Problème de demarrage

Résolu
castor423 Messages postés 96 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour, j'avais un virus et depuis j'ai des problèmes de demarrage ...

je vous donne mon hijackthis :



Logfile of HijackThis v1.99.1
Scan saved at 13:48:49, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

23 réponses

  • 1
  • 2
Réponse 1 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,




scan avec malwarebyte , fais un scanrapide et colle le rapport obtenu et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

______________________


mettre a jour internet explorer
pour XP
http://download.microsoft.com/...

_______________________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

_______________________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.


_______________________


Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 23
castor423 Messages postés 96 Statut Membre
 
c'est en court !! merci beaucoup
0
Réponse 3 / 23
castor423 Messages postés 96 Statut Membre
 
Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1917
Windows 5.1.2600 Service Pack 3

30/03/2009 14:24:34
mbam-log-2009-03-30 (14-24-34).txt

Type de recherche: Examen rapide
Eléments examinés: 67142
Temps écoulé: 10 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.




Voilà l'ancien rapport pour info :




Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1880
Windows 5.1.2600 Service Pack 3

21/03/2009 11:02:55
mbam-log-2009-03-21 (11-02-55).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 167371
Temps écoulé: 1 hour(s), 3 minute(s), 16 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 123
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
C:\Documents and Settings\HP_Propriétaire\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kepikemi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vufosesa.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ab9fa3d-af9c-4a69-9b01-c1e1a496d4ec} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ab9fa3d-af9c-4a69-9b01-c1e1a496d4ec} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ab9fa3d-af9c-4a69-9b01-c1e1a496d4ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{031cbf6a-c70e-4177-a0d4-c5268ee311fb} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c092742-10fe-4db2-988d-fc71948de70c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.zangoclientax (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.zangoclientax.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtmailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4331ec56-0aab-499e-8757-dd2ee44ad671} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54286c3a-e044-4e65-bd44-528d6ae28a18} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtmailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtools.hbtcommband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtools.hbtcommband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtsrv.hbtcoreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtsrv.hbtcoreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbthtmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9967a873-40f3-4c7e-9239-6c8760f19f61} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27c4569f-8728-4958-a920-a607cae8153c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af15975b-1498-4740-8e6c-90af78e4198c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ab71193-ec19-4d70-85c2-e46e2ff02755} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{420c35c9-e4f2-49f9-bf67-2be1ecf86989} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbthtmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbttoolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbttoolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttools.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttools.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmgr180.wmdrmax (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{793af621-5cd0-4b92-b765-6712f6aaf48e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{175816a5-219e-4079-b2f9-53c501c409ba} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{397a208b-3d09-4b3e-93e8-ca171886612e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{421745e9-16df-4ee4-a758-d51f939c49cb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a61a950-c325-4f44-ba64-273180ff3464} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e98faf8-794f-47f9-af90-15305564ed81} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a14c0d8d-e753-4e73-9e2b-4070791d8940} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{45397063-d7d0-47c2-9508-26487608a298} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dozerefeke (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qauaoca (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsa shellu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zangotoolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kepikemi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kepikemi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kepikemi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI02 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\nezovefo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vufosesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\asioq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\asioq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\asioq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ccaeswg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ccaeswg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\qauaoca_navps.dat (Adware.Navipromo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\qauaoca.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\qauaoca.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\yqygy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\yqygy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kepikemi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\ClientAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtInstIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtToolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtWallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtSrv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.7.7.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.0.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.2.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ZangoToolbar\Bin\4.8.3.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zangoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zangohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zango_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zango_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.
0
Réponse 4 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais la suite
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 23
castor423 Messages postés 96 Statut Membre
 
rapport rsit

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1880
Windows 5.1.2600 Service Pack 3

21/03/2009 11:02:55
mbam-log-2009-03-21 (11-02-55).txt

Type de recherche: Examen complet (C:\|D:\|G:\|)
Eléments examinés: 167371
Temps écoulé: 1 hour(s), 3 minute(s), 16 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 123
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
C:\Documents and Settings\HP_Propriétaire\lsass.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\kepikemi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\vufosesa.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ab9fa3d-af9c-4a69-9b01-c1e1a496d4ec} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9ab9fa3d-af9c-4a69-9b01-c1e1a496d4ec} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ab9fa3d-af9c-4a69-9b01-c1e1a496d4ec} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5b6689b5-c2d4-4dc7-bfd1-24ac17e5fcda} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{031cbf6a-c70e-4177-a0d4-c5268ee311fb} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2b0eceac-f597-4858-a542-d966b49055b9} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6c092742-10fe-4db2-988d-fc71948de70c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7fa8976f-d00c-4e98-8729-a66569233fb5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdddf1a5-51a9-4f51-b38d-4cd0ad831b31} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ddea2e1d-8555-45e5-af09-ec9aa4ea27ad} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f1f1e775-1b21-454d-8d38-7c16519969e5} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0ac49246-419b-4ee0-8917-8818daad6a4e} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99410cde-6f16-42ce-9d49-3807f78f0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f31a5d11-bf0b-4a4e-90af-274f2090aaa6} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.clientinstaller.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.requiredcomponent.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.zangoclientax (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\clientax.zangoclientax.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbcoresrv.dynamicprop.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.hbtcoreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.lfgax (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtcoresrv.lfgax.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtmailanim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4331ec56-0aab-499e-8757-dd2ee44ad671} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54286c3a-e044-4e65-bd44-528d6ae28a18} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31a59636-0fa3-4a56-954d-db7ad02840d8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2baa4c9-ae1e-4605-ae2f-a1c49a30d881} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtmailanim.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbthostol.hbtwebmailsend.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{38370864-346f-4afa-8c4b-4fbff518c0bb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c875948-9c60-4381-9248-0df180542d53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtools.hbtcommband (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtools.hbtcommband.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtsrv.hbtcoreservices (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbtsrv.hbtcoreservices.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbthtmlmenuui (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9967a873-40f3-4c7e-9239-6c8760f19f61} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{27c4569f-8728-4958-a920-a607cae8153c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{af15975b-1498-4740-8e6c-90af78e4198c} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ab71193-ec19-4d70-85c2-e46e2ff02755} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{420c35c9-e4f2-49f9-bf67-2be1ecf86989} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbthtmlmenuui.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbttoolbarctl (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttoolbar.hbttoolbarctl.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttools.hbmain (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hbttools.hbmain.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmgr180.wmdrmax (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\lmgr180.wmdrmax.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{793af621-5cd0-4b92-b765-6712f6aaf48e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wallpaper.wallpapermanager.1 (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zangotoolbar.zbcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{175816a5-219e-4079-b2f9-53c501c409ba} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1c1793e0-1034-4cac-837d-aa545f6961bf} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{397a208b-3d09-4b3e-93e8-ca171886612e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{421745e9-16df-4ee4-a758-d51f939c49cb} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5d16197a-1eaa-45af-b29a-69f1aa055e87} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85e06077-c824-43d0-a8dc-5efb17bc348a} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8654592e-952a-4e7c-a960-304763b35fa6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8a61a950-c325-4f44-ba64-273180ff3464} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8e98faf8-794f-47f9-af90-15305564ed81} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b53d4cd4-406d-43cc-8244-7893d72236dd} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b671426c-5c1a-48ac-9652-bc9402b1c404} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b9bb3219-f84c-4060-966b-4a1e73e24226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f786cb18-3809-4e49-bc99-9a66da47db8b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{460ac4db-b0de-4626-a0f0-175dd84dcb9b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a14c0d8d-e753-4e73-9e2b-4070791d8940} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa16bce1-5e36-472a-8466-e0cdd5ce00e6} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{5937cd7f-1c0b-41e1-9075-60ebdf3c7d34} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{45397063-d7d0-47c2-9508-26487608a298} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{71efe583-62fe-4419-9918-ca3b683f7b36} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f8ee014f-b34c-4544-8e45-95a7971d323b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4b18dd50-c996-44fc-ac52-0fecff82ed58} (Spyware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3fa917b9-df69-477f-9e4f-b60d929de79f} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{0ebacaf2-e0f9-47a9-98cf-0ecce30b654c} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\zbcoresrv.zbcoreservices.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.EXE (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Zango (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dozerefeke (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qauaoca (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsa shellu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\zangotoolbar 4.8.3 (Adware.Zango) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\kepikemi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\kepikemi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\kepikemi.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI02 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\nezovefo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vufosesa.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\asioq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\asioq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\asioq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ccaeswg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\ccaeswg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\qauaoca_navps.dat (Adware.Navipromo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\qauaoca.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\qauaoca.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\yqygy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\yqygy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kepikemi.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\HP_Propriétaire\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aNI02\aNI022328.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\ClientAX.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtHostOL.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtInstIE.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtToolbar.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtWallpaper.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ZangoToolbar\Bin\4.8.3.0\ZbWallpaper.dll (Adware.Zango) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\HbtSrv.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.7.7.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.0.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.2.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\HbTools\Bin\4.8.4.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\ZangoToolbar\Bin\4.8.3.0\dBenderC.dll (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zangoau.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zangohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zango_gdf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Zango\zango_kyf.dat (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\eoRezo (Rogue.Eorezo) -> Delete on reboot.



et le deuxième :


info.txt logfile of random's system information tool 1.06 2009-03-30 14:33:33

======Uninstall list======

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat Reader 3.01-->C:\WINDOWS\unin040c.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x40c
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD-->"C:\Program Files\Elaborate Bytes\CloneDVD\CloneDVD-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DigiCam-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6247E040-B332-4A7E-B2DA-369BD4CB5CC3}\Setup.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
eoEngine 4.6-->"C:\Program Files\eoRezo\unins000.exe"
eoWeather 4.4-->"C:\Program Files\eoRezo\EoWeather\unins000.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
High Definition Audio - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hijackthis Version Française 1.99.0.1-->"C:\Program Files\Hijackthis Version Française\unins000.exe"
Hotbar Browser, Weather and Wowpapers Tools-->"C:\Program Files\HbTools\Bin\HbtUninst.exe" Web
Hotbar Outlook Tools-->"C:\Program Files\HbTools\Bin\HbtUninst.exe" Outlook
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software-->C:\HP\KBD\KBD.EXE uninstalled
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC 1600 series-->rundll32 hpzcon12.dll,VendorJettison HP PSC 1600 series
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lapin Malin Maternelle 1-->C:\WINDOWS\IsUn040c.exe -fC:\Tlcwin\Rrt\Uninst\DeIsL1.isu
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Luxor Amun Rising with Luxor-->C:\Program Files\MumboJumbo\Luxor AR with Luxor\uninst.exe
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Works-->MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x40c
MyDsc2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{83D96ED0-98AA-4515-8DDC-816F3EFDD104}\Setup.exe" -l0x40c
Navilog1 3.5.4-->"C:\Program Files\Navilog1\unins000.exe"
PC Tools Firewall Plus 5.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\setup.exe" -l0x40c
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007-->MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
WebEye-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03B20126-F3C2-11D5-A6D2-00C026001DCA}\Setup.exe" -l0x9
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090329-0]
FW: Norton Internet Worm Protection (disabled)
FW: PC Tools Firewall Plus

======System event log======

Computer Name: GERARD
Event Code: 59
Message: Generate Activation Context a échoué pour C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Message d'erreur de référence : Opération réussie.
.

Record Number: 567182
Source Name: SideBySide
Time Written: 20090320211106.000000+060
Event Type: erreur
User:

Computer Name: GERARD
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 567181
Source Name: SideBySide
Time Written: 20090320211106.000000+060
Event Type: erreur
User:

Computer Name: GERARD
Event Code: 32
Message: L'assemblage dépendant Microsoft.VC80.MFCLOC ne peut pas être trouvé. La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Record Number: 567180
Source Name: SideBySide
Time Written: 20090320211106.000000+060
Event Type: erreur
User:

Computer Name: GERARD
Event Code: 59
Message: Generate Activation Context a échoué pour C:\Program Files\IncrediMail\bin\MFC80U.DLL.
Message d'erreur de référence : Opération réussie.
.

Record Number: 567179
Source Name: SideBySide
Time Written: 20090320211106.000000+060
Event Type: erreur
User:

Computer Name: GERARD
Event Code: 59
Message: Resolve Partial Assembly a échoué pour Microsoft.VC80.MFCLOC.
Message d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Record Number: 567178
Source Name: SideBySide
Time Written: 20090320211106.000000+060
Event Type: erreur
User:

=====Application event log=====

Computer Name: GERARD
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 10801
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090228225432.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: GERARD
Event Code: 101
Message: Niveau d'information : success

L'exécution suivante a été planifiée pour intervenir approximativement à 10:54 PM.

Record Number: 10800
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090228191903.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: GERARD
Event Code: 101
Message: Niveau d'information : success

LiveUpdate automatique a terminé.

Record Number: 10799
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090228191903.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: GERARD
Event Code: 101
Message: Niveau d'information : success

Le Planificateur a lancé LiveUpdate automatique.

Record Number: 10798
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090228191853.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: GERARD
Event Code: 101
Message: Niveau d'information : success

L'exécution suivante a été planifiée pour intervenir approximativement à 7:18 PM.

Record Number: 10797
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20090228154759.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\

-----------------EOF-----------------
0
Réponse 6 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
non tu as remis malwarebyte et non le deuxième rapport de RSIt
0
Réponse 7 / 23
castor423 Messages postés 96 Statut Membre
 
je ne trouve pas infoTtxt
0
Réponse 8 / 23
castor423 Messages postés 96 Statut Membre
 
sinon j'ai tout telecharger !! merci
0
Réponse 9 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
bon alors

remets un rapport hijakchits
0
Réponse 10 / 23
castor423 Messages postés 96 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 15:26:54, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

et sinon avast ne s'affiche pas dans la barre des tâches par contre il est bien activé , comment le faire apparaître en permanence dans la barre des tâches ??
0
Réponse 11 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
pour remettre votre icône a coté de l'horloge il vous suffi juste d'aller a la partition C /Progamme Files/Awil .../Avast et cliqué juste sur l'icone ashDisp

_____________


Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://ssl-tb.sitadelle.com/
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

_______________

ton logiciel hijakhcits est ancien vire le et installe la derniere version et remets un rapport

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

_____________


Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 12 / 23
castor423
 
J'ai pas reussi avec ad remover mais c'est pas grave tout marche !! Par contre j'avais désactivé la restauration du syteme est ce que je peux la reactiver sans que cela pose de probleme ?
Et l'icone d'avast est apparue mais elle redisparait a chaque demarrage , comment faire pour qu'elle reste en permanence ?
MERCI

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:34:39, on 30/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
0
Réponse 13 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
avast ne marche pas a chaque demarrage

(tu tiens vraiment a garder avast ou cela te derangerais de changer pour antivir qui est mieux ? tu me diras;;;

_____________


vire le fichier eoRezo
en allant dans psote de travail puis

C:\Program Files\eoRezo


et

fais ceci alors pour verifier:



télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.


déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 14 / 23
castor423 Messages postés 96 Statut Membre
 
ComboFix 09-03-29.04 - HP_Propriétaire 2009-03-30 18:12:31.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.958.582 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: PC Tools Firewall Plus *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\P2P Networking
c:\windows\system32\P2P Networking\Cache\Database\index256.dbb
c:\windows\system32\P2P Networking\P2P Networking.eng
c:\windows\system32\Process.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.

2009-03-30 17:53 . 2009-03-30 17:47 2,937,685 --a------ c:\program files\ComboFix.exe
2009-03-30 17:13 . 2009-03-30 17:13 <REP> d-------- c:\program files\Ad-remover
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-30 15:05 . 2009-03-30 15:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-30 14:52 . 2009-03-30 15:41 <REP> d-------- c:\program files\NOS
2009-03-30 14:52 . 2009-03-30 15:37 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-30 14:50 . 2009-03-30 14:50 <REP> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\PrivacIE
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\PrivacIE
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IECompatCache
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IECompatCache
2009-03-30 14:45 . 2009-03-30 14:45 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IETldCache
2009-03-30 14:45 . 2009-03-30 14:45 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IETldCache
2009-03-30 14:43 . 2009-03-30 14:43 <REP> d-------- c:\windows\ie8updates
2009-03-30 14:40 . 2009-03-30 14:42 <REP> d--h-c--- c:\windows\ie8
2009-03-30 14:39 . 2009-02-28 06:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-30 14:33 . 2009-03-30 14:33 <REP> d-------- C:\rsit
2009-03-30 11:59 . 2009-03-30 11:59 <REP> d--hs---- C:\found.000
2009-03-30 11:45 . 2009-03-30 15:47 <REP> d-------- c:\program files\Hijackthis Version Française
2009-03-30 11:42 . 2009-03-30 11:50 <REP> d-------- c:\program files\Navilog1
2009-03-30 11:31 . 2009-03-30 15:20 <REP> d-------- c:\program files\Spybot - Search & Destroy
2009-03-30 11:31 . 2009-03-30 17:10 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-30 10:35 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-30 10:35 . 2008-12-11 12:32 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-30 10:34 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-30 10:34 . 2008-12-11 17:01 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-03-21 12:41 . 2009-03-21 12:41 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\PCToolsFirewallPlus
2009-03-21 12:39 . 2009-03-30 10:37 <REP> d-------- c:\program files\PC Tools Firewall Plus
2009-03-21 12:39 . 2009-03-30 10:36 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-21 12:39 . 2009-03-30 18:10 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 12:39 . 2008-09-22 12:29 97,408 --a------ c:\windows\system32\drivers\pctfw.sys
2009-03-21 12:12 . 2009-03-21 12:12 <REP> d-------- c:\program files\CCleaner
2009-03-21 10:57 . 2009-03-21 10:57 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2009-03-21 10:57 . 2009-03-21 10:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 08:58 . 2009-03-21 09:12 <REP> d-------- c:\program files\MSN Messenger
2009-03-21 08:58 . 2009-03-21 08:58 <REP> d-------- c:\program files\ATI Technologies
2009-03-20 20:52 . 2009-03-21 08:57 <REP> d-------- c:\program files\MSN Messenger(3)
2009-03-20 14:06 . 2009-03-21 08:58 <REP> d-------- c:\program files\MSN Messenger(2)
2009-03-20 08:27 . 2009-03-20 08:27 <REP> d-------- c:\temp\atmp8
2009-03-08 14:17 . 2009-03-08 14:17 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:17 . 2009-03-08 14:17 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:16 . 2009-03-08 14:16 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:15 . 2009-03-08 14:15 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-02-17 14:07 . 2009-02-17 14:07 179 --a------ C:\handle.dat
2009-02-12 22:20 . 2009-02-12 22:20 7,466 --------- c:\windows\system32\IE8Eula.rtf
2009-02-12 04:09 . 2009-02-12 04:09 268 --ah----- C:\sqmdata15.sqm
2009-02-12 04:09 . 2009-02-12 04:09 244 --ah----- C:\sqmnoopt15.sqm
2009-02-03 17:53 . 2009-02-03 17:53 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2009-02-03 17:53 . 2009-02-26 10:38 58 --a------ c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 13:05 --------- d-----w c:\program files\Java
2009-03-30 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-30 12:49 --------- d-----w c:\program files\Trend Micro
2009-03-29 23:30 --------- d-----w c:\program files\eMule
2009-03-21 10:40 --------- d-----w c:\program files\Google
2009-03-21 09:18 --------- d-----w c:\program files\IncrediMail
2009-03-21 07:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\EoRezo
2009-03-20 11:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 12:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 02:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 02:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 02:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 02:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 02:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 02:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 02:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 02:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 02:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-07 16:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 16:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 16:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 16:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 16:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-07 16:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2008-12-20 22:46 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll
2008-12-05 06:57 144,896 ------w c:\windows\system32\dllcache\schannel.dll
2007-07-24 07:05 5,120 --sha-w c:\program files\Thumbs.db
2006-04-29 18:49 20,845 ----a-w c:\program files\imstp_chubbi_fr.gif
2006-04-27 09:23 4,097,738 ----a-w c:\program files\e-como.exe
2006-04-12 19:59 1,111 ----a-w c:\program files\untitled2.html
2006-04-12 03:52 5,675 ----a-w c:\program files\image001.jpg
2006-04-06 05:33 131,584 ----a-w c:\program files\G[1].SAND.pps
2006-03-28 18:29 327 ----a-w c:\program files\untitled1[1].2.html
2006-02-11 11:47 1,104,734 ----a-w c:\program files\dvdshrink_3.2.0.16_fr.zip
2006-07-16 11:16 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-10-09 05:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100920081010\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-01-15 962663]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-21 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-30 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-21 20560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-03-30 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-03-30 95640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df75ea2d-7a57-11dc-a0d1-4d6564696130}]
\Shell\Auto\command - H:\Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f270dee5-15f5-11de-a1f8-0013d3d3a78a}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-03-27 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 00:10]

2009-03-30 c:\windows\Tasks\User_Feed_Synchronization-{B1E67FB9-CBC8-4269-B606-0548CB38FFCC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;GERARD
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 18:15:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-30 18:17:32
ComboFix-quarantined-files.txt 2009-03-30 16:17:16

Avant-CF: 92 485 214 208 octets libres
Après-CF: 92,532,490,240 octets libres

232 --- E O F --- 2009-03-23 02:00:39
0
Réponse 15 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ce fichier sur virus total et colle le rapport: https://www.virustotal.com/gui/

C:\handle.dat


_______________________
Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
H:\Start.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df75ea2d-7a57-11dc-a0d1-4d6564696130}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f270dee5-15f5-11de-a1f8-0013d3d3a78a}]



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 16 / 23
castor423 Messages postés 96 Statut Membre
 
Y a t il quelque chose à enlever ?? Puis je reactiver les points de sauvegarde ??
0
Réponse 17 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
regarde le 15
0
Réponse 18 / 23
castor423 Messages postés 96 Statut Membre
 
Suomi | ihMdI | | עברית | | Slovenščina | Dansk | Русский | Română | Türkçe | Nederlands | Ελληνικά | Svenska | Português | Italiano | | | Magyar | Deutsch | Česky | Polski | Español | English
Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

Fichier handle.dat reçu le 2009.03.30 18:46:43 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/40 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 3.
L'heure estimée de démarrage est entre 56 et 80 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. Email:


Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.101 2009.03.30 -
AhnLab-V3 5.0.0.2 2009.03.30 -
AntiVir 7.9.0.129 2009.03.30 -
Antiy-AVL 2.0.3.1 2009.03.30 -
Authentium 5.1.2.4 2009.03.29 -
Avast 4.8.1335.0 2009.03.30 -
AVG 8.5.0.285 2009.03.30 -
BitDefender 7.2 2009.03.30 -
CAT-QuickHeal 10.00 2009.03.30 -
ClamAV 0.94.1 2009.03.30 -
Comodo 1090 2009.03.30 -
DrWeb 4.44.0.09170 2009.03.30 -
eSafe 7.0.17.0 2009.03.27 -
eTrust-Vet 31.6.6424 2009.03.30 -
F-Prot 4.4.4.56 2009.03.29 -
F-Secure 8.0.14470.0 2009.03.30 -
Fortinet 3.117.0.0 2009.03.30 -
GData 19 2009.03.30 -
Ikarus T3.1.1.49.0 2009.03.30 -
K7AntiVirus 7.10.685 2009.03.30 -
Kaspersky 7.0.0.125 2009.03.30 -
McAfee 5568 2009.03.29 -
McAfee+Artemis 5568 2009.03.29 -
McAfee-GW-Edition 6.7.6 2009.03.30 -
Microsoft 1.4502 2009.03.30 -
NOD32 3974 2009.03.30 -
Norman 6.00.06 2009.03.30 -
nProtect 2009.1.8.0 2009.03.30 -
Panda 10.0.0.10 2009.03.30 -
PCTools 4.4.2.0 2009.03.30 -
Prevx1 V2 2009.03.30 -
Rising 21.23.03.00 2009.03.30 -
Sophos 4.40.0 2009.03.30 -
Sunbelt 3.2.1858.2 2009.03.29 -
Symantec 1.4.4.12 2009.03.30 -
TheHacker 6.3.3.9.296 2009.03.30 -
TrendMicro 8.700.0.1004 2009.03.30 -
VBA32 3.12.10.1 2009.03.29 -
ViRobot 2009.3.30.1668 2009.03.30 -
VirusBuster 4.6.5.0 2009.03.30 -
Information additionnelle
File size: 179 bytes
MD5...: 1dfd4b147e8fa77b807533fb5ddcce5f
SHA1..: 17d53d566249a441c412c3649cdd52160d7a4262
SHA256: 6b8287eb34e7e677d889f0d2626a3ba432ded23e97f239c3dadc3c2b2ef1b0ef
SHA512: 9e3f06e70419c77c90ef485cb67cccb3f07849131d6affdfb0459065f17b99ef c19c02de6c4e2dee67526c412c3bf4220f6742d2853a122eb56c1a7521f75884
ssdeep: 3:h8M/ZlkyLNWE9Am12MFuAvOAsHhcywgWxOSOOh6ljWLmllHhH0:h8sttP12MUA
vvahcy0bOOMjWLS4

PEiD..: -
TrID..: File type identification
Adobe PhotoShop Brush (100.0%)
PEInfo: -
RDS...: NSRL Reference Data Set
-


ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy
0
Réponse 19 / 23
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok fais la suite
0
Réponse 20 / 23
castor423 Messages postés 96 Statut Membre
 
ComboFix 09-03-29.04 - HP_Propriétaire 2009-03-30 20:26:18.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.958.581 [GMT 2:00]
Lancé depuis: c:\documents and settings\HP_Propriétaire\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Propriétaire\Bureau\CFscript.txt
AV: avast! antivirus 4.8.1335 [VPS 090330-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: PC Tools Firewall Plus *enabled*
* Un nouveau point de restauration a été créé

FILE ::
H:\Start.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-02-28 au 2009-03-30 ))))))))))))))))))))))))))))))))))))
.

2009-03-30 17:53 . 2009-03-30 17:47 2,937,685 --a------ c:\program files\ComboFix.exe
2009-03-30 17:13 . 2009-03-30 17:13 <REP> d-------- c:\program files\Ad-remover
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-03-30 15:11 . 2009-03-30 15:11 <REP> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-03-30 15:05 . 2009-03-30 15:05 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-30 14:52 . 2009-03-30 15:41 <REP> d-------- c:\program files\NOS
2009-03-30 14:52 . 2009-03-30 15:37 <REP> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-30 14:50 . 2009-03-30 14:50 <REP> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\PrivacIE
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\PrivacIE
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IECompatCache
2009-03-30 14:47 . 2009-03-30 14:47 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IECompatCache
2009-03-30 14:45 . 2009-03-30 14:45 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IETldCache
2009-03-30 14:45 . 2009-03-30 14:45 <REP> d--hs---- c:\documents and settings\HP_Propriétaire\IETldCache
2009-03-30 14:43 . 2009-03-30 14:43 <REP> d-------- c:\windows\ie8updates
2009-03-30 14:40 . 2009-03-30 14:42 <REP> d--h-c--- c:\windows\ie8
2009-03-30 14:39 . 2009-02-28 06:55 105,984 --------- c:\windows\system32\dllcache\iecompat.dll
2009-03-30 14:33 . 2009-03-30 14:33 <REP> d-------- C:\rsit
2009-03-30 11:59 . 2009-03-30 11:59 <REP> d--hs---- C:\found.000
2009-03-30 11:45 . 2009-03-30 15:47 <REP> d-------- c:\program files\Hijackthis Version Française
2009-03-30 11:42 . 2009-03-30 20:18 <REP> d-------- c:\program files\Navilog1
2009-03-30 11:31 . 2009-03-30 20:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-30 10:35 . 2008-12-11 12:32 132,976 --a------ c:\windows\system32\drivers\PCTCore.sys
2009-03-30 10:35 . 2008-12-11 12:32 73,840 --a------ c:\windows\system32\drivers\PCTAppEvent.sys
2009-03-30 10:34 . 2008-12-11 08:38 159,600 --a------ c:\windows\system32\drivers\pctgntdi.sys
2009-03-30 10:34 . 2008-12-11 17:01 95,640 --a------ c:\windows\system32\drivers\pctplfw.sys
2009-03-21 12:41 . 2009-03-21 12:41 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\PCToolsFirewallPlus
2009-03-21 12:39 . 2009-03-30 10:37 <REP> d-------- c:\program files\PC Tools Firewall Plus
2009-03-21 12:39 . 2009-03-30 10:36 <REP> d-------- c:\program files\Fichiers communs\PC Tools
2009-03-21 12:39 . 2009-03-30 18:55 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-21 12:39 . 2008-09-22 12:29 97,408 --a------ c:\windows\system32\drivers\pctfw.sys
2009-03-21 12:12 . 2009-03-21 12:12 <REP> d-------- c:\program files\CCleaner
2009-03-21 10:57 . 2009-03-21 10:57 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Malwarebytes
2009-03-21 10:57 . 2009-03-21 10:57 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 08:58 . 2009-03-21 09:12 <REP> d-------- c:\program files\MSN Messenger
2009-03-21 08:58 . 2009-03-21 08:58 <REP> d-------- c:\program files\ATI Technologies
2009-03-20 20:52 . 2009-03-21 08:57 <REP> d-------- c:\program files\MSN Messenger(3)
2009-03-20 14:06 . 2009-03-21 08:58 <REP> d-------- c:\program files\MSN Messenger(2)
2009-03-20 08:27 . 2009-03-20 08:27 <REP> d-------- c:\temp\atmp8
2009-03-08 14:17 . 2009-03-08 14:17 57,344 --------- c:\windows\system32\msrating.dll.mui
2009-03-08 14:17 . 2009-03-08 14:17 2,560 --------- c:\windows\system32\mshta.exe.mui
2009-03-08 14:16 . 2009-03-08 14:16 4,096 --------- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 14:15 . 2009-03-08 14:15 81,920 --------- c:\windows\system32\iedkcs32.dll.mui
2009-02-17 14:07 . 2009-02-17 14:07 179 --a------ C:\handle.dat
2009-02-12 22:20 . 2009-02-12 22:20 7,466 --------- c:\windows\system32\IE8Eula.rtf
2009-02-12 04:09 . 2009-02-12 04:09 268 --ah----- C:\sqmdata15.sqm
2009-02-12 04:09 . 2009-02-12 04:09 244 --ah----- C:\sqmnoopt15.sqm
2009-02-03 17:53 . 2009-02-03 17:53 <REP> d-------- c:\documents and settings\HP_Propriétaire\Application Data\Template
2009-02-03 17:53 . 2009-02-26 10:38 58 --a------ c:\documents and settings\HP_Propriétaire\Application Data\wklnhst.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 13:05 --------- d-----w c:\program files\Java
2009-03-30 12:56 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-03-30 12:49 --------- d-----w c:\program files\Trend Micro
2009-03-29 23:30 --------- d-----w c:\program files\eMule
2009-03-21 10:40 --------- d-----w c:\program files\Google
2009-03-21 09:18 --------- d-----w c:\program files\IncrediMail
2009-03-21 07:07 --------- d-----w c:\documents and settings\HP_Propriétaire\Application Data\EoRezo
2009-03-20 11:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-08 12:09 638,816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 391,536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 5,937,152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:39 11,063,808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 914,944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 236,544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 193,536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 109,568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:34 105,984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 1,206,784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:33 759,296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 726,528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 420,352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 25,600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 229,376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 18,944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 125,952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 94,720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 72,704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:32 71,680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 02:32 611,840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 02:32 594,432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 02:32 55,808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 02:32 173,056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 02:32 163,840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 02:32 128,512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 02:32 1,985,024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 02:24 68,608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 02:22 156,160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 02:11 445,952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:05 1,846,912 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-07 16:21 26,144 ----a-w c:\windows\system32\spupdsvc.exe
2009-01-07 16:20 265,720 ----a-w c:\windows\system32\msdbg2.dll
2009-01-07 16:20 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-07 16:20 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-07 16:20 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-07 16:20 134,144 ------w c:\windows\system32\dllcache\sqmapi.dll
2008-12-20 22:46 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys
2008-12-05 06:57 144,896 ----a-w c:\windows\system32\schannel.dll
2008-12-05 06:57 144,896 ------w c:\windows\system32\dllcache\schannel.dll
2007-07-24 07:05 5,120 --sha-w c:\program files\Thumbs.db
2006-04-29 18:49 20,845 ----a-w c:\program files\imstp_chubbi_fr.gif
2006-04-27 09:23 4,097,738 ----a-w c:\program files\e-como.exe
2006-04-12 19:59 1,111 ----a-w c:\program files\untitled2.html
2006-04-12 03:52 5,675 ----a-w c:\program files\image001.jpg
2006-04-06 05:33 131,584 ----a-w c:\program files\G[1].SAND.pps
2006-03-28 18:29 327 ----a-w c:\program files\untitled1[1].2.html
2006-02-11 11:47 1,104,734 ----a-w c:\program files\dvdshrink_3.2.0.16_fr.zip
2006-07-16 11:16 22 --sha-w c:\windows\SMINST\HPCD.sys
2008-10-09 05:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008100920081010\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-30_18.15.53,76 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-30 16:14:59 245,760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-03-30 17:00:39 245,760 --sha-w c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-03-30 16:55:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_700.dat
+ 2009-03-30 16:55:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2008-12-11 2652056]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2006-01-15 962663]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-21 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-03-30 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-21 20560]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-03-30 73840]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-03-30 95640]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenu du dossier 'Tâches planifiées'

2009-03-27 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 00:10]

2009-03-30 c:\windows\Tasks\User_Feed_Synchronization-{B1E67FB9-CBC8-4269-B606-0548CB38FFCC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
.
.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;GERARD
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-30 20:27:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-03-30 20:29:24
ComboFix-quarantined-files.txt 2009-03-30 18:29:16
ComboFix2.txt 2009-03-30 17:03:07
ComboFix3.txt 2009-03-30 16:17:34

Avant-CF: 92 500 504 576 octets libres
Après-CF: 92,490,088,448 octets libres

229 --- E O F --- 2009-03-23 02:00:39


Ca m'a crée un deuxième internet explorer ???
0