.159 www.rg3.com
O1 - Hosts: 62.75.224.159 www.rg4.com
O1 - Hosts: 62.75.224.159 www.rg5.com
O1 - Hosts: 62.75.224.159 www.rg6.com
O1 - Hosts: 62.75.224.159 www.rg7.com
O1 - Hosts: 62.75.224.159 www.rg8.com
O1 - Hosts: 62.75.224.159 www.cjt1.net
O1 - Hosts: 62.75.224.159 www.rgs1.net
O1 - Hosts: 62.75.224.159 www.rgs2.net
O1 - Hosts: 62.75.224.159 www.bns1.net
O1 - Hosts: 62.75.224.159 www.bns2.net
O1 - Hosts: 62.75.224.159 www.cms1.net
O1 - Hosts: 62.75.224.159 www.cms2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 bns3.net
O1 - Hosts: 62.75.224.159 bns4.net
O1 - Hosts: 62.75.224.159 bns5.net
O1 - Hosts: 62.75.224.159 bns6.net
O1 - Hosts: 62.75.224.159 bns7.net
O1 - Hosts: 62.75.224.159 bns8.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 cms3.net
O1 - Hosts: 62.75.224.159 cms4.net
O1 - Hosts: 62.75.224.159 cms5.net
O1 - Hosts: 62.75.224.159 cms6.net
O1 - Hosts: 62.75.224.159 cms7.net
O1 - Hosts: 62.75.224.159 cms8.net
O1 - Hosts: 62.75.224.159 rg1.com
O1 - Hosts: 62.75.224.159 rg2.com
O1 - Hosts: 62.75.224.159 rg3.com
O1 - Hosts: 62.75.224.159 rg4.com
O1 - Hosts: 62.75.224.159 rg5.com
O1 - Hosts: 62.75.224.159 rg6.com
O1 - Hosts: 62.75.224.159 rg7.com
O1 - Hosts: 62.75.224.159 rg8.com
O1 - Hosts: 62.75.224.159 cjt1.net
O1 - Hosts: 62.75.224.159 rgs1.net
O1 - Hosts: 62.75.224.159 rgs2.net
O1 - Hosts: 62.75.224.159 bns1.net
O1 - Hosts: 62.75.224.159 bns2.net
O1 - Hosts: 62.75.224.159 cms1.net
O1 - Hosts: 62.75.224.159 cms2.net
O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
O1 - Hosts: 62.75.224.159 javatar.cjt1.net
O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
O1 - Hosts: 62.75.224.159 jhot.cjt1.net
O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
O1 - Hosts: 62.75.224.159 jicq.cjt1.net
O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
O1 - Hosts: 62.75.224.159 www.m7z.net
O1 - Hosts: 62.75.224.159 m7z.net
O1 - Hosts: 62.75.224.159 jnova.cjt1.net
O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
O1 - Hosts: 62.75.224.159 j.2004CMS.com
O1 - Hosts: 62.75.224.159 2004CMS.com
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {91992B8B-6A50-4128-9A98-F43E843D7426} - C:\WINDOWS\System32\lgih.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1605616401-1754454779-3683679437-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS15995XXXUS
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueTitia.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_fr/WinFixer2005ScannerInstallFRA.cab
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O18 - Filter: text/plain - {DC79FCA0-B706-45B3-902C-DD9C6865847B} - C:\WINDOWS\System32\lgih.dll
O21 - SSODL: IEFilter - {76F6F2E8-EE87-4BB1-8AA5-BD04B0489A40} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\CORTE\Bureau\mes images\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 15995 bytes

Merci de votre aide et bonnes fêtes à tous.
Configuration: Windows XP
Internet Explorer 7.0

29 réponses

  • 1
  • 2
Résumé de la discussion

L'analyse d'un rapport de sécurité sur une machine Windows XP montre une lenteur et vise à identifier les éléments susceptibles de ralentir le système et de modifier le navigateur.
Plusieurs éléments repérés dans le rapport concernent des logiciels indésirables et des outils de sécurité concurrents, notamment des modules Securitoo, des barres Google et des programmes publicitaires.
Le document signale des entrées de démarrage et des services (Run keys, O2/O1, O23) qui multiplient les processus et pourraient expliquer la lenteur, avec des références à NetDotNet et des composants publicitaires.
En outre, plusieurs échanges soulignent une approche pratique incluant OTMoveIt3 et des outils de suppression, ce qui montre une tentative d'accompagnement opérationnel malgré les incertitudes du diagnostic et des interprétations contextuelles.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) sur ton Bureau.
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée.

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix.
    0
  2. V-X
     
    Salut à vous deux,

    Pour suivre.

    Bon nouel.
    0
  3. brigitte8787 Messages postés 30 Statut Membre
     
    Bonjour Destrio5 et merci pour ta réponse si rapide hier,

    alors, j'ai fait le chargement et comme j'ai mal lu le message, en fait mon fils, il n'a lu que la fin de ton message donc il a lancé 2 !

    J'ai refermé lancé le 1 et je te poste le rapport comme demandé :

    SmitFraudFix v2.387

    Rapport fait à 10:55:13,73, 25/12/2008
    Executé à partir de C:\Documents and Settings\CORTE\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\CORTE\Bureau\mes images\bin\iPodService.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CORTE

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CORTE\LOCALS~1\Temp

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CORTE\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CORTE\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    »»»»»»»»»»»»»»»»»»»»»»»» o4Patch
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    o4Patch
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    Agent.OMZ.Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{93C3B2BF-4085-4314-BBD2-AF2151CC192F}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{93C3B2BF-4085-4314-BBD2-AF2151CC192F}: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Merci
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    - Double-clique sur RSIT.exe afin de lancer le programme.

    - Clique sur Continue à l'écran Disclaimer.

    - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. brigitte8787 Messages postés 30 Statut Membre
     
    rebonjour, destrio5
    j'ai fait comme demandé, je te soumets les fichiers

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CORTE at 2008-12-25 18:31:06
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 42 GB (54%) free of 78 GB
    Total RAM: 255 MB (21% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:31:35, on 25/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\CORTE\Bureau\RSIT.exe
    C:\Documents and Settings\CORTE\Bureau\CORTE.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O1 - Hosts: 62.75.224.159 www.bns1.net
    O1 - Hosts: 62.75.224.159 www.bns2.net
    O1 - Hosts: 62.75.224.159 www.bns3.net
    O1 - Hosts: 62.75.224.159 www.bns4.net
    O1 - Hosts: 62.75.224.159 www.bns5.net
    O1 - Hosts: 62.75.224.159 www.bns6.net
    O1 - Hosts: 62.75.224.159 www.bns7.net
    O1 - Hosts: 62.75.224.159 www.bns8.net
    O1 - Hosts: 62.75.224.159 www.cms1.net
    O1 - Hosts: 62.75.224.159 www.cms2.net
    O1 - Hosts: 62.75.224.159 www.cms3.net
    O1 - Hosts: 62.75.224.159 www.cms4.net
    O1 - Hosts: 62.75.224.159 www.cms5.net
    O1 - Hosts: 62.75.224.159 www.cms6.net
    O1 - Hosts: 62.75.224.159 www.cms7.net
    O1 - Hosts: 62.75.224.159 www.cms8.net
    O1 - Hosts: 62.75.224.159 www.rg1.com
    O1 - Hosts: 62.75.224.159 www.rg2.com
    O1 - Hosts: 62.75.224.159 www.rg3.com
    O1 - Hosts: 62.75.224.159 www.rg4.com
    O1 - Hosts: 62.75.224.159 www.rg5.com
    O1 - Hosts: 62.75.224.159 www.rg6.com
    O1 - Hosts: 62.75.224.159 www.rg7.com
    O1 - Hosts: 62.75.224.159 www.rg8.com
    O1 - Hosts: 62.75.224.159 www.cjt1.net
    O1 - Hosts: 62.75.224.159 www.rgs1.net
    O1 - Hosts: 62.75.224.159 www.rgs2.net
    O1 - Hosts: 62.75.224.159 www.bns1.net
    O1 - Hosts: 62.75.224.159 www.bns2.net
    O1 - Hosts: 62.75.224.159 www.cms1.net
    O1 - Hosts: 62.75.224.159 www.cms2.net
    O1 - Hosts: 62.75.224.159 bns1.net
    O1 - Hosts: 62.75.224.159 bns2.net
    O1 - Hosts: 62.75.224.159 bns3.net
    O1 - Hosts: 62.75.224.159 bns4.net
    O1 - Hosts: 62.75.224.159 bns5.net
    O1 - Hosts: 62.75.224.159 bns6.net
    O1 - Hosts: 62.75.224.159 bns7.net
    O1 - Hosts: 62.75.224.159 bns8.net
    O1 - Hosts: 62.75.224.159 cms1.net
    O1 - Hosts: 62.75.224.159 cms2.net
    O1 - Hosts: 62.75.224.159 cms3.net
    O1 - Hosts: 62.75.224.159 cms4.net
    O1 - Hosts: 62.75.224.159 cms5.net
    O1 - Hosts: 62.75.224.159 cms6.net
    O1 - Hosts: 62.75.224.159 cms7.net
    O1 - Hosts: 62.75.224.159 cms8.net
    O1 - Hosts: 62.75.224.159 rg1.com
    O1 - Hosts: 62.75.224.159 rg2.com
    O1 - Hosts: 62.75.224.159 rg3.com
    O1 - Hosts: 62.75.224.159 rg4.com
    O1 - Hosts: 62.75.224.159 rg5.com
    O1 - Hosts: 62.75.224.159 rg6.com
    O1 - Hosts: 62.75.224.159 rg7.com
    O1 - Hosts: 62.75.224.159 rg8.com
    O1 - Hosts: 62.75.224.159 cjt1.net
    O1 - Hosts: 62.75.224.159 rgs1.net
    O1 - Hosts: 62.75.224.159 rgs2.net
    O1 - Hosts: 62.75.224.159 bns1.net
    O1 - Hosts: 62.75.224.159 bns2.net
    O1 - Hosts: 62.75.224.159 cms1.net
    O1 - Hosts: 62.75.224.159 cms2.net
    O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
    O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
    O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
    O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
    O1 - Hosts: 62.75.224.159 javatar.cjt1.net
    O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
    O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
    O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
    O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
    O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
    O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
    O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
    O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
    O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
    O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
    O1 - Hosts: 62.75.224.159 jhot.cjt1.net
    O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
    O1 - Hosts: 62.75.224.159 jicq.cjt1.net
    O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
    O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
    O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
    O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
    O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
    O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
    O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
    O1 - Hosts: 62.75.224.159 jnova.cjt1.net
    O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
    O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
    O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
    O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
    O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
    O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
    O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
    O1 - Hosts: 62.75.224.159 www.m7z.net
    O1 - Hosts: 62.75.224.159 m7z.net
    O1 - Hosts: 62.75.224.159 jnova.cjt1.net
    O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
    O1 - Hosts: 62.75.224.159 j.2004CMS.com
    O1 - Hosts: 62.75.224.159 2004CMS.com
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {91992B8B-6A50-4128-9A98-F43E843D7426} - (no file)
    O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS13721XXXUS
    O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
    O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
    O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueTitia.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_fr/WinFixer2005ScannerInstallFRA.cab
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O18 - Filter: text/plain - {DC79FCA0-B706-45B3-902C-DD9C6865847B} - (no file)
    O21 - SSODL: IEFilter - {76F6F2E8-EE87-4BB1-8AA5-BD04B0489A40} - (no file)
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\CORTE\Bureau\mes images\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    XP + 256Mo de RAM + Securitoo

    Il doit être lent le PC.

    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      rebonjour et merci pour la rapidité de tes réponses !!!!!!
      voici le rapport demandé :

      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1544
      Windows 5.1.2600 Service Pack 3

      25/12/2008 19:30:44
      mbam-log-2008-12-25 (19-29-58).txt

      Type de recherche: Examen rapide
      Eléments examinés: 54030
      Temps écoulé: 9 minute(s), 7 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 14
      Fichier(s) infecté(s): 39

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\new.net (Adware.NewDotNet) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis (Dialer) -> No action taken.
      C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.

      Fichier(s) infecté(s):
      C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll (Trojan.KeenValue) -> No action taken.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.bak (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil\14.04168 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\16.02423 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.ico (Dialer) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00030DAD (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000367F2 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0003A190 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0004DE95 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000BBE39 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\001518A2.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151C4C.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151ECC.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> No action taken.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken.
      C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken.
      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1544
      Windows 5.1.2600 Service Pack 3

      25/12/2008 19:30:44
      mbam-log-2008-12-25 (19-29-58).txt

      Type de recherche: Examen rapide
      Eléments examinés: 54030
      Temps écoulé: 9 minute(s), 7 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 14
      Fichier(s) infecté(s): 39

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\new.net (Adware.NewDotNet) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis (Dialer) -> No action taken.
      C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.

      Fichier(s) infecté(s):
      C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll (Trojan.KeenValue) -> No action taken.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.bak (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil\14.04168 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\16.02423 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.ico (Dialer) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00030DAD (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000367F2 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0003A190 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0004DE95 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000BBE39 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\001518A2.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151C4C.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151ECC.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> No action taken.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken.
      C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken.
      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1544
      Windows 5.1.2600 Service Pack 3

      25/12/2008 19:30:44
      mbam-log-2008-12-25 (19-29-58).txt

      Type de recherche: Examen rapide
      Eléments examinés: 54030
      Temps écoulé: 9 minute(s), 7 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 14
      Fichier(s) infecté(s): 39

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\new.net (Adware.NewDotNet) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis (Dialer) -> No action taken.
      C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.

      Fichier(s) infecté(s):
      C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll (Trojan.KeenValue) -> No action taken.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.bak (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil\14.04168 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\16.02423 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.ico (Dialer) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00030DAD (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000367F2 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0003A190 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0004DE95 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000BBE39 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\001518A2.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151C4C.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151ECC.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> No action taken.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken.
      C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken.
      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1544
      Windows 5.1.2600 Service Pack 3

      25/12/2008 19:30:44
      mbam-log-2008-12-25 (19-29-58).txt

      Type de recherche: Examen rapide
      Eléments examinés: 54030
      Temps écoulé: 9 minute(s), 7 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 14
      Fichier(s) infecté(s): 39

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\new.net (Adware.NewDotNet) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis (Dialer) -> No action taken.
      C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.

      Fichier(s) infecté(s):
      C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll (Trojan.KeenValue) -> No action taken.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.bak (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil\14.04168 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\16.02423 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.ico (Dialer) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00030DAD (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000367F2 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0003A190 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0004DE95 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000BBE39 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\001518A2.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151C4C.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151ECC.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> No action taken.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken.
      C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken.
      Malwarebytes' Anti-Malware 1.31
      Version de la base de données: 1544
      Windows 5.1.2600 Service Pack 3

      25/12/2008 19:30:44
      mbam-log-2008-12-25 (19-29-58).txt

      Type de recherche: Examen rapide
      Eléments examinés: 54030
      Temps écoulé: 9 minute(s), 7 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 14
      Fichier(s) infecté(s): 39

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> No action taken.
      HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> No action taken.
      HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\new.net (Adware.NewDotNet) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> No action taken.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> No action taken.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis (Dialer) -> No action taken.
      C:\Program Files\MyWay (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet (Adware.NewDotNet) -> No action taken.

      Fichier(s) infecté(s):
      C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll (Trojan.KeenValue) -> No action taken.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.bak (Adware.MyWebSearch) -> No action taken.
      C:\Program Files\Montorgueil\14.04168 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\16.02423 (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.ico (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.exe (Dialer) -> No action taken.
      C:\Program Files\Montorgueil\NueParis\NueParis.ico (Dialer) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00030DAD (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000367F2 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0003A190 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\0004DE95 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\000BBE39 (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\001518A2.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151C4C.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\00151ECC.bin (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> No action taken.
      C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> No action taken.
      C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> No action taken.
      C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> No action taken.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> No action taken.
      C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> No action taken.
      C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> No action taken.


      merci.
      0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Tu as cliqué sur Supprimer la sélection ?
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      oui, je te reposte le rapportMalwarebytes' Anti-Malware 1.31
      Version de la base de données: 1544
      Windows 5.1.2600 Service Pack 3

      25/12/2008 20:30:25
      mbam-log-2008-12-25 (20-30-25).txt

      Type de recherche: Examen rapide
      Eléments examinés: 54030
      Temps écoulé: 9 minute(s), 7 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 12
      Valeur(s) du Registre infectée(s): 4
      Elément(s) de données du Registre infecté(s): 1
      Dossier(s) infecté(s): 14
      Fichier(s) infecté(s): 39

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\new.net (Adware.NewDotNet) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\FanDouchka (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\FanMariah (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\NueParis (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\History (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Settings (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\NewDotNet (Adware.NewDotNet) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Program Files\PerfectNav\BHO\PerfectNav150c.dll (Trojan.KeenValue) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.bak (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\14.04168 (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\16.02423 (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.exe (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\FanDouchka\FanDouchka.ico (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.exe (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\FanMariah\FanMariah.ico (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\NueParis\NueParis.exe (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\Montorgueil\NueParis\NueParis.ico (Dialer) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\00030DAD (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\000367F2 (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\0003A190 (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\0004DE95 (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\000BBE39 (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\001518A2.bin (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\00151C4C.bin (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\00151ECC.bin (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Cache\files.ini (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\History\search (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\MyWay\myBar\Settings\prevcfg.htm (Adware.MyWay) -> Quarantined and deleted successfully.
      C:\Program Files\NewDotNet\nncore.dll (Adware.NewDotNet) -> Quarantined and deleted successfully.
      C:\Program Files\NewDotNet\readme.html (Adware.NewDotNet) -> Quarantined and deleted successfully.
      C:\Program Files\NewDotNet\uninstall.exe (Adware.NewDotNet) -> Quarantined and deleted successfully.
      C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    1/

    ---> Relance MBAM, va dans Quarantaine et supprime tout.

    ---> Télécharge ToolsCleaner2 sur ton Bureau.
    * Double-clique sur ToolsCleaner2.exe pour le lancer.
    * Clique sur Recherche et laisse le scan agir.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options Facultatives.
    * Clique sur Quitter pour obtenir le rapport.
    * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2/

    - Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

    - Double-clique sur RSIT.exe afin de lancer le programme.

    - Clique sur Continue à l'écran Disclaimer.

    - Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    - Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

    Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      salut, voici les rapports demandés :

      ps: j'ai une alerte au démarrage spyware begone

      Logfile of random's system information tool 1.05 (written by random/random)
      Run by CORTE at 2008-12-25 21:53:09
      Microsoft Windows XP Édition familiale Service Pack 3
      System drive C: has 42 GB (54%) free of 78 GB
      Total RAM: 255 MB (17% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:54:00, on 25/12/2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16762)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
      C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
      C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
      C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
      C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
      C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
      C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
      C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
      C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
      C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
      C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
      C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
      C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
      C:\Program Files\OrangeHSS\Launcher\Launcher.exe
      C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
      C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
      C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\TomTom HOME 2\HOMERunner.exe
      C:\Program Files\OrangeHSS\systray\systrayapp.exe
      C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
      C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
      C:\Documents and Settings\CORTE\Bureau\ToolsCleaner2.exe
      C:\Documents and Settings\CORTE\Bureau\RSIT.exe
      C:\Documents and Settings\CORTE\Bureau\CORTE.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
      O1 - Hosts: 62.75.224.159 www.bns1.net
      O1 - Hosts: 62.75.224.159 www.bns2.net
      O1 - Hosts: 62.75.224.159 www.bns3.net
      O1 - Hosts: 62.75.224.159 www.bns4.net
      O1 - Hosts: 62.75.224.159 www.bns5.net
      O1 - Hosts: 62.75.224.159 www.bns6.net
      O1 - Hosts: 62.75.224.159 www.bns7.net
      O1 - Hosts: 62.75.224.159 www.bns8.net
      O1 - Hosts: 62.75.224.159 www.cms1.net
      O1 - Hosts: 62.75.224.159 www.cms2.net
      O1 - Hosts: 62.75.224.159 www.cms3.net
      O1 - Hosts: 62.75.224.159 www.cms4.net
      O1 - Hosts: 62.75.224.159 www.cms5.net
      O1 - Hosts: 62.75.224.159 www.cms6.net
      O1 - Hosts: 62.75.224.159 www.cms7.net
      O1 - Hosts: 62.75.224.159 www.cms8.net
      O1 - Hosts: 62.75.224.159 www.rg1.com
      O1 - Hosts: 62.75.224.159 www.rg2.com
      O1 - Hosts: 62.75.224.159 www.rg3.com
      O1 - Hosts: 62.75.224.159 www.rg4.com
      O1 - Hosts: 62.75.224.159 www.rg5.com
      O1 - Hosts: 62.75.224.159 www.rg6.com
      O1 - Hosts: 62.75.224.159 www.rg7.com
      O1 - Hosts: 62.75.224.159 www.rg8.com
      O1 - Hosts: 62.75.224.159 www.cjt1.net
      O1 - Hosts: 62.75.224.159 www.rgs1.net
      O1 - Hosts: 62.75.224.159 www.rgs2.net
      O1 - Hosts: 62.75.224.159 www.bns1.net
      O1 - Hosts: 62.75.224.159 www.bns2.net
      O1 - Hosts: 62.75.224.159 www.cms1.net
      O1 - Hosts: 62.75.224.159 www.cms2.net
      O1 - Hosts: 62.75.224.159 bns1.net
      O1 - Hosts: 62.75.224.159 bns2.net
      O1 - Hosts: 62.75.224.159 bns3.net
      O1 - Hosts: 62.75.224.159 bns4.net
      O1 - Hosts: 62.75.224.159 bns5.net
      O1 - Hosts: 62.75.224.159 bns6.net
      O1 - Hosts: 62.75.224.159 bns7.net
      O1 - Hosts: 62.75.224.159 bns8.net
      O1 - Hosts: 62.75.224.159 cms1.net
      O1 - Hosts: 62.75.224.159 cms2.net
      O1 - Hosts: 62.75.224.159 cms3.net
      O1 - Hosts: 62.75.224.159 cms4.net
      O1 - Hosts: 62.75.224.159 cms5.net
      O1 - Hosts: 62.75.224.159 cms6.net
      O1 - Hosts: 62.75.224.159 cms7.net
      O1 - Hosts: 62.75.224.159 cms8.net
      O1 - Hosts: 62.75.224.159 rg1.com
      O1 - Hosts: 62.75.224.159 rg2.com
      O1 - Hosts: 62.75.224.159 rg3.com
      O1 - Hosts: 62.75.224.159 rg4.com
      O1 - Hosts: 62.75.224.159 rg5.com
      O1 - Hosts: 62.75.224.159 rg6.com
      O1 - Hosts: 62.75.224.159 rg7.com
      O1 - Hosts: 62.75.224.159 rg8.com
      O1 - Hosts: 62.75.224.159 cjt1.net
      O1 - Hosts: 62.75.224.159 rgs1.net
      O1 - Hosts: 62.75.224.159 rgs2.net
      O1 - Hosts: 62.75.224.159 bns1.net
      O1 - Hosts: 62.75.224.159 bns2.net
      O1 - Hosts: 62.75.224.159 cms1.net
      O1 - Hosts: 62.75.224.159 cms2.net
      O1 - Hosts: 62.75.224.159 j800banners.cjt1.net
      O1 - Hosts: 62.75.224.159 jadlogix.cjt1.net
      O1 - Hosts: 62.75.224.159 jadtegrity.cjt1.net
      O1 - Hosts: 62.75.224.159 jaimmedia.cjt1.net
      O1 - Hosts: 62.75.224.159 javatar.cjt1.net
      O1 - Hosts: 62.75.224.159 jbeet.cjt1.net
      O1 - Hosts: 62.75.224.159 jbigpops.cjt1.net
      O1 - Hosts: 62.75.224.159 jbouncetek.cjt1.net
      O1 - Hosts: 62.75.224.159 jbravenet.cjt1.net
      O1 - Hosts: 62.75.224.159 jcdcover.cjt1.net
      O1 - Hosts: 62.75.224.159 jclickspring.cjt1.net
      O1 - Hosts: 62.75.224.159 jcollegehumor.cjt1.net
      O1 - Hosts: 62.75.224.159 jdownloadacc.cjt1.net
      O1 - Hosts: 62.75.224.159 jedonkey.cjt1.net
      O1 - Hosts: 62.75.224.159 jeuniverse.cjt1.net
      O1 - Hosts: 62.75.224.159 jhot.cjt1.net
      O1 - Hosts: 62.75.224.159 jicmedia.cjt1.net
      O1 - Hosts: 62.75.224.159 jicq.cjt1.net
      O1 - Hosts: 62.75.224.159 jieplugin.cjt1.net
      O1 - Hosts: 62.75.224.159 jinternetoptimizer.cjt1.net
      O1 - Hosts: 62.75.224.159 jmediabuy1.cjt1.net
      O1 - Hosts: 62.75.224.159 jmediabuyad.cjt1.net
      O1 - Hosts: 62.75.224.159 jmindset.cjt1.net
      O1 - Hosts: 62.75.224.159 jmindsettest.cjt1.net
      O1 - Hosts: 62.75.224.159 jnictech.cjt1.net
      O1 - Hosts: 62.75.224.159 jnova.cjt1.net
      O1 - Hosts: 62.75.224.159 jpiolet.cjt1.net
      O1 - Hosts: 62.75.224.159 jsanboxer.cjt1.net
      O1 - Hosts: 62.75.224.159 jsercee.cjt1.net
      O1 - Hosts: 62.75.224.159 jthedelfin.cjt1.net
      O1 - Hosts: 62.75.224.159 jwarezp2p.cjt1.net
      O1 - Hosts: 62.75.224.159 jwildmedia.cjt1.net
      O1 - Hosts: 62.75.224.159 mediabuy-nic.cjt1.net
      O1 - Hosts: 62.75.224.159 www.m7z.net
      O1 - Hosts: 62.75.224.159 m7z.net
      O1 - Hosts: 62.75.224.159 jnova.cjt1.net
      O1 - Hosts: 62.75.224.159 jcontent.bns1.m7z.net
      O1 - Hosts: 62.75.224.159 j.2004CMS.com
      O1 - Hosts: 62.75.224.159 2004CMS.com
      O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {91992B8B-6A50-4128-9A98-F43E843D7426} - (no file)
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
      O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
      O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
      O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
      O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS13473XXXUS
      O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
      O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
      O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
      O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
      O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
      O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
      O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
      O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueTitia.exe
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
      O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
      O18 - Filter: text/plain - {DC79FCA0-B706-45B3-902C-DD9C6865847B} - (no file)
      O21 - SSODL: IEFilter - {76F6F2E8-EE87-4BB1-8AA5-BD04B0489A40} - (no file)
      O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
      O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
      O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
      O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
      O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\CORTE\Bureau\mes images\bin\iPodService.exe
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Peux-tu me poster le rapport ToolsCleaner ?
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      toolscleaner a été lancé mais je n'ai pas trouvé le rapport !
      i
      0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    C'est toi qui a modifié le fichier Hosts ?
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      salut, je te confirme que je n'ai pas trouvé le rapport toolscleaner.
      je n'ai pas modifié le fichier hosts, etjustement je me posais la question pourquoi il y en avait tant;

      je vais maintenant me coucher, a demain bonne nuiit, merci encore
      0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonne nuit ;)
    0
    1. octopus22
       
      Salut Destrio5,

      Juste pour ma culture générale, qu'indique ces lignes avec autant de hosts, concrêtement ?

      Octopus22
      0
    2. brigitte8787 Messages postés 30 Statut Membre
       
      Bonjour, encore merci pour ton aide, que dois-je faire maintenant ?
      0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Un peu de lecture :
    http://www.commentcamarche.net/faq/sujet 5993 modifier son fichier hosts
    0
  14. octopus22
     
    Salut,

    Merci pour la lecture !
    Cela veut donc dire si je comprends bien que ces lignes par exemple

    >O1 - Hosts: 62.75.224.159 www.cms1.net
    >O1 - Hosts: 62.75.224.159 www.cms2.net
    indiquent qu'un accès aux sites indiqués est à la fois plus rapide et autorisée par le PC ?
    C'est bien cela ?

    Merci
    0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui.
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      Bonjour Destrio5, merci encore pour ton aide,

      Que dois-je faire maintenant ? Merci.
      0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge HostsXpert sur ton Bureau :
    http://www.funkytoad.com/download/HostsXpert.zip

    ---> Décompresse-le (Clic droit >> Extraire ici)

    ---> Double-clique sur HostsXpert pour le lancer

    ---> clique sur le bouton "Restore MS Hosts File" puis ferme le programme

    PS : Avant de cliquer sur le bouton "Restore MS Hosts File", vérifie que le cadenas en haut à gauche soit ouvert sinon tu vas avoir un message d'erreur.
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      Bonsoir, j'ai suivi à la lettre tes instructions,

      maintenant que faut il faire ?

      merci d'avance
      0
  17. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui.
    0
  18. brigitte8787 Messages postés 30 Statut Membre
     
    j'ai suivi les instrcutions, voici le rapport tccleaner

    [ Rapport ToolsCleaner version 2.2.9 (par A.Rothstein & dj QUIOU) ]

    -->- Recherche:

    C:\Rsit: trouvé !
    C:\Documents and Settings\CORTE\Bureau\HijackThis.exe: trouvé !
    C:\Documents and Settings\CORTE\Bureau\hijackthis.log: trouvé !
    C:\Documents and Settings\CORTE\Bureau\Rsit.exe: trouvé !
    C:\Documents and Settings\CORTE\Bureau\SmitFraudfix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\CORTE\Bureau\HijackThis.exe: supprimé !
    C:\Documents and Settings\CORTE\Bureau\hijackthis.log: supprimé !
    C:\Documents and Settings\CORTE\Bureau\Rsit.exe: supprimé !
    C:\Rsit: supprimé !
    C:\Documents and Settings\CORTE\Bureau\SmitFraudfix: supprimé !

    voici le rapport hijackthis :

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by CORTE at 2008-12-26 20:15:02
    Microsoft Windows XP Édition familiale Service Pack 3
    System drive C: has 42 GB (54%) free of 78 GB
    Total RAM: 255 MB (19% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:16:35, on 26/12/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE
    C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE
    C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsrw.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe
    C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    C:\Program Files\OrangeHSS\Launcher\Launcher.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
    C:\PROGRA~1\SECURI~1\av_fw\ANTI-S~1\fsaw.exe
    C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe
    C:\Program Files\OrangeHSS\systray\systrayapp.exe
    C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\CORTE\Bureau\RSIT.exe
    C:\Program Files\trend micro\CORTE.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
    O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {91992B8B-6A50-4128-9A98-F43E843D7426} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\av_fw\FSGUI\FSSW.EXE" /reboot
    O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\av_fw\FSGUI\ispnews.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\Securitoo\av_fw\backweb\6588780\Program\fspex.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\av_fw\Anti-Spyware\blockpopups.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS9257XXXUS
    O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
    O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
    O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\av_fw\Anti-Spyware\ieshield.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
    O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version7/Applet/vchatsign.cab
    O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/11731/NueTitia.exe
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
    O18 - Filter: text/plain - {DC79FCA0-B706-45B3-902C-DD9C6865847B} - (no file)
    O21 - SSODL: IEFilter - {76F6F2E8-EE87-4BB1-8AA5-BD04B0489A40} - (no file)
    O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\av_fw\backweb\6588780\Program\SERVIC~1.EXE
    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe
    O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\6588780\program\fsbwsys.exe
    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe
    O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Documents and Settings\CORTE\Bureau\mes images\bin\iPodService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    0
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Supprime HostsXpert.

    - Télécharge LSPFix et dézippe-le sur le bureau :
    http://www.cexx.org/lspfix.zip

    - Lance LSPfix et se mettre en plein écran pour voir tous les boutons et ascenseurs

    - Ferme Internet Explorer et arrête la connexion à Internet

    - Coche la case "I know what I'm doing" (je sais ce que je fais)

    - Dans la colonne de gauche, sélectionne newdotnet6_98.dll.

    - Clique sur la flèche vers la droite pour les ajouter (de la colonne KEEP) dans la colonne REMOVE

    - Scroll et clique sur Finish.
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      salut, je n'ai pas trouvé le fichier newtdotnet6_98.dll.

      Tu as trouvé le PC très lent.... est ce qu'en rajoutant 256 Mo, cela vaudrait la peine ?

      A bientot
      0
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok.

    "salut, je n'ai pas trouvé le fichier newtdotnet6_98.dll."
    ---> Tu n'en as pas un qui a un nom ressemblant à ça ?

    "Tu as trouvé le PC très lent.... est ce qu'en rajoutant 256 Mo, cela vaudrait la peine ?"
    ---> Il est lent ? RSIT m'indique 256Mo de RAM, il peut se tromper, as-tu vérifié ?
    0
    1. brigitte8787 Messages postés 30 Statut Membre
       
      Question 1 : je n'ai pas de fichier ressemblant a ce que tu as demandé.

      Question 2 : AMD Athlon (tm) XP 2200+
      1,79 GHz 256Mo de RAM

      a bientot
      0
  • 1
  • 2