Sujet Précédent Sujet Suivant

Comment retirer funWebProducts

Résolu/Fermé
ermeda - 5 janv. 2009 à 10:33
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 9 janv. 2009 à 16:33
Bonjour,
suite a une recherche avec spybot,celui- ci detecte une erreur dans un de mes fichiers de configuration : voilà ce qu'il me met comme resultat:

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


FunWebProducts: [SBI $685582A8] Fichier de configuration (Fichier, nothing done)
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-08-29 unins000.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-29 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-29 Includes\Trojans.sbi (*)
2008-12-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)


--- Startup entries list ---
Located: HK_LM:Run, Acer Empowering Technology Monitor
command: C:\Windows\system32\SysMonitor.exe
file: C:\Windows\system32\SysMonitor.exe
size: 319488
MD5: 201F07F6E5E08B41B5BCC2AB3D339ECC

Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657B09D386137C7501367985B9741E

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, avast!
command: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
size: 81000
MD5: 55EBFBAB39BFAB5E62358C093F297641

Located: HK_LM:Run, Bluetooth Connection Assistant
command: LBTWIZ.EXE -silent
file: LBTWIZ.EXE
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, eDataSecurity Loader
command: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
file: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
size: 453120
MD5: AD8D5EB999C397245CCBE78BCAFF1656

Located: HK_LM:Run, ISUSScheduler
command: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC

Located: HK_LM:Run, Kernel and Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 76304
MD5: E6A9F68D26A094FB78B98180A40A29FC

Located: HK_LM:Run, LifeCam
command: "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
file: C:\Program Files\Microsoft LifeCam\LifeExp.exe
size: 279912
MD5: 411EA589240F875E685F3C985357AE08

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\Windows\KHALMNPR.EXE
size: 76304
MD5: E6A9F68D26A094FB78B98180A40A29FC

Located: HK_LM:Run, NeroFilterCheck
command: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 153136
MD5: D6F5D1CBC11879F21DCCC7E440759EF3

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 13535776
MD5: C9921165805EA42219D0F061D01A2162

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 92704
MD5: 12E87026AC59277BB38AD8AD7674ED44

Located: HK_LM:Run, PCSuiteTrayApplication
command: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
file: C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
size: 229376
MD5: B22C27A51705C6D2B8176E90CF36208F

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: 6CD5C3276C83F72677D647F27EE14ABD

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 3784704
MD5: A503A47A5E7EA8024379A8CC6059B74A

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, VX1000
command: C:\Windows\vVX1000.exe
file: C:\Windows\vVX1000.exe
size: 709992
MD5: F9825069752B43CA98974B71A9B4DCF5

Located: HK_LM:Run, WarReg_PopUp
command: C:\Acer\WR_PopUp\WarReg_PopUp.exe
file: C:\Acer\WR_PopUp\WarReg_PopUp.exe
size: 57344
MD5: BBADDD291165F398BA4F058287175209

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, Picasa Media Detector
where: .DEFAULT...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: HK_CU:Run,
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, EPSON Stylus DX8400 Series
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
file: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
size: 182272
MD5: 9AD31D8018B72E1013CFD012619E0232

Located: HK_CU:Run, ISUSPM Startup
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 249856
MD5: 1C46FC1AB600766B8554580204806E84

Located: HK_CU:Run, Magentic
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: C:\PROGRA~1\Magentic\bin\Magentic.exe /c
file: C:\PROGRA~1\Magentic\bin\Magentic.exe
size: 475180
MD5: E6083CE46DA2A08A726F8F24930E8BDD

Located: HK_CU:Run, msnmsgr
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 5724184
MD5: 97384875B6D03831B2D1820AB8952F67

Located: HK_CU:Run, PcSync
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
file: C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 1449984
MD5: 74E99DF19D01BB34E72531C80EABE045

Located: HK_CU:Run, Sidebar
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-380413425-3807486281-3736036464-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, Picasa Media Detector
where: S-1-5-18...
command: C:\Program Files\Picasa2\PicasaMediaDetector.exe
file: C:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: EF1ECB9DF42AF6BF7514BB5EBC5C59EC

Located: Démarrage (tous utilisateurs), Empowering Technology Launcher.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Acer\Empowering Technology\eAPLauncher.exe
file: C:\Acer\Empowering Technology\eAPLauncher.exe
size: 528384
MD5: C849D57292E58A9E1C55559930FD1082

Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 67128
MD5: 59F6763CFAE8DF2AF491129314901317

Located: Démarrage (tous utilisateurs), Logitech SetPoint.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 805392
MD5: D0948BE9B3547B9669195D7F84FC09F7

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Démarrage (utilisateur), Outil de notification Live Search.lnk
where: C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
file: C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
size: 143360
MD5: B0CF42ED486274C69B23C33351436269

Located: WinLogon, LBTWlgn
command: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
file: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
size: 72208
MD5: 2ACBFEF9984F0FE9849DA857206CCECC



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 11/06/2008 21:33:16
Date (last access): 06/09/2008 09:35:40
Date (last write): 11/06/2008 21:33:16
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{64F56FC1-1272-44CD-BA6E-39723696E350} (EoRezoBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: EoRezoBHO
CLSID name: EoBho Class
Path: C:\PROGRA~1\eoRezo\EoAdv\
Long name: EOREZO~1.DLL

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22/02/2008 14:24:38
Date (last access): 17/10/2008 11:11:20
Date (last write): 22/02/2008 14:24:38
Filesize: 401968
Attributes: archive
MD5: E393F5B7D090DF8370452916FFE92F9A
CRC32: 684A21B5
Version: 5.0.744.4

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://www.google.com/intl/fr/toolbar/ie/index.html
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 25/05/2008 11:36:00
Date (last access): 25/05/2008 11:36:00
Date (last write): 25/05/2008 11:36:00
Filesize: 2582136
Attributes: readonly archive
MD5: F5F55FD61AB135233C24B90D9EDA2521
CRC32: F5EAB681
Version: 4.0.1602.35650

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\
Long name: swg.dll
Short name:
Date (created): 17/10/2008 08:16:10
Date (last access): 17/10/2008 08:16:10
Date (last write): 17/10/2008 08:16:10
Filesize: 652784
Attributes: archive
MD5: 7D566FF02484EA2BCDEF6E8D7E9D9D13
CRC32: 922F62CE
Version: 4.1.805.4472

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper
Path: C:\Program Files\Windows Live Toolbar\
Long name: msntb.dll
Short name:
Date (created): 19/10/2007 10:20:48
Date (last access): 20/10/2008 14:49:26
Date (last write): 19/10/2007 10:20:48
Filesize: 546320
Attributes: archive
MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
CRC32: 12446524
Version: 3.1.0.146

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 15/11/2008 11:10:28
Date (last access): 10/11/2008 03:39:26
Date (last write): 10/11/2008 05:43:16
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3



--- ActiveX list ---
CabBuilder (CabBuilder)
DPF name: CabBuilder
CLSID name:
Installer:
Codebase: http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

{029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client)
DPF name:
CLSID name: Rawflow ICD Client
Installer:
Codebase: http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
description:
classification: Open for discussion
known filename: Rawflow.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\DOWNLO~1\
Long name: Rawflow.ocx
Short name:
Date (created): 09/07/2007 11:27:04
Date (last access): 09/07/2007 11:27:04
Date (last write): 09/07/2007 11:27:04
Filesize: 2377088
Attributes: archive
MD5: 943E22C10A1A7A411433107ACADFFC9D
CRC32: B59B8B1F
Version: 5.3.1.0

{04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI)
DPF name:
CLSID name: Module de délivrance de certificat MINEFI
Installer:
Codebase: https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
Path: C:\Windows\Downloaded Program Files\
Long name: CERTDGI1.dll
Short name:
Date (created): 22/08/2007 12:02:08
Date (last access): 22/08/2007 12:02:08
Date (last write): 22/08/2007 12:02:08
Filesize: 117288
Attributes: archive
MD5: AFF096280AB535CE34F82CABDB3C136D
CRC32: 644F0E8C
Version: 1.1.0.0

{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\Windows\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 11/10/2007 14:12:48
Date (last access): 11/10/2007 14:12:48
Date (last write): 11/10/2007 14:12:48
Filesize: 1468968
Attributes: archive
MD5: FC6680B6D4812D017109518AC07DED0E
CRC32: 4DC7C79C
Version: 1.7.59.1

{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
Path: C:\Windows\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 28/02/2007 14:21:04
Date (last access): 28/02/2007 14:21:04
Date (last write): 28/02/2007 14:21:04
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1

{2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control)
DPF name:
CLSID name: CamfrogWEB Advanced Unicode Control
Installer:
Codebase: http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
description:
classification: Open for discussion
known filename: cfwebadv.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\CFWEBA~1\
Long name: cfwebadv.ocx
Short name:
Date (created): 19/03/2007 11:26:32
Date (last access): 20/06/2007 19:24:22
Date (last write): 19/03/2007 11:26:32
Filesize: 651264
Attributes: archive
MD5: 38B0F794A5F8510E21CAB7A78DFDE288
CRC32: A5C2F316
Version: 2.0.1.14

{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
DPF name:
CLSID name: YInstStarter Class
Installer: C:\Program Files\Yahoo!\Common\yinst.inf
Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
description: Yahoo! Installation helper
classification: Legitimate
known filename: %SystemRoot%\Downloaded Program Files\yinsthelper.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Yahoo!\common\
Long name: yinsthelper.dll
Short name: YINSTH~1.DLL
Date (created): 20/08/2007 15:06:56
Date (last access): 20/08/2007 15:06:56
Date (last write): 30/07/2006 12:25:34
Filesize: 188968
Attributes: archive
MD5: 18B54B53CEE0E7204495BAB864EBBF03
CRC32: 6D72BB93
Version: 2006.4.14.2

{406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia)
DPF name:
CLSID name: Snapfish Activia
Installer: C:\Windows\Downloaded Program Files\SnapfishActivia1000.inf
Codebase: http://www3.snapfish.fr/SnapfishActivia.cab
description:
classification: Legitimate
known filename: SnapfishActivia1000.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: SnapfishActivia1000.ocx
Short name: SNAPFI~1.OCX
Date (created): 03/06/2005 11:24:32
Date (last access): 03/06/2005 11:24:32
Date (last write): 03/06/2005 11:24:32
Filesize: 286720
Attributes: archive
MD5: F5C79C45F1ADF877DC3AFDFF3565AE7B
CRC32: F118547A
Version: 1.0.0.10

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
DPF name:
CLSID name: MSN Photo Upload Tool
Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
Codebase: http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
description:
classification: Legitimate
known filename: MsnPUpld.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 20/11/2006 10:04:16
Date (last access): 20/11/2006 10:04:16
Date (last write): 20/11/2006 10:04:16
Filesize: 543544
Attributes: archive
MD5: A0F541D9D2CACEEC7A4A378CD0C31626
CRC32: 035C591F
Version: 10.0.914.0

{5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)
DPF name:
CLSID name: UnoCtrl Class
Installer: C:\Windows\Downloaded Program Files\GAME_UNO1.INF
Codebase: http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
description:
classification: Legitimate
known filename: unomsnger.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: GAME_UNO1.dll
Short name: GAME_U~1.DLL
Date (created): 28/09/2007 03:41:28
Date (last access): 28/09/2007 03:41:28
Date (last write): 28/09/2007 03:41:28
Filesize: 381960
Attributes: archive
MD5: 80F4A456633F78A26A3C6B16E64EFEC5
CRC32: 7DFC41A5
Version: 1.0.1201.1

{7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control)
DPF name:
CLSID name: Windows Live Photo Upload Control
Installer: C:\Windows\Downloaded Program Files\CONFLICT.1\MSNPUpld.inf
Codebase: http://cid-11ad1e6446c89503.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
Path: C:\Windows\Downloaded Program Files\CONFLICT.1\
Long name: MsnPUpld.dll
Short name:
Date (created): 02/08/2007 10:31:32
Date (last access): 02/08/2007 10:31:32
Date (last write): 02/08/2007 10:31:32
Filesize: 360320
Attributes: archive
MD5: C670858E2347EAB5C9507A91A142210F
CRC32: B1C9923E
Version: 10.0.916.0

{88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class)
DPF name:
CLSID name: AdVerifierADPCtrl Class
Installer: C:\Windows\Downloaded Program Files\AdSignerADP.inf
Codebase: https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.0.cab
Path: C:\Windows\Downloaded Program Files\
Long name: AdVerifierADP.dll
Short name: ADVERI~1.DLL
Date (created): 27/03/2007 15:19:34
Date (last access): 27/03/2007 15:19:34
Date (last write): 27/03/2007 15:19:34
Filesize: 363856
Attributes: archive
MD5: E86691746309DEE06A4DD8D699D06122
CRC32: 929E7B61
Version: 1.3.5.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 15/11/2008 11:10:30
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class)
DPF name:
CLSID name: CamImage Class
Installer:
Codebase: http://webcam.asf.fr/AxisCamControl.ocx
description:
classification: Legitimate
known filename: AxisCamControl.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: AxisCamControl.ocx
Short name: AXISCA~1.OCX
Date (created): 27/07/2007 14:41:14
Date (last access): 27/07/2007 14:41:14
Date (last write): 27/07/2007 14:41:08
Filesize: 181136
Attributes: archive
MD5: 830C7EA2844458330D26F60B3C68910D
CRC32: 0A338892
Version: 1.0.1.43

{BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in)
DPF name:
CLSID name: Creative Toolbox Plug-in
Installer: C:\Windows\Downloaded Program Files\Crusher.inf
Codebase: http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
description:
classification: Open for discussion
known filename: Crusher.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\system32\
Long name: Crusher.dll
Short name:
Date (created): 13/01/2005 15:00:24
Date (last access): 13/01/2005 15:00:24
Date (last write): 13/01/2005 15:00:24
Filesize: 778240
Attributes: archive
MD5: DFB157AB5F916EEEC5778944D9A285F6
CRC32: FEC372EB
Version: 1.1.5012.0

{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player)
DPF name:
CLSID name: Zylom Games Player
Installer: C:\Windows\Downloaded Program Files\ZylomGamesPlayer.inf
Codebase: http://game11.zylom.com/activex/zylomgamesplayer.cab
description:
classification: Legitimate
known filename: zylomgamesplayer.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: zylomgamesplayer.dll
Short name: ZYLOMG~1.DLL
Date (created): 29/08/2006 13:17:22
Date (last access): 29/08/2006 13:17:22
Date (last write): 29/08/2006 13:17:22
Filesize: 161976
Attributes: archive
MD5: 7FAF5222EEB546E1DC0F348DCB314B0B
CRC32: B03D23B2
Version: 2.0.0.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Windows\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 22/02/2007 23:41:12
Date (last access): 22/02/2007 23:41:12
Date (last write): 22/02/2007 23:41:12
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 15/11/2008 11:10:30
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 15/11/2008 11:10:30
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_06
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 15/11/2008 11:10:30
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 15/11/2008 11:10:30
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: ssv.dll
Short name:
Date (created): 15/11/2008 11:10:30
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 320920
Attributes: archive
MD5: 35E6FB6E6003BD54A5D69C9C1C762192
CRC32: 9699660C
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 10/11/2008 03:39:26
Date (last access): 10/11/2072 03:39:26
Date (last write): 10/11/2008 05:43:32
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 25/03/2008 03:32:42
Date (last access): 26/06/2008 07:44:16
Date (last write): 25/03/2008 03:32:42
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0

{D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class)
DPF name:
CLSID name: Virtools WebPlayer Class
Installer:
Codebase: http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
description:
classification: Legitimate
known filename: WebPlayer.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Virtools\3D Life Player\
Long name: WebPlayer.ocx
Short name: WEBPLA~1.OCX
Date (created): 04/11/2007 11:11:40
Date (last access): 04/11/2007 11:11:40
Date (last write): 04/11/2007 11:11:42
Filesize: 304440
Attributes: archive
MD5: 6487F08E12AA59D76B0106EC5A2775EA
CRC32: E22BC725
Version: 4.0.0.96



--- Process list ---
PID: 896 (1148) C:\Windows\system32\taskeng.exe
size: 169472
MD5: 5F109032CE46B7184ED9E50F9FE8489E
PID: 1552 (1112) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 59903071D7ACE6A02093C47E9E38AF97
PID: 2212 ( 688) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 2236 ( 688) C:\Windows\RtHDVCpl.exe
size: 3784704
MD5: A503A47A5E7EA8024379A8CC6059B74A
PID: 2308 ( 688) C:\Windows\System32\SysMonitor.exe
size: 319488
MD5: 201F07F6E5E08B41B5BCC2AB3D339ECC
PID: 2380 ( 688) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC
PID: 2416 ( 688) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657B09D386137C7501367985B9741E
PID: 2496 ( 688) C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
size: 229376
MD5: B22C27A51705C6D2B8176E90CF36208F
PID: 2512 ( 688) C:\Program Files\Alwil Software\Avast4\ashDisp.exe
size: 81000
MD5: 55EBFBAB39BFAB5E62358C093F297641
PID: 2648 ( 688) C:\Windows\vVX1000.exe
size: 709992
MD5: F9825069752B43CA98974B71A9B4DCF5
PID: 2732 ( 688) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 2928 ( 688) C:\Program Files\Logitech\SetPoint\LBTWiz.exe
size: 59920
MD5: 868FA6393DF53477FC27900751ABCAF1
PID: 2996 ( 688) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 3080 ( 688) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: FD278E51A7D6F52D22FCE6C67E037AD6
PID: 3100 ( 688) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 3140 ( 688) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 5724184
MD5: 97384875B6D03831B2D1820AB8952F67
PID: 3184 ( 688) C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
size: 1449984
MD5: 74E99DF19D01BB34E72531C80EABE045
PID: 3352 ( 688) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 3524 ( 688) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 67128
MD5: 59F6763CFAE8DF2AF491129314901317
PID: 3548 ( 688) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 805392
MD5: D0948BE9B3547B9669195D7F84FC09F7
PID: 3736 ( 688) C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
size: 143360
MD5: B0CF42ED486274C69B23C33351436269
PID: 3240 (3420) C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
size: 319488
MD5: 24E15254C0E05C773360314A0D0B57BC
PID: 2472 (3420) C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
size: 393216
MD5: C97B42E99BB79847372CBDAE51CE5E78
PID: 2924 (3736) C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
size: 125440
MD5: A67C3C0E89890195FB7AD070AB137BD6
PID: 1124 ( 836) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4304 (3220) C:\PROGRA~1\Magentic\bin\MgApp.exe
size: 106537
MD5: 90FC342FEAF76E6D7B681576E4A8EA5B
PID: 4548 ( 836) C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
size: 471552
MD5: BA18073891BB866ED51D25CC6B62A96D
PID: 4584 (3548) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
size: 76304
MD5: 19E0D28FE38F55CA4C63F77D3657959A
PID: 5752 ( 836) C:\Program Files\Windows Mail\WinMail.exe
size: 397312
MD5: 7E6EA9CB72B5DE84A5D700BED877E5F9
PID: 5796 ( 836) C:\Windows\system32\wbem\unsecapp.exe
size: 37888
MD5: 25873356E52849C3F5B3F1B02317E8C8
PID: 4568 (1148) C:\Windows\system32\wuauclt.exe
size: 51224
MD5: E654B78D2F1D791B30D0ED9A8195EC22
PID: 4616 (4744) C:\Windows\Explorer.EXE
size: 2927104
MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
PID: 5852 ( 836) C:\Windows\System32\mobsync.exe
size: 95744
MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
PID: 5668 (6036) C:\Program Files\Internet Explorer\ieuser.exe
size: 299520
MD5: 5B2E1C16A2C420F60CD391B666003F14
PID: 4820 (6036) C:\Program Files\Internet Explorer\iexplore.exe
size: 625664
MD5: 5B92133D3E7FB2644677686305E29E81
PID: 3264 ( 836) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 120384
MD5: 83B8590810DCBF60C1A6342165268A22
PID: 5696 (4616) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 6096 ( 836) C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
size: 218496
MD5: 5ABE08EEB790D2322565DBD11BF70A19
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 440 ( 4) smss.exe
size: 64000
PID: 508 ( 496) csrss.exe
size: 6144
PID: 572 ( 496) wininit.exe
size: 96768
PID: 584 ( 564) csrss.exe
size: 6144
PID: 620 ( 572) services.exe
size: 279040
PID: 632 ( 572) lsass.exe
size: 9728
PID: 640 ( 572) lsm.exe
size: 229888
PID: 732 ( 564) winlogon.exe
size: 314880
PID: 836 ( 620) svchost.exe
size: 21504
PID: 884 ( 620) nvvsvc.exe
size: 118784
PID: 912 ( 620) svchost.exe
size: 21504
PID: 956 ( 620) svchost.exe
size: 21504
PID: 1044 ( 620) svchost.exe
size: 21504
PID: 1112 ( 620) svchost.exe
size: 21504
PID: 1148 ( 620) svchost.exe
size: 21504
PID: 1224 (1044) audiodg.exe
size: 88064
PID: 1256 ( 620) SLsvc.exe
size: 2623488
PID: 1284 ( 620) svchost.exe
size: 21504
PID: 1396 ( 620) LBTServ.exe
PID: 1420 ( 884) rundll32.exe
size: 44544
PID: 1516 ( 620) svchost.exe
size: 21504
PID: 1624 ( 620) aswUpdSv.exe
PID: 1652 ( 620) ashServ.exe
PID: 1868 ( 620) spoolsv.exe
size: 125952
PID: 1892 ( 620) svchost.exe
size: 21504
PID: 692 ( 620) MemCheck.exe
PID: 2432 ( 620) svchost.exe
size: 21504
PID: 2444 ( 620) svchost.exe
size: 21504
PID: 2520 ( 620) GoogleUpdaterService.exe
PID: 2580 ( 620) inetinfo.exe
PID: 2724 ( 620) LSSrvc.exe
PID: 2760 ( 620) svchost.exe
size: 21504
PID: 2808 ( 620) MSCamS32.exe
PID: 2948 ( 620) svchost.exe
size: 21504
PID: 3008 ( 620) RichVideo.exe
PID: 3048 ( 620) svchost.exe
size: 21504
PID: 3132 ( 620) svchost.exe
size: 21504
PID: 3156 ( 620) svchost.exe
size: 21504
PID: 3212 ( 620) SearchIndexer.exe
size: 439808
PID: 3372 (1112) WUDFHost.exe
size: 142336
PID: 3380 ( 620) eRecoveryService.exe
PID: 3516 ( 620) SDWinSec.exe
size: 809296
MD5: C4CB6FA165448681EE81B00819114704
PID: 3872 ( 620) ashMaiSv.exe
PID: 2292 ( 620) ashWebSv.exe
PID: 2160 (1148) taskeng.exe
size: 169472
PID: 4488 ( 620) ServiceLayer.exe
PID: 5984 ( 836) WmiPrvSE.exe
PID: 1120 ( 620) wmpnetwk.exe
PID: 1072 ( 620) usnsvc.exe
PID: 5748 (1148) taskeng.exe
size: 169472


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 05/01/2009 10:31:38

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://neufportail.fr/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
https://home.sweetim.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
https://www.msn.com/fr-fr
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm


--- Winsock Layered Service Provider list ---
Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AcerMemUsageCheckService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ePerformance Service
Description: Surveiller l'utilisation m Ámoire et donner la possibilit?de lib Árer la m Ámoire non-utilis Áe.
Object name: LocalSystem
Image path: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
Image size: 24576
Image MD5: 23A1768E026A0FE499363E60151939B7
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote ACPI Microsoft
Image path: system32\drivers\acpi.sys
Image size: 266808
Image MD5: FCB8C7210F0135E24C6580F7F649C73C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Afc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PPdus ASPI Shell
Image path: system32\drivers\Afc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pilote de processeur AMD K8
Image path: system32\DRIVERS\amdk8.sys
Image size: 44032
Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AppHostSvc
Registry path: \SYSTEM\CurrentControlS
A voir également:

34 réponses

  • 1
  • 2
Réponse 1 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 10:45
Salut,

Spybot ne pourra rien faire .... ^^


fais ceci pour commencer :

Télécharge et installe le logiciel HijackThis :

ici HijackThis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

1- Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

tuto pour utilisation :
Regarde ici, c'est parfaitement expliqué en images (merci balltrap34),
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
( Ne fixe encore AUCUNE ligne, cela pourrait empêcher ton PC de fonctionner correctement )

2- !! Déconnecte toi et ferme toutes tes applications en cours !!

Clique sur le raccourci du bureau pour lancer le prg :
fais un scan HijackThis en cliquant sur : "Do a system scan and save a logfile"

---> Poste le rapport généré pour analyse ...
0
ermeda
5 janv. 2009 à 10:57
Logfile of HijackThis v1.99.1
Scan saved at 10:56:45, on 05/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - Startup: Outil de notification Live Search.lnk = nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm128MXFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-11ad1e6446c89503.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.0.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)

voilà ce que ca me met
0
Réponse 2 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 11:24
Bien ...


on attaque .... dans l'ordre :



1- Important :
Désactive le "tea timer" de Spybot S&D en t'aidant de ce tuto animé (merci Balltrap ;) ) :
http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm
( sur la 1er image , clique sur "tea timer" pour lancer l'animation ).

En effet , il risque de géner dans le bon déroulement des outils de désinfections et dans la répartion du registre ...

Tu le réactiveras une fois qu'on aura finis de désinfecter ( et pas avant ! ) .
/!\ Mais attention :
à ce moment là, le " TeaTimer " de Spybot proposera, par le biais de plusieurs pop-up, d'accepter ou non des modifications de registre ( survenuent lors de la désinfection )
-> il faudra alors les accepter toutes sans exeptions !

Puis part la suite , il faudra rester vigilant lorsque le "TeaTimer" donnera des alertes : accepter une modification uniquement si on en connait la provenance .


Une fois ceci fais ( et pas avant ! ) , tu enchaines avec ceci :



2- Télécharge ToolBar S&D ( de Eric_71/Team IDN ) sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...
--> Tapes directement sur 2 ( option " nettoyage " ) puis tape sur [Entrée].

Le nettoyage commence .

! ne touche à rien lors de la suppression !

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...

( le rapport est en outre sauvegardé ici -> C:\TB.txt )


0
ermeda
5 janv. 2009 à 12:22
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : nadege ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081125-1] 4.8.1290 (Activated)
C:\ (Local Disk) - NTFS - Total:113 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:107 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 05/01/2009|12:20 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Users\NADEGE~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies\nadege@www.bananalotto[1].txt

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://neufportail.fr/"
"SEARCH PAGE"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://home.sweetim.com/"
"Default_Page_URL"="https://www.msn.com/fr-fr"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections


C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore\Windows\System32\xdeqxof.dat
C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore\Windows\System32\xdeqxof_nav.dat
C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore\Windows\System32\xdeqxof_navps.dat
C:\Windows\System32\xdeqxof.dat
C:\Windows\System32\xdeqxof_nav.dat
C:\Windows\System32\xdeqxof_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\NADEGE~1.PC-\AppData\Roaming\mIRC\logs\crack-----.DiscuT.log


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 05/01/2009|12:22 - Option : [1]

-----------\\ Fin du rapport a 12:22:22,10
0
Réponse 3 / 34
ermeda
5 janv. 2009 à 12:24
Logfile of HijackThis v1.99.1
Scan saved at 12:24:02, on 05/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - Startup: Outil de notification Live Search.lnk = nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm128MXFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-11ad1e6446c89503.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.0.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)
0
Réponse 4 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 12:24
un nouveau rapport Hijackthis comme je l'ai demandé ... ^^
0
ermeda
5 janv. 2009 à 12:28
il y est aussi
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 34
ermeda
5 janv. 2009 à 12:25
voilà tout y est
0
Réponse 6 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 12:25
nos message se croisent ....

^^


je te donne la suite ....

0
Réponse 7 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 12:27
Voilà ....

tu n'as pas fais la suppression avec ToolBar S&D !!!


donc reprends ainsi :


Nettoyage avec ToolBar S&D :

!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!

Relance l'outil en double-cliquant sur ToolBar SD.exe qui est sur ton bureau .
--> Tapes sur 2 ( option " nettoyage " ) puis tape sur [Entrée].

Le nettoyage commence .
! ne touche à rien lors de la suppression !

Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse ...


0
ermeda
5 janv. 2009 à 12:29
nettoyage est pas marque en revanche il y a suppression ecrit
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463 > ermeda
5 janv. 2009 à 12:31
Nettoyage = suppression ! .... ^^


0
ermeda > sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012
5 janv. 2009 à 12:40
ok voici les deux rapports

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : nadege ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081125-1] 4.8.1290 (Activated)
C:\ (Local Disk) - NTFS - Total:113 Go (Free:15 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:107 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 05/01/2009|12:36 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - [Service] MyWebSearchService
Supprime! - C:\Users\NADEGE~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies\nadege@www.bananalotto[1].txt

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://neufportail.fr/"
"SEARCH PAGE"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections


C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore\Windows\System32\xdeqxof.dat
C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore\Windows\System32\xdeqxof_nav.dat
C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore\Windows\System32\xdeqxof_navps.dat
C:\Windows\System32\xdeqxof.dat
C:\Windows\System32\xdeqxof_nav.dat
C:\Windows\System32\xdeqxof_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ Cracks & Keygens ..

C:\Users\NADEGE~1.PC-\AppData\Roaming\mIRC\logs\crack-----.DiscuT.log


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 05/01/2009|12:22 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 05/01/2009|12:32 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 05/01/2009|12:37 - Option : [2]

-----------\\ Fin du rapport a 12:37:48,66

et le suivant
Logfile of HijackThis v1.99.1
Scan saved at 12:24:02, on 05/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - Startup: Outil de notification Live Search.lnk = nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - ?p=ZJxdm128MXFR
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-11ad1e6446c89503.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.0.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)

voilà tout y est
0
Réponse 8 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 12:47
impec ....


on continue .... dans l'ordre :


1- protocole à suivre pour Windows Vista :

*Désactiver le contrôle des comptes utilisateurs ou UAC (le réactiver seulement à la fin de la désinfection) :

Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517


* Important :
Pour installer ou pour lancer les outils, que tu utiliseras au court de la désinfection, fais toujours ainsi :
clique DROIT ( sur le setup d'installe ou l'outil ) -> choisis " Exécuter entant qu'administrateur " .
Fais ce-ci systématiquement ! ...


une fois ceci fait et pris en compte , enchaines :


================

2- Tu as des restes de Norton qu'il faut nettoyer :

Télécharge Norton removal tool sur ton bureau :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Déconnecte toi .
Ensuite désinstalle Norton avec "Norton removal tool": tu double-cliques dessus et tu te laisses guider ... il faut le désinstaller correctement ( fais la manipe 2 fois si possible ).

=================

3- Faire un clique droit sur ce lien : http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.

!!Déconnecte toi,désactive tes défenses ( anti-virus,anti-spyware,ect... ) et ferme bien toutes tes applications le temps de la manipe !!

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Faire un clique-droit sur le raccourci Navilog1 présent
sur le bureau et choisir "Exécuter en tant qu'administrateur"

Laisse-toi guider.

Au menu principal, choisis 1 et valide .
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***

Appuie sur une touche comme demandé, le blocnote va s'ouvrir :
sauvegarde ce rapport de manière à le retrouver .
Copie-colle l'intégralité de son contenu dans ta prochaine réponse et attends la suite .
(Le rapport sera en outre sauvegardé à la racine du disque "C\:fixnavi.txt") .

Tuto : http://www.malekal.com/Adware.Magic_Control.php#mozTocId595901


0
ermeda
5 janv. 2009 à 13:40
Search Navipromo version 3.7.1 commencé le 05/01/2009 à 13:23:09,81

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : nadege ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1290 [VPS 081125-1] 4.8.1290 (Activated)


C:\ (Local Disk) - NTFS - Total:113 Go (Free:16 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:107 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)


Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\nadege~1.pc-\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\nadege.PC-de-erika\AppData\Local\virtualstore\Program Files" ***



*** Recherche dossiers dans "C:\Users\nadege.PC-de-erika\AppData\Local" ***



*** Recherche dossiers dans "C:\Users\INVIT~1\AppData\Local" ***



*** Recherche dossiers dans "C:\Users\NADEGE~1\AppData\Local" ***




*** Recherche dossiers dans "C:\Users\nadege.PC-de-erika\AppData\Roaming" ***


*** Recherche dossiers dans "C:\Users\INVIT~1\appdata\roaming" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\nadege.PC-de-erika\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\nadege.PC-de-erika\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\nadege.PC-de-erika\AppData\Local" *

* Recherche dans "C:\Users\INVIT~1\AppData\Local" *

* Recherche dans "C:\Users\NADEGE~1\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***
!! Les clés trouvées ne sont pas forcément infectées !!

HKEY_CURRENT_USER\Software\Lanconfig

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :

xdeqxof.dat trouvé !
xdeqxof_nav.dat trouvé !
xdeqxof_navps.dat trouvé !

* Dans "C:\Users\nadege.PC-de-erika\AppData\Local\Microsoft" :


* Dans "C:\Users\nadege.PC-de-erika\AppData\Local\virtualstore\windows\system32" :

xdeqxof.dat trouvé !
xdeqxof_nav.dat trouvé !
xdeqxof_navps.dat trouvé !

* Dans "C:\Users\nadege.PC-de-erika\AppData\Local" :


* Dans "C:\Users\INVIT~1\AppData\Local" :


* Dans "C:\Users\NADEGE~1\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche autres dossiers et fichiers connus :



*** Analyse terminée le 05/01/2009 à 13:37:56,93 ***
0
Réponse 9 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 13:44
la suite :



!! Déconnecte toi, désactive tes défenses ( anti-virus,anti-spyware,ect... ) et ferme bien toutes tes applications le temps de la manipe !!

--->Faire un clique-droit sur le raccourci Navilog1 présent sur le bureau et
choisir "Exécuter en tant qu'administrateur..."

Arriver au menu principal, choisir l'option 2 et valider.

Le fix demandera ensuite de "redémarrer le PC", fermer toutes les fenêtres ouvertes
et appuyer sur une touche comme demandé.
(Important : si le PC ne redémarre pas automatiquement, le faire manuellement)

Au redémarrage du PC, choisir la session habituelle si nécessaire.

Patienter jusqu'au message : " Nettoyage terminé le ..."

Le bureau réapparait , le bloc-note s'ouvre .
Sauvegarder ce rapport de manière à le retrouver, puis fermer le blocnote .
(Le rapport sera en outre sauvegardé à la racine du disque "C\:cleannavi.txt")

poste ce rapport accompagné d'un nouveau rapport hijackthis dans ta nouvelle réponse pour analyse .

(PS : Si le bureau ne réapparaît pas, faire CTRL+ALT+SUPPR pour ouvrir le gestionnaire de tâches.
Choisir l'onglet processus. Cliquer en haut à gauche sur fichiers et choisir exécuter,
Taper explorer et valider.)
0
ermeda
5 janv. 2009 à 18:02
voici le rapport clennavi
Clean Navipromo version 3.7.1 commencé le 05/01/2009 à 17:46:16,51

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 02.01.2009 à 19h00 par IL-MAFIOSO

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : nadege ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1290 [VPS 081125-1] 4.8.1290 (Activated)


C:\ (Local Disk) - NTFS - Total:113 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:107 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)


Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\Windows\System32" *


* Suppression dans "C:\Users\nadege.PC-de-erika\AppData\Local\Microsoft" *


* Suppression dans "C:\Users\nadege.PC-de-erika\AppData\Local\virtualstore\windows\system32" *


* Suppression dans "C:\Users\nadege.PC-de-erika\AppData\Local" *


* Suppression dans "C:\Users\INVIT~1\AppData\Local" *


* Suppression dans "C:\Users\NADEGE~1\AppData\Local" *



*** Suppression dossiers dans "C:\Windows" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Suppression dossiers dans "C:\ProgramData" ***


*** Suppression dossiers dans c:\users\nadege~1.pc-\appdata\roaming\micros~1\windows\startm~1\programs ***


*** Suppression dossiers dans "C:\Users\INVIT~1\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Suppression dossiers dans "C:\Users\nadege.PC-de-erika\AppData\Local\virtualstore\Program Files" ***


*** Suppression dossiers dans "C:\Users\nadege.PC-de-erika\AppData\Local" ***


*** Suppression dossiers dans "C:\Users\INVIT~1\AppData\Local" ***


*** Suppression dossiers dans "C:\Users\NADEGE~1\AppData\Local" ***


*** Suppression dossiers dans "C:\Users\nadege.PC-de-erika\AppData\Roaming" ***


*** Suppression dossiers dans "C:\Users\INVIT~1\appdata\roaming" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\NADEGE~1.PC-\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\Windows\system32" *


xdeqxof.dat trouvé !
Copie xdeqxof.dat réalisée avec succès !
xdeqxof.dat supprimé !

xdeqxof_nav.dat trouvé !
Copie xdeqxof_nav.dat réalisée avec succès !
xdeqxof_nav.dat supprimé !

xdeqxof_navps.dat trouvé !
Copie xdeqxof_navps.dat réalisée avec succès !
xdeqxof_navps.dat supprimé !


* Dans "C:\Users\nadege.PC-de-erika\AppData\Local\Microsoft" *


* Dans "C:\Users\nadege.PC-de-erika\AppData\Local\virtualstore\windows\system32" *


xdeqxof.dat trouvé !
Copie xdeqxof.dat réalisée avec succès !
xdeqxof.dat supprimé !

xdeqxof_nav.dat trouvé !
Copie xdeqxof_nav.dat réalisée avec succès !
xdeqxof_nav.dat supprimé !

xdeqxof_navps.dat trouvé !
Copie xdeqxof_navps.dat réalisée avec succès !
xdeqxof_navps.dat supprimé !


* Dans "C:\Users\nadege.PC-de-erika\AppData\Local" *


* Dans "C:\Users\INVIT~1\AppData\Local" *


* Dans "C:\Users\NADEGE~1\AppData\Local" *


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltdt absent !


*** Recherche autres dossiers et fichiers connus ***



*** Nettoyage terminé le 05/01/2009 à 17:54:04,62 ***

et le rapport hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 17:57:55, on 05/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\notepad.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\regsvr32.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\werfault.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - Startup: Outil de notification Live Search.lnk = nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.1.14/cfweb_activex.camfrogweb.com-advanced-2.0.1.14_instmodule.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-11ad1e6446c89503.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerVistaADP-1.0.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.asf.fr/AxisCamControl.ocx
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)

voilà tout y est
0
Réponse 10 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 18:06
Salut,


on continue :


1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.


Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )


===================

2- Télécharge Ad-remover ( de C_XX ) sur ton bureau ( et pas ailleurs!) :

http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

! Déconnecte toi et ferme toutes application en cours ( navigarteur compris ) !

* Clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installe par défaut .
* Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
* Au menu principal choisis l'option "A" et tape sur [entrée] .

Laisse travailler l'outil et ne touche à rien ...

--> Poste le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


0
ermeda
5 janv. 2009 à 18:30
------- Logfile of AD-Remover 1.0.8.4 by C_XX | ONLY XP/VISTA -------

# START at: 18:27:10 | Mon 05/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NADEGE | USER: nadege ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000

# RUNNING PROCESSES: 83

+-----------------------| Boonty/Boonty Games Elements found :

.
.

+-----------------------| Eorezo Elements found :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\cmhost.cyp
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\ConfMedia.cyp
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoClock.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoClockVal.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoClockVal_2AAB2F6.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoComputer.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\eoDesktop
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoNet.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\eoStats
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\host.cyp
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\user.cyp
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\db\cat.cyp
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\eoDesktop\config.xml
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\eoDesktop\eoDesktop.html
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\eoDesktop\userConfig.xml
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\eophoto_default.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\eophoto_loading.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\background3_2.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\cadre_int.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\ecranpressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\eophoto_fond_default.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\pause.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\pausepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\play.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\playPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_big_bleu\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\pause.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\pausepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\play.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\playPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\cadre_int.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\ecranpressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\eophoto_fond_default.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\pause.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\pausepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\play.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\playPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_bleu\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\background3.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\ecranPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\eophoto_fond_default.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\pause.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\pausepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\play.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\playPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoPhoto\images_classic_gris\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRssServer.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_01net_actualite.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_01net_actualite.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_1201.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_abcbourse_analyse.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_abcbourse_news.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_advisto.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_advisto.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_agenda_musical.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_agenda_musical.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_aninmint.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_annonce_paris.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_bbc.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_bbc.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_bd_livres_krinein.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_besancon.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_besancon.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_cahier_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_cahier_foot.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_cinema_krinein.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_cine_horaire.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_companynewsgroup.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_companynewsgroup.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_courrier_int.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_courrier_int.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_dvd_bonus.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_echo_une.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_echo_une.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_EoRezo_Horoscope.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_equipe_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_equipe_foot.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_Europe_1.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_Europe_1.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_eurotop_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_eurotop_foot.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_fcb_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_football365_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_france2_tv.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_france2_tv.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_france3_tv.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_france3_tv.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_fr_uefa_com.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_ft.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_ft.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_humour_blague.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_iht.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_iht.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_info_football_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_jeux_france.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_jeux_france.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_jeux_video.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_jeux_video.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_latribune_investissement.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_latribune_investissement.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_La_croix_une.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_La_croix_une.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lefigaro_une.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lefigaro_une.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lelombrik.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lemonde_livres.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lemonde_livres.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lesechos_conso.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lesechos_conso.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lesechos_finance.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lesechos_finance.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lesechos_patrimoine.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_lesechos_patrimoine.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_le_figaro_entreprise.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_le_figaro_entreprise.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_le_monde_entreprise.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_le_monde_entreprise.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_liberation_actualite.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_liberation_actualite.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_l_equipe_rugby.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_l_equipe_rugby.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_madame_figaro_cuisine.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_mangaanime.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_msn_insolites.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_narutochaos.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nord_cinema_box_office.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nord_cinema_box_office.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nord_cinema_critique.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nosamieslesstars.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nostalgie.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nouvelobs_cinema.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nouvelobs_cinema.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nouvelobs_permanent.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_nouvelobs_permanent.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_om_live.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_parisetudiant.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_parisetudiant_job.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_actustar.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_france2.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_france2.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_madamefigaro.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_nouvelobs.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_nouvelobs.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_tf1.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_people_tf1.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_planet_psg.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_politique_nouvelobs.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_politique_nouvelobs.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_politique_premier_ministre.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_politique_premier_ministre.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_politique_tv5.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_politique_tv5.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_ptdr.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_recette_dessert_cuisine.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_repimmo_immobilier.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_rtl_foot.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_rtl_foot.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_rtl_une.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_rtl_une.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_actualite.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_actualite.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_cinema.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_cinema.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_economie.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_economie.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_insolites.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tf1_insolites.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tv5_une.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_tv5_une.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_umoor.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_yahoo_cuisine.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_yatahonga.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoRss\EoRss_yatahonga.gif
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\eoStats\eoStats.txt
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\autoverifno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\autoverifyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\background3.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\blank21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\blank25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\correct21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\correct25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\ecranReflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\grey25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\iluminated21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\iluminated25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\iluminateno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\iluminateyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\incorrect25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\keypad.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\keypadreflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\masquer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\masquerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\new.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\newPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\print.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\save.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\savepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\verificationcell.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_mauve\verificationcellPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\autoverifno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\autoverifyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\background3.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\blank21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\blank25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\correct21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\correct25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\ecranReflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\grey25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\iluminated21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\iluminated25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\iluminateno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\iluminateyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\incorrect25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\keypad.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\keypadreflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\masquer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\masquerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\new.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\newPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\print.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\save.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\savepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\verificationcell.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_noir\verificationcellPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\autoverifno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\autoverifyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\background3.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\blank21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\blank25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\correct21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\correct25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\ecranReflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\grey25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\iluminated21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\iluminated25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\iluminateno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\iluminateyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\incorrect25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\keypad.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\keypadreflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\masquer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\masquerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\new.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\newPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\print.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\save.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\savepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\verificationcell.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_rouge\verificationcellPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\aide.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\aidePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\autoverifno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\autoverifyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\background3.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\backgroundreflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\blank21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\blank25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\correct21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\correct25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\ecranReflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\fermer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\fermerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\grey25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\iluminated21_19.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\iluminated25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\iluminateno.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\iluminateyes.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\incorrect25.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\keypad.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\keypadreflet.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\masquer.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\masquerPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\minimisepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\new.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\newPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\save.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\savepressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\verificationcell.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoSudoku\images_classic_vert\verificationcellPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\EoWeather.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\EoWeatherVal_02EC282.cfg
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\67_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\67_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\69_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\69_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\70_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\70_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\78_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\78_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\82_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\82_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\83_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\83_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\84_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\84_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\85_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\85_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\89_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\89_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\background.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\background_1days.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\background_2days.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\background_7days.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\band.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\band_small.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\close.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\closePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionBackground.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\dayPrevisionClose.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\earth.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\fonds_‚cran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\help.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\helpPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\minimisePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\option.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\optionPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\reflet_ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\small_background.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_classic\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\67_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\69_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\70_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\78_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\82_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\83_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\84_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\85_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_day.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\89_night.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\about.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\back.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_1days.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_2days.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\background_7days.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\backPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\close.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\closePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionBackground.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\dayPrevisionClose.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\earth.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\fonds_‚cran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\help.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\helpPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimise.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\minimisePressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\next.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\nextPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\option.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\optionPressed.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\reflet_ecran.png
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\Thumbs.db
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo\EoWeather\images_station_meteo\txt_14x13.png

+-----------------------| Everest Poker Elements found :

.
.

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
HKCU\Software\AppDataLow\software\MyWebSearch
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
.
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\History
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Settings
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E2195E
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E2230E
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E2256E.bin
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E22762.bin
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E229E1.bin
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E22B0A.bin
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\00E22C22.bin
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\History\search2
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Data
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Installr
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\PopSwatr
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Shared
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Data\avatar.dat
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Installr\Cache
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Installr\Cache\files.ini
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\PopSwatr\History
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\PopSwatr\History\allowed
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\PopSwatr\History\notallow
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Shared\Cache
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

+-----------------------| It's TV Elements found :

HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
.
C:\Users\nadege.PC-de-erika\AppData\Roaming\ItsLabel
C:\Users\nadege.PC-de-erika\AppData\Roaming\ItsLabel\ItsTV
C:\Users\nadege.PC-de-erika\AppData\Roaming\ItsLabel\ItsTV\itsTV.xml

+-----------------------| Sweetim Elements found :

.
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\SweetIM
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\ProgramData\SweetIM
C:\ProgramData\SweetIM\Messenger
C:\ProgramData\SweetIM\Toolbars
C:\ProgramData\SweetIM\Messenger\conf
C:\ProgramData\SweetIM\Messenger\data
C:\ProgramData\SweetIM\Messenger\conf\users
C:\ProgramData\SweetIM\Messenger\conf\users\caradege@hotmail.fr
C:\ProgramData\SweetIM\Messenger\conf\users\main_user_config.xml
C:\ProgramData\SweetIM\Messenger\conf\users\caradege@hotmail.fr\emoticons_shortcut.xml
C:\ProgramData\SweetIM\Messenger\conf\users\caradege@hotmail.fr\user_config.xml
C:\ProgramData\SweetIM\Messenger\data\contentdb
C:\ProgramData\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\ProgramData\SweetIM\Toolbars\Internet Explorer
C:\ProgramData\SweetIM\Toolbars\Internet Explorer\cache
C:\ProgramData\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml
C:\Users\nadege.PC-de-erika\AppData\LocalLow\SweetIM
C:\Users\nadege.PC-de-erika\AppData\LocalLow\SweetIM\Toolbars
C:\Users\nadege.PC-de-erika\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer
C:\Users\nadege.PC-de-erika\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache
C:\Users\nadege.PC-de-erika\AppData\LocalLow\SweetIM\Toolbars\Internet Explorer\cache\f64a71f602d078aa84829e36b8992194.toolbar31.xml

+-----------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\ps1mp99q.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~

* Browser Search Default Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.neufportail.fr/

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://www.msn.com/
Start Page : hxxp://www.live.com/

+---------------------------------------------------------------------------+

[~48730 bytes] - "C:\AD-report-Scan-05.01.2009.log"

# END at: 18:27:20 | 05/01/2009 - Time elapsed: 10.0 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 590 lines ]
+---------------------------------------------------------------------------+
0
Réponse 11 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 18:38
bon ....



Nettoyage AD-Remover :

! Déconnecte toi et ferme toutes application en cours ( navigarteur compris ) !

* Relance "Ad-remover" : au menu principal choisis l'option "B" .

* A l'écran de sélection :

> choisis le(s) chiffre(s) suivant pour nettoyer :

2 - "Eorezo" puis [entrée]
4 - "Funwebproduct/MyWay/MyWebsearch" puis [entrée]
5 - "It's Tv" puis [entrée]
6 - "Sweetim" puis [entrée]


Une fois la sélection faite, tape S puis [entrée] pour lancer la suppression .

--> le programme va travailler , ne touche à rien ...


* Poste le rapport qui apparait à la fin + un nouvel Hijackthis pour analyse ...

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

/!\ Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide ) /!\

0
ermeda
5 janv. 2009 à 18:48
------- Logfile of AD-Remover 1.0.8.4 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Eorezo
Funwebproduct/MyWay/MyWebsearch
It's TV
Sweetim

******************

# START at: 18:44:21 | Mon 05/01/2009 | Microsoft® Windows Vista™ Home Premium SP1 (v6.0.6001)
# BOOT MODE: Normal
(!) - UAC is disable
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: NADEGE | USER: nadege ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# Internet Explorer v7.0.6001.18000

# RUNNING PROCESSES: 83

(!) ---- IE start pages reset

+-----------------------| Eorezo Elements Deleted :

.
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
HKCR\Typelib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
HKCU\SOFTWARE\EoRezo
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
HKLM\SOFTWARE\EoRezo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
.
C:\Users\nadege.PC-de-erika\AppData\Roaming\EoRezo

+-----------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
HKCU\Software\AppDataLow\software\MyWebSearch
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}
.
C:\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
C:\Users\nadege.PC-de-erika\AppData\LocalLow\MyWebSearch
C:\Users\nadege.PC-de-erika\AppData\LocalLow\FunWebProducts

+-----------------------| It's TV Elements Deleted :

HKCU\SOFTWARE\ItsLabel
HKLM\SOFTWARE\ItsLabel
.
C:\Users\nadege.PC-de-erika\AppData\Roaming\ItsLabel

+-----------------------| Sweetim Elements Deleted :

.
HKLM\~\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\~\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
HKCU\SOFTWARE\SweetIM
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\SOFTWARE\SweetIM
.
C:\ProgramData\SweetIM
C:\Users\nadege.PC-de-erika\AppData\LocalLow\SweetIM

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+-----------------------| ADDED SCAN :


+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\ps1mp99q.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.1 ~~~~

* Browser Search Default Engine: "Live Search"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "https://www.bing.com/?scope=web&mkt=fr-FR&FORM=IEFM1"
* Browser Startup HomePage: "https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f"

.

+---------------------------------------------------------------------------+

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/
Start Page : hxxp://www.live.com/

+---------------------------------------------------------------------------+

[~3392 bytes] - "C:\AD-report-Clean-05.01.2009.log"
[~49066 bytes] - "C:\AD-report-Scan-05.01.2009.log"

# END at: 18:47:08 | 05/01/2009 - Time elapsed: 2 minutes, 46 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 74 lines ]
+---------------------------------------------------------------------------+
0
Réponse 12 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 18:55
Impeccable ...



1- refais un coup de CCleaner ( registre compris )




2- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : https://www.malekal.com/tutorial-aboutbuster/ )

* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport hijackthis pour analyse ...
0
ermeda
5 janv. 2009 à 19:12
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1618
Windows 6.0.6001 Service Pack 1

05/01/2009 19:10:24
mbam-log-2009-01-05 (19-10-24).txt

Type de recherche: Examen rapide
Eléments examinés: 59696
Temps écoulé: 7 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.

et le second

Logfile of HijackThis v1.99.1
Scan saved at 19:12:12, on 05/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - Startup: Outil de notification Live Search.lnk = nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)
0
Réponse 13 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 20:07
Impec ...


dis moi comment va le PC maintenant ... encore des soucis ?


puis fais ceci :


Télécharge GenProc (de Jean-Chretien1 et Narco4) sur ton bureau (et pas ailleur !) :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

!!Déconnecte toi et ferme tes applications en cours !!

Dézippe (=extraire tout) le contenu de ce que tu viens de télécharger sur ton bureau .

Ouvre le dossier Genproc :
-> clique droit / " executer entant qu'admin..." sur GenProc.bat et laisses faire...

Une fois terminé, poste le contenu du rapport qui s'ouvre ...

Aide en images ici : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

IMPORTANT : poste le rapport et ne fais rien d'autre pour l'instant ( souvant il faut ajouter des consignes à la manipe indiquée pour que cela fonctionne parfaitement ) .

0
ermeda
5 janv. 2009 à 21:47
pour le moment ,je n'ai pas refais de recherche avec spybot et je n'ai pas reactive le compte utilisateur ni le pare feu
ci joint le dernier rapport
Rapport GenProc 2.322 [1] - 05/01/2009 - Windows Vista

Dans CCleaner, clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Par la suite, laisse-le avec ses réglages par défaut. C'est tout.


# Etape 1/ Télécharge :

- Lop S&D https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 (Eric 71 & Angeldark) sur ton Bureau.

- SmitfraudFix http://siri.urz.free.fr/Fix/SmitfraudFix.exe (S!Ri)
Double-clique sur le fichier "smitfraudfix.exe" et choisis l'option 1 ; il va lister tous les éléments nuisibles dans un rapport : poste le maintenant.

- MSNFix http://sosvirus.changelog.fr/MSNFix.zip (!aur3n7) et décompresse-le sur le Bureau.


Redémarre en mode sans échec comme indiqué ici https://www.wekyo.com/demarrer-le-pc-en-mode-sans-echec-windows-7-et-8/ ; pour retrouver le rapport, clique sur le raccourci "GenProc" sur ton bureau. Choisis ta session courante *** nadege ***


# Etape 2/

Double-clique sur le fichier "SmitfraudFix.exe" et choisis l'option 2, réponds oui à tout et laisse-le procéder. Sauvegarde le rapport sur ton bureau.

# Etape 3/

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R.
- Si l'infection est détectée, exécute l'option N.
- Sauvegarde ce rapport sur ton bureau.


# Etape 4/

Double-clique sur Lop S&D pour lancer l'installation, séléctionne la langue souhaitée, puis choisis l'Option 2 - Suppression - et patiente jusqu'à ce qu'il ait terminé.

# Etape 5/

Lance CCleaner : "Nettoyeur"/"lancer le nettoyage" et c'est tout.

# Etape 6/

Redémarre normalement et poste, dans la même réponse :

- Le rapport SmitfraudFix que tu as sauvegardé sur ton bureau ;
- Le contenu du rapport MSNfix situé sur le Bureau ;
- Le contenu du rapport C:\lopR.txt ;
- Un nouveau rapport HijackThis http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/hijackthis-version-install-sujet_199100_1.htm ;

Précise les difficultés que tu as eu (ce que tu n'as pas pu faire...) ainsi que l'évolution de la situation.

____________________________________________________________________________________________________________

Sites officiels GenProc : www.alt-shift-return.org et www.genproc.com
0
Réponse 14 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
5 janv. 2009 à 22:30
bien ... encore un peu de travail ....



fais ceci :


Télécharge "MSNFix.zip"(de !aur3n7) sur ton bureau :
http://sosvirus.changelog.fr/MSNFix.zip

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Décompresse-le (=clique droit / Extraire ici) . Déplace ensuite le dossier que tu viens d'extraire directement sous ton disque dure , c'est à dire ici > C:\MSNFix .
( c'est très important pour le bon fonctionnement de l'outil ! ).

Ouvre ce dossier et double-clique sur le fichier MSNFix.bat .
-> Exécutez l'option R ( recherche ).

--> Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage .

Note :
Si une erreur de suppression est détectée, un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations de nettoyage : dans ce cas, redémarre l'ordinateur pour que l'outil finisse son travail ...

-> Le rapport sera enregistré dans le même dossier que MSNFix sous forme d'un fichier " date_heure.txt " .

Poste le contenu de ce rapport ainsi qu'un nouveau rapport hijackthis pour analyse ...


Tuto d'utilisation ici : http://sosvirus.changelog.fr/ .

( PS : le rapport est aussi sauvegardé ici C:\WINDOWS\msnfix.txt )
0
ermeda
6 janv. 2009 à 20:58
MSNFix 1.749

C:\Users\nadege.PC-de-erika\Desktop\MSNFix
Fix exécuté le 06/01/2009 - 20:14:46,27 By nadege
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : C:\Windows\system32\drivers\etc\hosts-20090106205515
-- original size 255.52 Kb / 9130 lines
-- Start cleaning Hosts file ....



-- final size 255.52 Kb / 9130 lines
-- entry Found : 0 / Entry check : 310

End .............................. 10.5 Secondes
0
ermeda
6 janv. 2009 à 21:00
voici le hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21:00:02, on 06/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.MSNFix
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)
0
Réponse 15 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
6 janv. 2009 à 21:44
bien ...

on enchaine :


Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31 ) :
http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Installe le soft sur ton bureau ( et pas ailleurs! ) .

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Tuto ( aide ) : http://siri.urz.free.fr/Fix/SmitfraudFix.php
Autre tuto animé ( merci balltrapp34 ;) ) : http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm

Utilisation ---> option 1 / Recherche :
Double-clique sur l'icône "Smitfraudfix.exe" et sélectionne 1 (et pas sur autre chose sans notre accord !) pour créer un rapport des fichiers responsables de l'infection.

Poste le rapport ( "rapport.txt" qui se trouve sous C\: ) et attends la suite ...

(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool". Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.)

0
ermeda
6 janv. 2009 à 22:03
SmitFraudFix v2.388

Rapport fait à 21:59:23,66, 06/01/2009
Executé à partir de C:\Users\nadege.PC-de-erika\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\nadege.PC-de-erika


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\NADEGE~1.PC-\AppData\Local\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\nadege.PC-de-erika\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\Windows\\system32\\userinit.exe,"


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D6D3A98-86BC-4B4A-BBF9-03464F0F805F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D6D3A98-86BC-4B4A-BBF9-03464F0F805F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D6D3A98-86BC-4B4A-BBF9-03464F0F805F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 16 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
6 janv. 2009 à 22:41
bien ... dans l'ordre :


1- Suite de la manipe ( nettoyage ), fais exactement ce qui suit :

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

* Double-clique sur SmitfraudFix.exe

* Sélectionne 2 et presse "Entrée" dans le menu pour supprimer les fichiers responsables de l'infection.

--> Si besion :

* A la question: Voulez-vous nettoyer le registre ? répondre O (oui) et presser Entrée afin de débloquer le fond d'écran et supprimer les clés de registre de l'infection.

( Le correctif déterminera si le fichier wininet.dll est infecté.)

* A la question: "Corriger le fichier infecté ?" répondre O (oui) et presser Entrée
pour remplacer le fichier corrompu.

* Un redémarrage sera demandé pour terminer la procédure de nettoyage .
Si le redémarrage ne se fais pas , fais le manuellement ( c'est important ! ) .

Le rapport se trouve à la racine de disque dur C .
( dans le fichier C:\rapport.txt )

Poste moi ce dernier rapport pour analyse puis fais la suite .


====================

2- Télécharge Lop S&D :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

Double clique sur sur l'.exe que tu viens de télécharger pour lancer l'instale .

Déconnecte-toi et ferme toutes tes applications en cours .

Une fois l'instalation faite, clique droit sur le raccourci et choisis " exécuter entant qu' admin..." .

Là,laisse toi guider:
--->choisis l'option 1 (recherche) et valides.

(Tu ne fais pas l'option de nettoyage ( 2 ou 3) ).

Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse .

Tuto : https://sites.google.com/site/eric71mespages/lop.sd.exe


0
ermeda
7 janv. 2009 à 11:04
SmitFraudFix v2.388

Rapport fait à 10:48:42,17, 07/01/2009
Executé à partir de C:\Users\nadege.PC-de-erika\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.0.6001] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D6D3A98-86BC-4B4A-BBF9-03464F0F805F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D6D3A98-86BC-4B4A-BBF9-03464F0F805F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9D6D3A98-86BC-4B4A-BBF9-03464F0F805F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
ermeda
7 janv. 2009 à 11:21
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : nadege ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081125-1] 4.8.1290 (Activated)
C:\ (Local Disk) - NTFS - Total:113 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:107 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 07/01/2009|11:15 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[08/09/2008|20:30] C:\Users\NADEGE~1.PC-\AppData\Local\Adobe
[13/07/2007|08:15] C:\Users\NADEGE~1.PC-\AppData\Local\Ahead
[13/09/2007|20:06] C:\Users\NADEGE~1.PC-\AppData\Local\Apple
[21/03/2008|08:13] C:\Users\NADEGE~1.PC-\AppData\Local\Apple Computer
[20/03/2007|17:08] C:\Users\NADEGE~1.PC-\AppData\Local\Application Data
[06/01/2009|08:29] C:\Users\NADEGE~1.PC-\AppData\Local\ApplicationHistory
[21/03/2007|21:23] C:\Users\NADEGE~1.PC-\AppData\Local\Apps
[01/05/2007|17:27] C:\Users\NADEGE~1.PC-\AppData\Local\CyberLink
[29/12/2008|08:36] C:\Users\NADEGE~1.PC-\AppData\Local\d3d9caps.dat
[02/01/2009|14:11] C:\Users\NADEGE~1.PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/12/2008|18:35] C:\Users\NADEGE~1.PC-\AppData\Local\eMule
[23/03/2007|18:59] C:\Users\NADEGE~1.PC-\AppData\Local\fusioncache.dat
[09/03/2008|20:46] C:\Users\NADEGE~1.PC-\AppData\Local\GDIPFONTCACHEV1.DAT
[01/10/2008|07:01] C:\Users\NADEGE~1.PC-\AppData\Local\Google
[20/03/2007|17:08] C:\Users\NADEGE~1.PC-\AppData\Local\Historique
[24/01/2008|19:49] C:\Users\NADEGE~1.PC-\AppData\Local\IM
[15/10/2008|22:38] C:\Users\NADEGE~1.PC-\AppData\Local\Kiwee Toolbar
[07/12/2007|00:08] C:\Users\NADEGE~1.PC-\AppData\Local\Magentic
[16/07/2007|21:34] C:\Users\NADEGE~1.PC-\AppData\Local\MagicDirector
[06/01/2009|08:29] C:\Users\NADEGE~1.PC-\AppData\Local\MCE Deluxe Suite
[05/01/2009|17:53] C:\Users\NADEGE~1.PC-\AppData\Local\Microsoft
[23/05/2007|22:15] C:\Users\NADEGE~1.PC-\AppData\Local\Microsoft Games
[08/08/2007|17:53] C:\Users\NADEGE~1.PC-\AppData\Local\MigWiz
[28/03/2007|23:38] C:\Users\NADEGE~1.PC-\AppData\Local\Mozilla
[30/05/2007|10:21] C:\Users\NADEGE~1.PC-\AppData\Local\Musicmatch
[08/08/2007|17:53] C:\Users\NADEGE~1.PC-\AppData\Local\PowerCinema
[14/07/2008|14:44] C:\Users\NADEGE~1.PC-\AppData\Local\RapidSolution
[11/04/2007|19:08] C:\Users\NADEGE~1.PC-\AppData\Local\Shareaza
[06/01/2009|08:29] C:\Users\NADEGE~1.PC-\AppData\Local\SoftDMA
[07/01/2009|11:11] C:\Users\NADEGE~1.PC-\AppData\Local\Temp
[20/03/2007|17:08] C:\Users\NADEGE~1.PC-\AppData\Local\Temporary Internet Files
[23/03/2007|19:12] C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore
[02/06/2008|16:25] C:\Users\NADEGE~1.PC-\AppData\Local\Xenocode
[13/06/2008|20:07] C:\Users\NADEGE~1.PC-\AppData\Local\Zylom Games

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[20/10/2008 14:49][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[07/01/2009 10:57][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{37A12F86-4D9D-4EA1-928F-BC434788E900}.job
[07/01/2009 11:00][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
[07/01/2009 10:52][--ah-----] C:\Windows\tasks\SA.DAT
[07/01/2009 10:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/10/2007|15:05] C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[06/09/2008|09:37] C:\ProgramData\Adobe
[23/03/2007|14:43] C:\ProgramData\Ahead
[26/09/2008|07:33] C:\ProgramData\Apple
[06/05/2007|18:46] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[20/03/2007|16:58] C:\ProgramData\Bureau
[01/05/2007|17:27] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[05/01/2009|20:54] C:\ProgramData\Downloaded Installations
[16/02/2008|15:08] C:\ProgramData\eMule
[23/05/2008|18:11] C:\ProgramData\EPSON
[20/03/2007|16:58] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[23/11/2008|22:19] C:\ProgramData\Google
[06/01/2009|13:00] C:\ProgramData\Google Updater
[29/12/2007|19:58] C:\ProgramData\hpzinstall.log
[24/01/2008|19:45] C:\ProgramData\IM
[06/12/2007|22:26] C:\ProgramData\IncrediMail
[05/01/2009|20:28] C:\ProgramData\Installations
[20/03/2007|17:13] C:\ProgramData\InstallShield
[16/02/2008|23:37] C:\ProgramData\Kaspersky Lab
[14/06/2008|23:40] C:\ProgramData\Logishrd
[30/05/2007|11:34] C:\ProgramData\Logitech
[05/01/2009|19:00] C:\ProgramData\Malwarebytes
[20/03/2007|16:58] C:\ProgramData\Menu D‚marrer
[10/04/2007|22:30] C:\ProgramData\Messenger Plus!
[04/10/2007|20:16] C:\ProgramData\MGS
[20/10/2008|14:13] C:\ProgramData\Microsoft
[20/03/2007|16:58] C:\ProgramData\ModŠles
[02/02/2008|15:47] C:\ProgramData\Mozilla
[08/07/2007|22:56] C:\ProgramData\Nero
[05/01/2009|13:04] C:\ProgramData\NortonInstaller
[22/04/2007|21:50] C:\ProgramData\NtiDvdCopy
[05/01/2009|19:52] C:\ProgramData\ntuser.pol
[02/09/2008|06:25] C:\ProgramData\NVIDIA
[05/01/2009|21:10] C:\ProgramData\PC Suite
[19/04/2007|20:04] C:\ProgramData\QuickTime
[06/01/2009|22:33] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[04/05/2008|19:32] C:\ProgramData\TuneUp Software
[23/05/2008|10:52] C:\ProgramData\UDL
[17/10/2008|11:11] C:\ProgramData\WindowsLiveInstaller
[21/10/2008|12:23] C:\ProgramData\WindowsSearch
[22/11/2008|00:17] C:\ProgramData\WLInstaller
[20/08/2007|15:14] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[23/05/2008|10:48] C:\Program Files\ABBYY FineReader 6.0 Sprint
[20/03/2007|17:13] C:\Program Files\Acer Inc
[14/12/2006|14:17] C:\Program Files\Acer Zone
[06/09/2008|09:35] C:\Program Files\Adobe
[05/01/2009|22:10] C:\Program Files\Ad-remover
[27/05/2007|23:24] C:\Program Files\Adverts
[16/10/2008|22:40] C:\Program Files\AGI
[24/03/2007|01:45] C:\Program Files\Ahead
[28/03/2007|10:56] C:\Program Files\Alwil Software
[26/09/2008|07:33] C:\Program Files\Apple Software Update
[04/02/2008|18:34] C:\Program Files\audible
[05/01/2009|18:13] C:\Program Files\CCleaner
[20/06/2007|19:24] C:\Program Files\CFWebAdvancedU
[05/01/2009|20:55] C:\Program Files\Common Files
[19/04/2007|20:08] C:\Program Files\CosmoSoftware
[29/12/2007|11:02] C:\Program Files\Creative
[29/12/2007|09:45] C:\Program Files\Creative Installation Information
[14/12/2006|14:14] C:\Program Files\CyberLink
[05/01/2009|20:46] C:\Program Files\DIFX
[16/07/2007|19:38] C:\Program Files\DivX
[18/06/2008|13:12] C:\Program Files\Driver-Soft
[11/12/2008|18:35] C:\Program Files\eMule
[23/05/2008|10:50] C:\Program Files\epson
[20/03/2007|16:58] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[06/01/2009|22:36] C:\Program Files\Google
[06/01/2009|20:59] C:\Program Files\Hijackthis Version Fran‡aise
[16/07/2007|19:38] C:\Program Files\HiTRUST
[01/05/2007|12:39] C:\Program Files\illiminable
[02/01/2009|00:25] C:\Program Files\InstallShield Installation Information
[20/10/2008|23:40] C:\Program Files\Internet Explorer
[28/12/2008|17:44] C:\Program Files\Java
[09/03/2008|20:25] C:\Program Files\licenses
[13/11/2008|17:10] C:\Program Files\LimeWire
[27/08/2008|18:58] C:\Program Files\Logitech
[22/02/2008|21:51] C:\Program Files\Magentic
[05/01/2009|19:00] C:\Program Files\Malwarebytes' Anti-Malware
[25/10/2008|15:04] C:\Program Files\Messenger Plus! Live
[17/10/2008|11:11] C:\Program Files\Microsoft
[09/05/2007|11:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[15/06/2008|14:22] C:\Program Files\Microsoft LifeCam
[09/03/2008|11:13] C:\Program Files\Microsoft Office
[21/10/2008|12:07] C:\Program Files\Microsoft Silverlight
[14/11/2007|17:44] C:\Program Files\Microsoft SQL Server Compact Edition
[16/07/2007|11:39] C:\Program Files\Microsoft Works
[23/03/2007|18:00] C:\Program Files\Microsoft Works Suite 2005
[18/06/2008|13:10] C:\Program Files\MOVAVI
[20/10/2008|23:40] C:\Program Files\Movie Maker
[23/11/2008|22:19] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[14/07/2008|10:30] C:\Program Files\MSECache
[26/03/2008|23:14] C:\Program Files\MSN
[21/01/2008|19:48] C:\Program Files\MSN Messenger
[06/01/2009|07:49] C:\Program Files\MSNFix
[20/03/2007|19:07] C:\Program Files\MSXML 4.0
[05/01/2009|17:54] C:\Program Files\Navilog1
[08/07/2007|22:56] C:\Program Files\Nero
[24/04/2007|11:54] C:\Program Files\Neuf
[14/12/2006|14:09] C:\Program Files\NewTech Infosystems
[05/01/2009|20:55] C:\Program Files\Nokia
[09/03/2008|20:29] C:\Program Files\OpenOffice.org 2.3
[05/01/2009|20:41] C:\Program Files\PC Connectivity Solution
[01/10/2008|07:00] C:\Program Files\Picasa2
[08/11/2007|20:53] C:\Program Files\Picture It! Premium 10
[24/10/2008|07:30] C:\Program Files\QuickTime
[09/03/2008|20:25] C:\Program Files\readmes
[14/12/2006|13:54] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[02/01/2009|00:25] C:\Program Files\Samsung
[11/11/2008|00:51] C:\Program Files\Spybot - Search & Destroy
[02/02/2008|16:14] C:\Program Files\Sun
[01/11/2007|21:32] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[04/11/2007|11:11] C:\Program Files\Virtools
[01/05/2007|12:40] C:\Program Files\VistaCodecPack
[14/07/2008|14:23] C:\Program Files\VS Revo Group
[20/10/2008|23:40] C:\Program Files\Windows Calendar
[20/10/2008|23:40] C:\Program Files\Windows Collaboration
[20/10/2008|23:40] C:\Program Files\Windows Defender
[14/07/2008|10:32] C:\Program Files\Windows Installer Clean Up
[20/10/2008|23:40] C:\Program Files\Windows Journal
[23/10/2008|06:45] C:\Program Files\Windows Live
[20/10/2008|14:48] C:\Program Files\Windows Live Favorites
[20/10/2008|14:49] C:\Program Files\Windows Live Toolbar
[11/12/2008|08:27] C:\Program Files\Windows Mail
[24/11/2008|07:06] C:\Program Files\Windows Media Player
[20/03/2007|16:58] C:\Program Files\Windows NT
[20/10/2008|23:40] C:\Program Files\Windows Photo Gallery
[20/10/2008|23:40] C:\Program Files\Windows Sidebar
[29/04/2007|22:47] C:\Program Files\WinRAR
[09/03/2008|11:23] C:\Program Files\XnView
[07/05/2007|18:44] C:\Program Files\Xvid
[20/08/2007|15:06] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[06/09/2008|09:36] C:\Program Files\Common Files\Adobe
[08/07/2007|22:59] C:\Program Files\Common Files\Ahead
[24/10/2008|07:28] C:\Program Files\Common Files\Apple
[22/08/2007|21:10] C:\Program Files\Common Files\ArcSoft
[23/03/2007|18:08] C:\Program Files\Common Files\Designer
[20/03/2007|17:13] C:\Program Files\Common Files\InstallShield
[17/04/2007|22:37] C:\Program Files\Common Files\Java
[24/07/2007|11:47] C:\Program Files\Common Files\LightScribe
[24/10/2008|15:32] C:\Program Files\Common Files\logishrd
[24/10/2008|15:31] C:\Program Files\Common Files\Logitech
[20/10/2008|14:27] C:\Program Files\Common Files\microsoft shared
[23/03/2007|14:56] C:\Program Files\Common Files\Nero
[14/12/2006|14:09] C:\Program Files\Common Files\NewTech Infosystems
[05/01/2009|20:55] C:\Program Files\Common Files\Nokia
[24/04/2007|11:54] C:\Program Files\Common Files\PAC207
[05/01/2009|20:55] C:\Program Files\Common Files\PCSuite
[24/04/2007|11:54] C:\Program Files\Common Files\Remove64C
[24/04/2007|11:54] C:\Program Files\Common Files\RemoveC
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/01/2009|13:17] C:\Program Files\Common Files\Symantec Shared
[20/10/2008|23:40] C:\Program Files\Common Files\System
[04/12/2007|20:14] C:\Program Files\Common Files\Teleca Shared
[17/10/2008|11:06] C:\Program Files\Common Files\Windows Live
[24/11/2008|07:06] C:\Program Files\Common Files\WindowsLiveInstaller
[04/05/2008|19:30] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 84 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Program Files\Adverts

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 11:15:32
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 67

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\NADEGE~1.PC-\AppData\Roaming\mIRC\logs\crack-----.DiscuT.log


[F:57][D:13]-> C:\Users\NADEGE~1.PC-\AppData\Local\Temp
[F:39][D:1]-> C:\Users\NADEGE~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies
[F:10][D:4]-> C:\Users\NADEGE~1.PC-\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/01/2009|11:17 - Option : [1]

--------------------\\ Fin du rapport a 11:17:20
[ UAC => 1 ]
0
Réponse 17 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
7 janv. 2009 à 13:37
Salut,


la suite dans l'ordre :


1- ! Déconnecte toi et ferme toutes tes applications en cours !

Relance Lop S&D ,

--->choisis cette fois l'option 2 ( nettoyage ) et valide ...

->ne touche à rien pendant que l'outil travail .


Une fois le scan terminer ,le Bloc-Notes contenant le rapport va s'ouvrir.
Poste ce rapport dans ta prochaine réponse pour analyse ...


=====================

2- Désactive de nouveau l'UAC stp ( car Lop S&D l' a réactivé )

Aller dans "démarrer" puis "panneau de configuration" :
--->Sur la droite de la fenêtre , cliques sur " affichage classique "
--->Double-Cliquer sur l'icône "Comptes d'utilisateurs"
--->Cliquer ensuite sur "Activer ou désactiver le contrôle ..." .
--->Décocher la case "utlisiser le contrôle ..." et cliquer sur OK .
Puis redémarrer le PC quand il le vous saura demandé ...

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517

=====================

3- refais un scan hijackthis , poste le nouveau rapport obtenu et attends la suite ....



0
ermeda
7 janv. 2009 à 16:41
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : nadege ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1290 [VPS 081125-1] 4.8.1290 (Activated)
C:\ (Local Disk) - NTFS - Total:113 Go (Free:14 Go)
D:\ (Local Disk) - NTFS - Total:112 Go (Free:107 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
L:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 07/01/2009|16:32 )

[ UAC => 0 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Program Files\Adverts
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[08/09/2008|20:30] C:\Users\NADEGE~1.PC-\AppData\Local\Adobe
[13/07/2007|08:15] C:\Users\NADEGE~1.PC-\AppData\Local\Ahead
[13/09/2007|20:06] C:\Users\NADEGE~1.PC-\AppData\Local\Apple
[21/03/2008|08:13] C:\Users\NADEGE~1.PC-\AppData\Local\Apple Computer
[20/03/2007|17:08] C:\Users\NADEGE~1.PC-\AppData\Local\Application Data
[06/01/2009|08:29] C:\Users\NADEGE~1.PC-\AppData\Local\ApplicationHistory
[21/03/2007|21:23] C:\Users\NADEGE~1.PC-\AppData\Local\Apps
[01/05/2007|17:27] C:\Users\NADEGE~1.PC-\AppData\Local\CyberLink
[29/12/2008|08:36] C:\Users\NADEGE~1.PC-\AppData\Local\d3d9caps.dat
[02/01/2009|14:11] C:\Users\NADEGE~1.PC-\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[11/12/2008|18:35] C:\Users\NADEGE~1.PC-\AppData\Local\eMule
[23/03/2007|18:59] C:\Users\NADEGE~1.PC-\AppData\Local\fusioncache.dat
[09/03/2008|20:46] C:\Users\NADEGE~1.PC-\AppData\Local\GDIPFONTCACHEV1.DAT
[01/10/2008|07:01] C:\Users\NADEGE~1.PC-\AppData\Local\Google
[20/03/2007|17:08] C:\Users\NADEGE~1.PC-\AppData\Local\Historique
[24/01/2008|19:49] C:\Users\NADEGE~1.PC-\AppData\Local\IM
[15/10/2008|22:38] C:\Users\NADEGE~1.PC-\AppData\Local\Kiwee Toolbar
[07/12/2007|00:08] C:\Users\NADEGE~1.PC-\AppData\Local\Magentic
[16/07/2007|21:34] C:\Users\NADEGE~1.PC-\AppData\Local\MagicDirector
[06/01/2009|08:29] C:\Users\NADEGE~1.PC-\AppData\Local\MCE Deluxe Suite
[05/01/2009|17:53] C:\Users\NADEGE~1.PC-\AppData\Local\Microsoft
[23/05/2007|22:15] C:\Users\NADEGE~1.PC-\AppData\Local\Microsoft Games
[08/08/2007|17:53] C:\Users\NADEGE~1.PC-\AppData\Local\MigWiz
[28/03/2007|23:38] C:\Users\NADEGE~1.PC-\AppData\Local\Mozilla
[30/05/2007|10:21] C:\Users\NADEGE~1.PC-\AppData\Local\Musicmatch
[08/08/2007|17:53] C:\Users\NADEGE~1.PC-\AppData\Local\PowerCinema
[14/07/2008|14:44] C:\Users\NADEGE~1.PC-\AppData\Local\RapidSolution
[11/04/2007|19:08] C:\Users\NADEGE~1.PC-\AppData\Local\Shareaza
[06/01/2009|08:29] C:\Users\NADEGE~1.PC-\AppData\Local\SoftDMA
[07/01/2009|16:32] C:\Users\NADEGE~1.PC-\AppData\Local\Temp
[20/03/2007|17:08] C:\Users\NADEGE~1.PC-\AppData\Local\Temporary Internet Files
[23/03/2007|19:12] C:\Users\NADEGE~1.PC-\AppData\Local\VirtualStore
[02/06/2008|16:25] C:\Users\NADEGE~1.PC-\AppData\Local\Xenocode
[13/06/2008|20:07] C:\Users\NADEGE~1.PC-\AppData\Local\Zylom Games

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[20/10/2008 14:49][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[07/01/2009 15:33][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{37A12F86-4D9D-4EA1-928F-BC434788E900}.job
[07/01/2009 16:00][--a------] C:\Windows\tasks\Maintenance en 1 clic.job
[07/01/2009 10:52][--ah-----] C:\Windows\tasks\SA.DAT
[07/01/2009 10:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[26/10/2007|15:05] C:\ProgramData\60a7806a-0eea-424c-a464-20f4730cd631
[06/09/2008|09:37] C:\ProgramData\Adobe
[23/03/2007|14:43] C:\ProgramData\Ahead
[26/09/2008|07:33] C:\ProgramData\Apple
[06/05/2007|18:46] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[20/03/2007|16:58] C:\ProgramData\Bureau
[01/05/2007|17:27] C:\ProgramData\CyberLink
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[05/01/2009|20:54] C:\ProgramData\Downloaded Installations
[16/02/2008|15:08] C:\ProgramData\eMule
[23/05/2008|18:11] C:\ProgramData\EPSON
[20/03/2007|16:58] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[23/11/2008|22:19] C:\ProgramData\Google
[07/01/2009|14:01] C:\ProgramData\Google Updater
[29/12/2007|19:58] C:\ProgramData\hpzinstall.log
[24/01/2008|19:45] C:\ProgramData\IM
[06/12/2007|22:26] C:\ProgramData\IncrediMail
[05/01/2009|20:28] C:\ProgramData\Installations
[20/03/2007|17:13] C:\ProgramData\InstallShield
[16/02/2008|23:37] C:\ProgramData\Kaspersky Lab
[14/06/2008|23:40] C:\ProgramData\Logishrd
[30/05/2007|11:34] C:\ProgramData\Logitech
[05/01/2009|19:00] C:\ProgramData\Malwarebytes
[20/03/2007|16:58] C:\ProgramData\Menu D‚marrer
[10/04/2007|22:30] C:\ProgramData\Messenger Plus!
[04/10/2007|20:16] C:\ProgramData\MGS
[20/10/2008|14:13] C:\ProgramData\Microsoft
[20/03/2007|16:58] C:\ProgramData\ModŠles
[02/02/2008|15:47] C:\ProgramData\Mozilla
[08/07/2007|22:56] C:\ProgramData\Nero
[05/01/2009|13:04] C:\ProgramData\NortonInstaller
[22/04/2007|21:50] C:\ProgramData\NtiDvdCopy
[05/01/2009|19:52] C:\ProgramData\ntuser.pol
[02/09/2008|06:25] C:\ProgramData\NVIDIA
[05/01/2009|21:10] C:\ProgramData\PC Suite
[19/04/2007|20:04] C:\ProgramData\QuickTime
[06/01/2009|22:33] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[04/05/2008|19:32] C:\ProgramData\TuneUp Software
[23/05/2008|10:52] C:\ProgramData\UDL
[17/10/2008|11:11] C:\ProgramData\WindowsLiveInstaller
[21/10/2008|12:23] C:\ProgramData\WindowsSearch
[22/11/2008|00:17] C:\ProgramData\WLInstaller
[20/08/2007|15:14] C:\ProgramData\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files

[23/05/2008|10:48] C:\Program Files\ABBYY FineReader 6.0 Sprint
[20/03/2007|17:13] C:\Program Files\Acer Inc
[14/12/2006|14:17] C:\Program Files\Acer Zone
[06/09/2008|09:35] C:\Program Files\Adobe
[05/01/2009|22:10] C:\Program Files\Ad-remover
[16/10/2008|22:40] C:\Program Files\AGI
[24/03/2007|01:45] C:\Program Files\Ahead
[28/03/2007|10:56] C:\Program Files\Alwil Software
[26/09/2008|07:33] C:\Program Files\Apple Software Update
[04/02/2008|18:34] C:\Program Files\audible
[05/01/2009|18:13] C:\Program Files\CCleaner
[20/06/2007|19:24] C:\Program Files\CFWebAdvancedU
[05/01/2009|20:55] C:\Program Files\Common Files
[19/04/2007|20:08] C:\Program Files\CosmoSoftware
[29/12/2007|11:02] C:\Program Files\Creative
[29/12/2007|09:45] C:\Program Files\Creative Installation Information
[14/12/2006|14:14] C:\Program Files\CyberLink
[05/01/2009|20:46] C:\Program Files\DIFX
[16/07/2007|19:38] C:\Program Files\DivX
[18/06/2008|13:12] C:\Program Files\Driver-Soft
[11/12/2008|18:35] C:\Program Files\eMule
[23/05/2008|10:50] C:\Program Files\epson
[20/03/2007|16:58] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[06/01/2009|22:36] C:\Program Files\Google
[06/01/2009|20:59] C:\Program Files\Hijackthis Version Fran‡aise
[16/07/2007|19:38] C:\Program Files\HiTRUST
[01/05/2007|12:39] C:\Program Files\illiminable
[02/01/2009|00:25] C:\Program Files\InstallShield Installation Information
[20/10/2008|23:40] C:\Program Files\Internet Explorer
[28/12/2008|17:44] C:\Program Files\Java
[09/03/2008|20:25] C:\Program Files\licenses
[13/11/2008|17:10] C:\Program Files\LimeWire
[27/08/2008|18:58] C:\Program Files\Logitech
[22/02/2008|21:51] C:\Program Files\Magentic
[05/01/2009|19:00] C:\Program Files\Malwarebytes' Anti-Malware
[25/10/2008|15:04] C:\Program Files\Messenger Plus! Live
[17/10/2008|11:11] C:\Program Files\Microsoft
[09/05/2007|11:52] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[15/06/2008|14:22] C:\Program Files\Microsoft LifeCam
[09/03/2008|11:13] C:\Program Files\Microsoft Office
[21/10/2008|12:07] C:\Program Files\Microsoft Silverlight
[14/11/2007|17:44] C:\Program Files\Microsoft SQL Server Compact Edition
[16/07/2007|11:39] C:\Program Files\Microsoft Works
[23/03/2007|18:00] C:\Program Files\Microsoft Works Suite 2005
[18/06/2008|13:10] C:\Program Files\MOVAVI
[20/10/2008|23:40] C:\Program Files\Movie Maker
[23/11/2008|22:19] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[14/07/2008|10:30] C:\Program Files\MSECache
[26/03/2008|23:14] C:\Program Files\MSN
[21/01/2008|19:48] C:\Program Files\MSN Messenger
[06/01/2009|07:49] C:\Program Files\MSNFix
[20/03/2007|19:07] C:\Program Files\MSXML 4.0
[05/01/2009|17:54] C:\Program Files\Navilog1
[08/07/2007|22:56] C:\Program Files\Nero
[24/04/2007|11:54] C:\Program Files\Neuf
[14/12/2006|14:09] C:\Program Files\NewTech Infosystems
[05/01/2009|20:55] C:\Program Files\Nokia
[09/03/2008|20:29] C:\Program Files\OpenOffice.org 2.3
[05/01/2009|20:41] C:\Program Files\PC Connectivity Solution
[01/10/2008|07:00] C:\Program Files\Picasa2
[08/11/2007|20:53] C:\Program Files\Picture It! Premium 10
[24/10/2008|07:30] C:\Program Files\QuickTime
[09/03/2008|20:25] C:\Program Files\readmes
[14/12/2006|13:54] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[02/01/2009|00:25] C:\Program Files\Samsung
[11/11/2008|00:51] C:\Program Files\Spybot - Search & Destroy
[02/02/2008|16:14] C:\Program Files\Sun
[01/11/2007|21:32] C:\Program Files\Trend Micro
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[04/11/2007|11:11] C:\Program Files\Virtools
[01/05/2007|12:40] C:\Program Files\VistaCodecPack
[14/07/2008|14:23] C:\Program Files\VS Revo Group
[20/10/2008|23:40] C:\Program Files\Windows Calendar
[20/10/2008|23:40] C:\Program Files\Windows Collaboration
[20/10/2008|23:40] C:\Program Files\Windows Defender
[14/07/2008|10:32] C:\Program Files\Windows Installer Clean Up
[20/10/2008|23:40] C:\Program Files\Windows Journal
[23/10/2008|06:45] C:\Program Files\Windows Live
[20/10/2008|14:48] C:\Program Files\Windows Live Favorites
[20/10/2008|14:49] C:\Program Files\Windows Live Toolbar
[11/12/2008|08:27] C:\Program Files\Windows Mail
[24/11/2008|07:06] C:\Program Files\Windows Media Player
[20/03/2007|16:58] C:\Program Files\Windows NT
[20/10/2008|23:40] C:\Program Files\Windows Photo Gallery
[20/10/2008|23:40] C:\Program Files\Windows Sidebar
[29/04/2007|22:47] C:\Program Files\WinRAR
[09/03/2008|11:23] C:\Program Files\XnView
[07/05/2007|18:44] C:\Program Files\Xvid
[20/08/2007|15:06] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[06/09/2008|09:36] C:\Program Files\Common Files\Adobe
[08/07/2007|22:59] C:\Program Files\Common Files\Ahead
[24/10/2008|07:28] C:\Program Files\Common Files\Apple
[22/08/2007|21:10] C:\Program Files\Common Files\ArcSoft
[23/03/2007|18:08] C:\Program Files\Common Files\Designer
[20/03/2007|17:13] C:\Program Files\Common Files\InstallShield
[17/04/2007|22:37] C:\Program Files\Common Files\Java
[24/07/2007|11:47] C:\Program Files\Common Files\LightScribe
[24/10/2008|15:32] C:\Program Files\Common Files\logishrd
[24/10/2008|15:31] C:\Program Files\Common Files\Logitech
[20/10/2008|14:27] C:\Program Files\Common Files\microsoft shared
[23/03/2007|14:56] C:\Program Files\Common Files\Nero
[14/12/2006|14:09] C:\Program Files\Common Files\NewTech Infosystems
[05/01/2009|20:55] C:\Program Files\Common Files\Nokia
[24/04/2007|11:54] C:\Program Files\Common Files\PAC207
[05/01/2009|20:55] C:\Program Files\Common Files\PCSuite
[24/04/2007|11:54] C:\Program Files\Common Files\Remove64C
[24/04/2007|11:54] C:\Program Files\Common Files\RemoveC
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/01/2009|13:17] C:\Program Files\Common Files\Symantec Shared
[20/10/2008|23:40] C:\Program Files\Common Files\System
[04/12/2007|20:14] C:\Program Files\Common Files\Teleca Shared
[17/10/2008|11:06] C:\Program Files\Common Files\Windows Live
[24/11/2008|07:06] C:\Program Files\Common Files\WindowsLiveInstaller
[04/05/2008|19:30] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 86 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 16:32:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 67

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\NADEGE~1.PC-\AppData\Roaming\mIRC\logs\crack-----.DiscuT.log


[F:59][D:9]-> C:\Users\NADEGE~1.PC-\AppData\Local\Temp
[F:22][D:1]-> C:\Users\NADEGE~1.PC-\AppData\Roaming\MICROS~1\Windows\Cookies
[F:6][D:3]-> C:\Users\NADEGE~1.PC-\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:4][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 07/01/2009|11:17 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 07/01/2009|16:34 - Option : [2]

--------------------\\ Fin du rapport a 16:34:19
[ UAC => 1 ]
0
ermeda
7 janv. 2009 à 16:56
Logfile of HijackThis v1.99.1
Scan saved at 16:54:44, on 07/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.MSNFix
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)
0
Réponse 18 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
7 janv. 2009 à 17:02
bien ....


la suite dans l'ordre :


1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/

Déconnecte toi et ferme bien toutes tes applications en cours .

Clique droit sur le prg et choisis "éxécuter en tant que Administrateur"

*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprime tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

( garde CCleaner et Malwarebytes : très utiles ! )

=====================

2- Refais un coup de CCleaner ( registre compris ) .

=====================

3- Retélécharge et réinstalle hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharge et installe le logiciel HijackThis :

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le moment )

=====================

4- Important :
Purge de la restauration système
-->Désactive ta restauration :
Dans démarrer, clique droit sur ordinateur/propriétés/protection du système : décoche la case devant ton disk dur maitre ( pour toi -> C ) , valide, applique et OK
Redémarre ton PC ...

-->Réactive ta restauration :
Clique droit sur ordinateur/propriétés/protection du système : coche la case devant ton disk dur maitre , valide, applique et OK
Redémarre ton PC ...

( tuto : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista )

=====================

5- Fais ce scan en ligne pour vérifier :

( ne rien faire d'autre avec le PC durant le scan ! )

Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :

https://www.bitdefender.fr/

* Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc ...

* pour le rapport : clique sur l'onglet "plus de détailles" . A la fin du scan, clique sur " problème détectés " .
-> juste au dessus à droite de la fenêtre des résultats , tu as " cliquer ici pour exporter le rapport " .
-> Clique dessus donc, et choisis d'enregistrer le rapport sur ton bureau .


--> Ouvre le document html que tu viens de sauvegarder ( le rapport ),
fais un copier/coller de tout son contenu et poste le dans ta prochaine réponse ...


Rappel : le scan en ligne ne fonctionne que sous Internet Exploreur ! ( et pas sur FireFox ou autres navigateurs )

Tutoriel en images ici :
http://perso.orange.fr/rginformatique/section%20virus/defender.htm (merci à Balltrap34 pour cette réalisation)
Et ici : http://www.commentcamarche.net/faq/sujet 8872 scanner en ligne avec bitdefender
0
Réponse 19 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
7 janv. 2009 à 17:02
bien ....


la suite dans l'ordre :


1-Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/

Déconnecte toi et ferme bien toutes tes applications en cours .

Clique droit sur le prg et choisis "éxécuter en tant que Administrateur"

*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .

Note : Ce petit soft va te nettoyer tout les trucs dont on c'est servi pour la désinfection .
Supprime tout les outils , dossiers ou rapports consernant la désinfection que Toolscleaner2 n'a pas supprimé .

( garde CCleaner et Malwarebytes : très utiles ! )

=====================

2- Refais un coup de CCleaner ( registre compris ) .

=====================

3- Retélécharge et réinstalle hijackthis ( car supprimé par Toolscleaner2 ) ,

Télécharge et installe le logiciel HijackThis :

ici ftp://ftp.commentcamarche.com/download/HJTInstall.exe
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
ou ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html

-> Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg ce lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne fais pas de scan pour le moment )

=====================

4- Important :
Purge de la restauration système
-->Désactive ta restauration :
Dans démarrer, clique droit sur ordinateur/propriétés/protection du système : décoche la case devant ton disk dur maitre ( pour toi -> C ) , valide, applique et OK
Redémarre ton PC ...

-->Réactive ta restauration :
Clique droit sur ordinateur/propriétés/protection du système : coche la case devant ton disk dur maitre , valide, applique et OK
Redémarre ton PC ...

( tuto : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista )

=====================

5- Fais ce scan en ligne pour vérifier :

( ne rien faire d'autre avec le PC durant le scan ! )

Fais un scan antivirus en ligne, avec Internet Explorer et accepter l'ActiveX :

https://www.bitdefender.fr/

* Aide : En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte .
La fenêtre change encore, clique sur scanner .
Les signatures se chargent, etc ...

* pour le rapport : clique sur l'onglet "plus de détailles" . A la fin du scan, clique sur " problème détectés " .
-> juste au dessus à droite de la fenêtre des résultats , tu as " cliquer ici pour exporter le rapport " .
-> Clique dessus donc, et choisis d'enregistrer le rapport sur ton bureau .


--> Ouvre le document html que tu viens de sauvegarder ( le rapport ),
fais un copier/coller de tout son contenu et poste le dans ta prochaine réponse ...


Rappel : le scan en ligne ne fonctionne que sous Internet Exploreur ! ( et pas sur FireFox ou autres navigateurs )

Tutoriel en images ici :
http://perso.orange.fr/rginformatique/section%20virus/defender.htm (merci à Balltrap34 pour cette réalisation)
Et ici : http://www.commentcamarche.net/faq/sujet 8872 scanner en ligne avec bitdefender
0
ermeda
7 janv. 2009 à 19:12
BitDefender Online Scanner



Rapport d'analyse généré à: Wed, Jan 07, 2009 - 18:52:08





Voie d'analyse: C:\;D:\;E:\;G:\;H:\;I:\;J:\;L:\;







Statistiques

Temps
00:31:17

Fichiers
141776

Directoires
20818

Secteurs de boot
0

Archives
2269

Paquets programmes
14151




Résultats

Virus identifiés
1

Fichiers infectés
1

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
1




Info sur les moteurs

Définition virus
2413017

Version des moteurs
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Analyse des plugins
17

Archive des plugins
45

Unpack des plugins
7

E-mail plugins
6

Système plugins
4




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\Windows\Installer\84f149.msi=>(Embedded EXE)
Infecté par: Trojan.Generic.764110

C:\Windows\Installer\84f149.msi=>(Embedded EXE)
Supprimé

C:\Windows\Installer\84f149.msi
Echec de la mise à jour












Logfile of HijackThis v1.99.1
Scan saved at 19:09:57, on 07/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.MSNFix
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)
0
Réponse 20 / 34
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
7 janv. 2009 à 19:15
re,

tu n'as pas fait Toolscleaner !

donc fais le :

Télécharge ToolsCleaner (de A.Rothstein) sur ton Bureau.
http://pc-system.fr/

Déconnecte toi et ferme bien toutes tes applications en cours .

Clique droit sur le prg et choisis "éxécuter en tant que Administrateur"

*Clique sur Recherche et laisse le scan se terminer (cela peut être long).
*Clique sur Suppression pour finaliser.
*Clique sur "quitter" pour générer un rapport ( et pas sur la croix rouge !) :
--> Poste ce rapport : il se trouve à la racine de ton disque dur -> C:\TCleaner.txt .


0
ermeda
7 janv. 2009 à 19:45
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Program Files\Hijackthis Version Française\hijackthis.log: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\*.msnfix: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\*.msnfix: trouvé !

---------------------------------
-->- Suppression:

C:\Program Files\Hijackthis Version Française\hijackthis.log: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\*.msnfix: ERREUR DE SUPPRESSION !!
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Startup\*.msnfix: ERREUR DE SUPPRESSION !!





Logfile of HijackThis v1.99.1
Scan saved at 19:43:54, on 07/01/2009
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vVX1000.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\nadege.PC-de-erika\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Users\NADEGE~1.PC-\AppData\Local\Temp\E_SA124.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.MSNFix
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F02C6852-4A8E-4995-9A62-AA6655A76234}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - %windir%\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSvc) - Unknown owner - %windir%\system32\inetsrv\wmsvc.exe (file missing)
0
ermeda
7 janv. 2009 à 21:46
pour le moment ca a l'air d'aller
moins de ralenti deja
sur mon bureau, il me reste genproc1 et upload-me
est ce normal???
0

Discussions similaires

Comment effacer des messages messenger impossibles à envoyer
pariseure -
virginie -

10 réponses
Retirer un colis avec une photocopie de la carte d'identité
Tibby -
Chamarant -

9 réponses
supprimer un compte paypal sur Aliexpress
PATRICIA -
m2AP -

27 réponses
impossible de supprimer mes messages
jessicaraud -
jessicaraud -

9 réponses