A squared antimalware arrête mon système
Lukas76
-
lesane662 Messages postés 1564 Statut Membre -
lesane662 Messages postés 1564 Statut Membre -
Bonjour,
Suite à une infection avec winpc defender, je ne peux plus déclancher maleware antimalware, du coup j'ai utilisé asquared ...A squared a analysé tout mon pc et lorsqu'il met en quarantaine le TR Alureon j'ai une fenêtre "arrête système"
Aoprès 2 essais j'ia réussi à enregistré le rapport de a squared
Y a -t-il qqn pour sauver mon pc?????
Version - a-squared Anti-Malware 4.0
Dernière mise à jour : 09/04/2009 18:26:33
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Arrêt
Balaye dans les ADS : Marche
Début du balayage : 09/04/2009 18:34:04
[840] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[884] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[980] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[1032] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[1156] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[1836] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
c:\program files\webteh\bsplayer Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\doc Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\lang Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\plugins Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\skins Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base Objets détectés : Trace.Directory.BSplayer!A2
c:\documents and settings\sabrina\application data\microsoft\internet explorer\quick launch\titan poker.lnk Objets détectés : Trace.File.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Elapse Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Not_Response Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_TimeOut Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> serial Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> test_data Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upd_Flag Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upg_Date Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> fullpath Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> INSTALLER_GUID Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> URL_CASINO_2 Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_minplayers Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_playmode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_realmode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_10players Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_12players Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_6players Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_beginner Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_buyin Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_gametype Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_headsup Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_scheduled Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_sitngo Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_startin Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> lobby_favouritegames Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_dealervoices Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_music Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_avatar_num Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_empty Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_finished Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_full Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_inprogress Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_showsidegames Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_smallview Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_sounds Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_xlslots Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-fullscreen Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-volume Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_login_type Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_nickname Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> ptdevm Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_first Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_second Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_first Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_second Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> tribeca_playernotes Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> username Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ButtonText Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> CLSID Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Default Visible Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Exec Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> HotIcon Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Icon Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> MenuText Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ToolTip Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> account Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> advertisercode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> banner Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> creferer Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> homedir Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> profile Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> referer Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> safemode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall_lang Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order Objets détectés : Trace.Registry.Emule 5.0!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> fstart Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> id Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Minimize Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Scan Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> site Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Start Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> UpdateDate Objets détectés : Trace.Registry.Win PC Defender!A2
c:\program files\webteh\bsplayer\bplay.exe Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bspfilters.sam Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsplay.exe Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsplayer.exe Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsplayer.exe.manifest Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsrendv2.dll Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\changes.txt Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\doc\cmdline.txt Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\doc\ini_files.html Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\plugins\oldskin.dll Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\bsp.h Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\bsp.pas Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\bspplg.h Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\bspplg.pas Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base\prevd.bmp Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base\rgn.dat Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base\skin.ini Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\bat lite.bsz Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\mediabox v-1.bsz Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\mediabox v-2.bsz Objets détectés : Trace.File.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName Objets détectés : Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString Objets détectés : Trace.Registry.BSplayer!A2
C:\Documents and Settings\Sabrina\Cookies\sabrina@commentcamarche[2].txt Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\Sabrina\Cookies\sabrina@stat.dealtime[2].txt Objets détectés : Trace.TrackingCookie.stat.dealtime!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239040977062500 Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239041572796876 Objets détectés : Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239041576765632 Objets détectés : Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239041576765635 Objets détectés : Trace.TrackingCookie.count!A2
Analysé
Fichiers : 94119
Traces : 654445
Cookies : 161
Processus : 38
Objets trouvés
Fichiers : 0
Traces : 123
Cookies : 6
Processus : 6
Clés de Registre : 0
Fin du balayage : 09/04/2009 20:17:27
Temps du balayage : 1:43:23
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> fstart En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> id En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Minimize En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Scan En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> site En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Start En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> UpdateDate En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_minplayers En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_playmode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_realmode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_10players En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_12players En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_6players En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_beginner En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_buyin En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_gametype En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_headsup En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_scheduled En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_sitngo En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_startin En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> lobby_favouritegames En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_dealervoices En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_music En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_avatar_num En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_empty En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_finished En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_full En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_inprogress En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_showsidegames En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_smallview En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_sounds En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_xlslots En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-fullscreen En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-volume En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_login_type En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_nickname En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> ptdevm En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_first En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_second En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_first En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_second En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> tribeca_playernotes En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> username En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ButtonText En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> CLSID En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Default Visible En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Exec En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> HotIcon En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Icon En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> MenuText En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ToolTip En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> account En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> advertisercode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> banner En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> creferer En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> homedir En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> profile En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> referer En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> safemode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall_lang En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Elapse En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Not_Response En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_TimeOut En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> serial En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> test_data En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upd_Flag En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upg_Date En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> fullpath En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> INSTALLER_GUID En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> URL_CASINO_2 En quarantaine Trace.Registry.Pacific Poker!A2
c:\documents and settings\sabrina\application data\microsoft\internet explorer\quick launch\titan poker.lnk En quarantaine Trace.File.Titan Poker!A2
[840] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[884] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[980] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[1032] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[1156] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[1836] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
En quarantaine
Fichiers : 0
Traces : 76
Cookies : 0
Merci de m'aider
Suite à une infection avec winpc defender, je ne peux plus déclancher maleware antimalware, du coup j'ai utilisé asquared ...A squared a analysé tout mon pc et lorsqu'il met en quarantaine le TR Alureon j'ai une fenêtre "arrête système"
Aoprès 2 essais j'ia réussi à enregistré le rapport de a squared
Y a -t-il qqn pour sauver mon pc?????
Version - a-squared Anti-Malware 4.0
Dernière mise à jour : 09/04/2009 18:26:33
Paramètres des balayages :
Éléments : Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Balaye dans les archives : Marche
Analyse heuristique : Arrêt
Balaye dans les ADS : Marche
Début du balayage : 09/04/2009 18:34:04
[840] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[884] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[980] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[1032] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[1156] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
[1836] \\?\globalroot\systemroot\system32\UACyojngesm.dll Objets détectés : Trojan.Win32.Alureon!IK
c:\program files\webteh\bsplayer Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\doc Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\lang Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\plugins Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\skins Objets détectés : Trace.Directory.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base Objets détectés : Trace.Directory.BSplayer!A2
c:\documents and settings\sabrina\application data\microsoft\internet explorer\quick launch\titan poker.lnk Objets détectés : Trace.File.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Elapse Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Not_Response Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_TimeOut Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> serial Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> test_data Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upd_Flag Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upg_Date Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> fullpath Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> INSTALLER_GUID Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> URL_CASINO_2 Objets détectés : Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_minplayers Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_playmode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_realmode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_10players Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_12players Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_6players Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_beginner Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_buyin Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_gametype Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_headsup Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_scheduled Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_sitngo Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_startin Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> lobby_favouritegames Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_dealervoices Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_music Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_avatar_num Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_empty Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_finished Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_full Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_inprogress Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_showsidegames Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_smallview Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_sounds Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_xlslots Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-fullscreen Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-volume Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_login_type Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_nickname Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> ptdevm Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_first Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_second Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_first Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_second Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> tribeca_playernotes Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> username Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ButtonText Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> CLSID Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Default Visible Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Exec Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> HotIcon Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Icon Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> MenuText Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ToolTip Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> account Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> advertisercode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> banner Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> creferer Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> homedir Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> profile Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> referer Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> safemode Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall_lang Objets détectés : Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Emule --> Order Objets détectés : Trace.Registry.Emule 5.0!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> fstart Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> id Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Minimize Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Scan Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> site Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Start Objets détectés : Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> UpdateDate Objets détectés : Trace.Registry.Win PC Defender!A2
c:\program files\webteh\bsplayer\bplay.exe Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bspfilters.sam Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsplay.exe Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsplayer.exe Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsplayer.exe.manifest Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\bsrendv2.dll Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\changes.txt Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\doc\cmdline.txt Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\doc\ini_files.html Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\plugins\oldskin.dll Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\bsp.h Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\bsp.pas Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\bspplg.h Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\bspplg.pas Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.def Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsp Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sample_plugin.dsw Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample\sampleplugin.c Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.c Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_sub.def Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsp Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\c\sample_subtitles\sample_subtitles.dsw Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample\sample_plugin.dpr Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\sdk\plugins\delphi\sample_subtitles\sample_sub.dpr Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base\prevd.bmp Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base\rgn.dat Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\base\skin.ini Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\bat lite.bsz Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\mediabox v-1.bsz Objets détectés : Trace.File.BSplayer!A2
c:\program files\webteh\bsplayer\skins\mediabox v-2.bsz Objets détectés : Trace.File.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> DisplayName Objets détectés : Trace.Registry.BSplayer!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 --> UninstallString Objets détectés : Trace.Registry.BSplayer!A2
C:\Documents and Settings\Sabrina\Cookies\sabrina@commentcamarche[2].txt Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\Sabrina\Cookies\sabrina@stat.dealtime[2].txt Objets détectés : Trace.TrackingCookie.stat.dealtime!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239040977062500 Objets détectés : Trace.TrackingCookie.com!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239041572796876 Objets détectés : Trace.TrackingCookie.tradedoubler!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239041576765632 Objets détectés : Trace.TrackingCookie.pop!A2
C:\Documents and Settings\Sabrina\Application Data\Mozilla\Firefox\Profiles\8nd30uud.default\cookies.sqlite:1239041576765635 Objets détectés : Trace.TrackingCookie.count!A2
Analysé
Fichiers : 94119
Traces : 654445
Cookies : 161
Processus : 38
Objets trouvés
Fichiers : 0
Traces : 123
Cookies : 6
Processus : 6
Clés de Registre : 0
Fin du balayage : 09/04/2009 20:17:27
Temps du balayage : 1:43:23
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> fstart En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> id En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Minimize En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Scan En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> site En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> Start En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\WinPC Defender --> UpdateDate En quarantaine Trace.Registry.Win PC Defender!A2
Value: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping --> {49783ED4-258D-4f9f-BE11-137C18D3E543} En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_minplayers En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_playmode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> table_realmode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_10players En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_12players En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_6players En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_beginner En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_buyin En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_gametype En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_headsup En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_scheduled En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_sitngo En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker\QuickSearch --> tour_startin En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> lobby_favouritegames En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_dealervoices En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_music En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_avatar_num En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_empty En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_finished En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_full En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_filter_inprogress En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_showsidegames En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_poker_smallview En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_sounds En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options_xlslots En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-fullscreen En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> options-volume En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_login_type En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> poker_nickname En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> ptdevm En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_first En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortby_second En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_first En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> selected_node_sortorder_second En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> tribeca_playernotes En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\Titan Poker --> username En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ButtonText En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> CLSID En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Default Visible En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Exec En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> HotIcon En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> Icon En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> MenuText En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{49783ED4-258D-4f9f-BE11-137C18D3E543} --> ToolTip En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> account En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> advertisercode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> banner En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> creferer En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> homedir En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> profile En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> referer En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> safemode En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Titan Poker --> uninstall_lang En quarantaine Trace.Registry.Titan Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Elapse En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_Not_Response En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> Reconnection_TimeOut En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> serial En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\init --> test_data En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upd_Flag En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pacificpoker\poker\SDL --> Upg_Date En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> fullpath En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> INSTALLER_GUID En quarantaine Trace.Registry.Pacific Poker!A2
Value: HKEY_USERS\S-1-5-21-1078081533-1677128483-725345543-1004\Software\pokerinstaller --> URL_CASINO_2 En quarantaine Trace.Registry.Pacific Poker!A2
c:\documents and settings\sabrina\application data\microsoft\internet explorer\quick launch\titan poker.lnk En quarantaine Trace.File.Titan Poker!A2
[840] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[884] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[980] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[1032] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[1156] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
[1836] \\?\globalroot\systemroot\system32\UACyojngesm.dll En quarantaine Trojan.Win32.Alureon!IK
En quarantaine
Fichiers : 0
Traces : 76
Cookies : 0
Merci de m'aider
A voir également:
- A squared antimalware arrête mon système
- Vérificateur des fichiers système - Guide
- Restauration systeme windows 10 - Guide
- Vous avez besoin d'une autorisation de la part de système pour modifier ce dossier - Guide
- Paramètres s'arrête systématiquement ✓ - Forum Samsung
- La zone de données passée à un appel système est insuffisante - Windows 11
4 réponses
salut,
tout d'abord est ce MALWAREBYTES que tu n'arrive plus a lancer ?
tout d'abord est ce MALWAREBYTES que tu n'arrive plus a lancer ?
Lukas76
OUi c'est ça. c'est pourquoi j'ai pris un autre antimalware et installé a-squared
sur ton bureau installe ce logiciel : Hijackthis
ensuite clic sur l icone qui est apparu
puis une fois le programme ouvert clic sur "Do a system scan and save the logfile"
puis post le rapport ici !
ensuite clic sur l icone qui est apparu
puis une fois le programme ouvert clic sur "Do a system scan and save the logfile"
puis post le rapport ici !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 19:42:20, on 10/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/n1tVyLM1X_bsMDkmNZSoCfBJmFxwdCX3vzdAIKZfGaR6kkx25V8qFkq9a13F/4Hl.cgi
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Microsoft Registry] csrse.exe
O4 - HKLM\..\Run: [IRAViriiWhee] irvirii32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "G:\Programmes installés 2\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\RunServices: [Microsoft Registry] csrse.exe
O4 - HKLM\..\RunServices: [IRAViriiWhee] irvirii32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Registry] csrse.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
▶ Telecharge http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe sur ton bureau :
▶ Lance l installation avec les parametres par default
▶ Double clic sur le raccourci FindyKill sur ton bureau
▶ Au menu principal,choisi l option 1 (Recherche)
▶ Post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
▶ Lance l installation avec les parametres par default
▶ Double clic sur le raccourci FindyKill sur ton bureau
▶ Au menu principal,choisi l option 1 (Recherche)
▶ Post le rapport FindyKill.txt
* Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
############################## [ FindyKill V4.722 ]
# User : Sabrina (Administrateurs) # SABRI
# Update on 04/04/09 by Chiquitine29
# Start at: 20:21:18 | 10/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) 4 CPU 1.50GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Lavasoft Ad-Watch Live! AntiVirus [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,26 Go (20,21 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 9,77 Go (736,1 Mo free) # NTFS
# G:\ # Disque fixe local # 104,72 Go (4,07 Go free) # NTFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
################## [ C:\WINDOWS\System32... ]
################## [ C:\Documents and Settings\Sabrina\Application Data ]
################## [ C:\Documents and Settings\Sabrina...\Temp Files... ]
################## [ Registre / Clés infectieuses ]
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.722 ! ]
# User : Sabrina (Administrateurs) # SABRI
# Update on 04/04/09 by Chiquitine29
# Start at: 20:21:18 | 10/04/2009
# Website : http://pagesperso-orange.fr/FindyKill.Ad.Remover/
# Intel(R) Pentium(R) 4 CPU 1.50GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Lavasoft Ad-Watch Live! AntiVirus [ Enabled | Updated ]
# AV : Avira AntiVir PersonalEdition Classic 8.0.1.30 [ Enabled | Updated ]
# AV : a-squared Anti-Malware 4 [ (!) Disabled | Updated ]
# FW : ZoneAlarm Firewall[ Enabled ]7.0.483.000
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,26 Go (20,21 Go free) # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 9,77 Go (736,1 Mo free) # NTFS
# G:\ # Disque fixe local # 104,72 Go (4,07 Go free) # NTFS
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
G:\Programmes installés 2\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ctfmon.exe
G:\Programmes installés 2\SpywareGuard\sgmain.exe
G:\Programmes installés 2\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ C:\WINDOWS # C:\WINDOWS\Prefetch ]
################## [ C:\WINDOWS\System32... ]
################## [ C:\Documents and Settings\Sabrina\Application Data ]
################## [ C:\Documents and Settings\Sabrina...\Temp Files... ]
################## [ Registre / Clés infectieuses ]
################## [ Recherche dans supports amovibles]
# Recherche fichiers connus :
################## [ Registre / Mountpoint2 ]
# -> Not found !
################## [ ! Fin du rapport # FindyKill V4.722 ! ]
Relance hijacthis et clic sur "Do a system scan only"
ensuite dans le résultat de l'analyse coche les cases qui sont devant ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/
02 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
Ensuite clic sur "fix checked" puis redémarre ton PC
ensuite dans le résultat de l'analyse coche les cases qui sont devant ces lignes :
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.obaefcxqercjqcefobev.info/
02 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - G:\Programmes installés 2\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ukskowq] "c:\documents and settings\sabrina\local settings\application data\ukskowq.exe" ukskowq
O4 - S-1-5-18 Startup: SpywareGuard.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: SpywareGuard.lnk = ? (User 'Default user')
O4 - Startup: SpywareGuard.lnk = ?
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZW9704XXXFR
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
Ensuite clic sur "fix checked" puis redémarre ton PC
