Aide pour analyse Log HijackThis svp
oudad
-
Utilisateur anonyme -
Utilisateur anonyme -
Logfile of HijackThis v1.99.0
Scan saved at 15:18:51, on 17/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RMCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bckdj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yeak.net?598
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\ELITESIDEBAR VERSION 8.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSOffice] C:\WINDOWS\SYSTEM\MSOFFICE\SERVICES.EXE
O4 - HKLM\..\Run: [bagakfgtuzd] C:\WINDOWS\SYSTEM\pyzgiom.exe
O4 - HKLM\..\Run: [4txmnvrr] C:\WINDOWS\TEMP\4TXMNVRR.EXE
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c89 -w
O4 - HKLM\..\Run: [bAO1] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [¢‰¸ï04Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVJKD32.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [xylkhux] C:\WINDOWS\xylkhux.exe
O4 - HKLM\..\Run: [Software] C:\WINDOWS\SYSTEM\SOFTWARE\SOFTWARE.EXE
O4 - HKLM\..\Run: [B098984E] C:\WINDOWS\SYSTEM32\URUUUURU.EXE
O4 - HKLM\..\Run: [unkvcvkl] C:\WINDOWS\unkvcvkl.exe
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe wnim.dll, DllRegisterServer
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NTHI.EXE] C:\WINDOWS\SYSTEM\NTHI.EXE
O4 - HKLM\..\RunServices: [APPGR32.EXE] C:\WINDOWS\SYSTEM\APPGR32.EXE
O4 - HKLM\..\RunServices: [ADDTJ32.EXE] C:\WINDOWS\ADDTJ32.EXE
O4 - HKLM\..\RunServices: [APPFK32.EXE] C:\WINDOWS\SYSTEM\APPFK32.EXE
O4 - HKLM\..\RunServices: [NETXV.EXE] C:\WINDOWS\NETXV.EXE
O4 - HKLM\..\RunServices: [ADDGL.EXE] C:\WINDOWS\ADDGL.EXE
O4 - HKLM\..\RunServices: [MFCUX.EXE] C:\WINDOWS\MFCUX.EXE
O4 - HKLM\..\RunServices: [D3QS.EXE] C:\WINDOWS\SYSTEM\D3QS.EXE
O4 - HKLM\..\RunServices: [WINUW32.EXE] C:\WINDOWS\WINUW32.EXE
O4 - HKLM\..\RunServices: [JAVAVH.EXE] C:\WINDOWS\JAVAVH.EXE
O4 - HKLM\..\RunServices: [JAVAOL32.EXE] C:\WINDOWS\SYSTEM\JAVAOL32.EXE
O4 - HKLM\..\RunServices: [ATLRS32.EXE] C:\WINDOWS\SYSTEM\ATLRS32.EXE
O4 - HKLM\..\RunServices: [IPGC32.EXE] C:\WINDOWS\SYSTEM\IPGC32.EXE
O4 - HKLM\..\RunServices: [SDKON32.EXE] C:\WINDOWS\SDKON32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Amsr] C:\WINDOWS\Application Data\uisa.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\78I12UVN\explorer89[1].cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup154.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26cb1018a81531e3ec05/netzip/RdxIE601_fr.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ma/games3.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/toolbar.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {2195BEA6-FEA1-0185-68D1-310D4A6EDCFB} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {204AB4ED-6BA3-4F36-B85F-7D9A1096BC89} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {27D161BC-42D8-75DD-4192-67396F664574} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6E0029D9-E8DF-4F5C-727F-6D5F79A66AFC} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {0E0CC7F4-D541-21A0-39B6-287A25DF0C88} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04CB7E11-6332-2610-2729-428C59A6B6C6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1D9C106F-49E5-3963-D54E-16EA11F9BD87} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {4CDB1569-BC25-20ED-4746-43117A16415C} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {584037FD-EB99-6774-D5B1-6B6E22C04E38} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1220A428-B664-352D-693C-24CF6E1EFE9E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {599B2BB8-29C5-49DF-BAD9-210603D24CC6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {66DE7B6B-07F8-0811-9D60-3F5D2CB69938} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {738BBBEB-1174-19C3-CC76-32EC40EF9914} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {2CB086E1-EF30-2C66-8E1B-2A8733EA840D} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D899FF1-7C61-1434-B9D7-6D4F3BF93B35} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {51943244-A28D-3E2D-31D4-4DDF4296F55A} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04B58104-C182-4A8A-37BC-447F77F923A3} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {277F8518-553E-5BB3-D962-26020523FFEE} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D9BD542-4122-4652-AC8A-18F74F70AD1E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {344C3E72-D662-0FE5-0B4F-4156577E1724} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {3CFD1FBD-9199-5730-336A-349A5D890EE4} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {225BB050-4308-7B9E-B76A-16E520DB9702} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {16679E1A-0DF6-6FDC-A713-62647BFD95D6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {583F4A0B-8EC0-23E9-07E5-203D426D3088} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/15yf09fg.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_FR.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
Merci de votre collaboration
Scan saved at 15:18:51, on 17/01/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RMCTRL.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bckdj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yeak.net?598
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\ELITESIDEBAR VERSION 8.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSOffice] C:\WINDOWS\SYSTEM\MSOFFICE\SERVICES.EXE
O4 - HKLM\..\Run: [bagakfgtuzd] C:\WINDOWS\SYSTEM\pyzgiom.exe
O4 - HKLM\..\Run: [4txmnvrr] C:\WINDOWS\TEMP\4TXMNVRR.EXE
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c89 -w
O4 - HKLM\..\Run: [bAO1] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [¢‰¸ï04Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVJKD32.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAM FILES\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [xylkhux] C:\WINDOWS\xylkhux.exe
O4 - HKLM\..\Run: [Software] C:\WINDOWS\SYSTEM\SOFTWARE\SOFTWARE.EXE
O4 - HKLM\..\Run: [B098984E] C:\WINDOWS\SYSTEM32\URUUUURU.EXE
O4 - HKLM\..\Run: [unkvcvkl] C:\WINDOWS\unkvcvkl.exe
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe wnim.dll, DllRegisterServer
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [NTHI.EXE] C:\WINDOWS\SYSTEM\NTHI.EXE
O4 - HKLM\..\RunServices: [APPGR32.EXE] C:\WINDOWS\SYSTEM\APPGR32.EXE
O4 - HKLM\..\RunServices: [ADDTJ32.EXE] C:\WINDOWS\ADDTJ32.EXE
O4 - HKLM\..\RunServices: [APPFK32.EXE] C:\WINDOWS\SYSTEM\APPFK32.EXE
O4 - HKLM\..\RunServices: [NETXV.EXE] C:\WINDOWS\NETXV.EXE
O4 - HKLM\..\RunServices: [ADDGL.EXE] C:\WINDOWS\ADDGL.EXE
O4 - HKLM\..\RunServices: [MFCUX.EXE] C:\WINDOWS\MFCUX.EXE
O4 - HKLM\..\RunServices: [D3QS.EXE] C:\WINDOWS\SYSTEM\D3QS.EXE
O4 - HKLM\..\RunServices: [WINUW32.EXE] C:\WINDOWS\WINUW32.EXE
O4 - HKLM\..\RunServices: [JAVAVH.EXE] C:\WINDOWS\JAVAVH.EXE
O4 - HKLM\..\RunServices: [JAVAOL32.EXE] C:\WINDOWS\SYSTEM\JAVAOL32.EXE
O4 - HKLM\..\RunServices: [ATLRS32.EXE] C:\WINDOWS\SYSTEM\ATLRS32.EXE
O4 - HKLM\..\RunServices: [IPGC32.EXE] C:\WINDOWS\SYSTEM\IPGC32.EXE
O4 - HKLM\..\RunServices: [SDKON32.EXE] C:\WINDOWS\SDKON32.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Amsr] C:\WINDOWS\Application Data\uisa.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O4 - Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR.DLL/cmbacklinks.html
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\78I12UVN\explorer89[1].cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup154.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26cb1018a81531e3ec05/netzip/RdxIE601_fr.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ma/games3.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/toolbar.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {2195BEA6-FEA1-0185-68D1-310D4A6EDCFB} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {204AB4ED-6BA3-4F36-B85F-7D9A1096BC89} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {27D161BC-42D8-75DD-4192-67396F664574} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6E0029D9-E8DF-4F5C-727F-6D5F79A66AFC} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {0E0CC7F4-D541-21A0-39B6-287A25DF0C88} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04CB7E11-6332-2610-2729-428C59A6B6C6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1D9C106F-49E5-3963-D54E-16EA11F9BD87} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {4CDB1569-BC25-20ED-4746-43117A16415C} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {584037FD-EB99-6774-D5B1-6B6E22C04E38} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1220A428-B664-352D-693C-24CF6E1EFE9E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {599B2BB8-29C5-49DF-BAD9-210603D24CC6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {66DE7B6B-07F8-0811-9D60-3F5D2CB69938} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {738BBBEB-1174-19C3-CC76-32EC40EF9914} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {2CB086E1-EF30-2C66-8E1B-2A8733EA840D} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D899FF1-7C61-1434-B9D7-6D4F3BF93B35} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {51943244-A28D-3E2D-31D4-4DDF4296F55A} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04B58104-C182-4A8A-37BC-447F77F923A3} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {277F8518-553E-5BB3-D962-26020523FFEE} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D9BD542-4122-4652-AC8A-18F74F70AD1E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {344C3E72-D662-0FE5-0B4F-4156577E1724} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {3CFD1FBD-9199-5730-336A-349A5D890EE4} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {225BB050-4308-7B9E-B76A-16E520DB9702} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {16679E1A-0DF6-6FDC-A713-62647BFD95D6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {583F4A0B-8EC0-23E9-07E5-203D426D3088} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/15yf09fg.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_FR.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
Merci de votre collaboration
A voir également:
- Aide pour analyse Log HijackThis svp
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Nouveau tag analysé - Forum Huawei
1 réponse
Salut
Salut
redemarres en mode sans echec(presser F8 des l'allumage du pc)
termines ces process et supprimes les exe
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
ensuite coches et fixes ca
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bckdj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yeak.net?598
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\ELITESIDEBAR VERSION 8.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [MSOffice] C:\WINDOWS\SYSTEM\MSOFFICE\SERVICES.EXE
O4 - HKLM\..\Run: [bagakfgtuzd] C:\WINDOWS\SYSTEM\pyzgiom.exe
O4 - HKLM\..\Run: [4txmnvrr] C:\WINDOWS\TEMP\4TXMNVRR.EXE
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c89 -w
O4 - HKLM\..\Run: [bAO1] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [¢‰¸ï04Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVJKD32.EXE
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [xylkhux] C:\WINDOWS\xylkhux.exe
O4 - HKLM\..\Run: [xylkhux] C:\WINDOWS\xylkhux.exe
O4 - HKLM\..\Run: [Software] C:\WINDOWS\SYSTEM\SOFTWARE\SOFTWARE.EXE
O4 - HKLM\..\Run: [B098984E] C:\WINDOWS\SYSTEM32\URUUUURU.EXE
O4 - HKLM\..\Run: [unkvcvkl] C:\WINDOWS\unkvcvkl.exe
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\RunServices: [NTHI.EXE] C:\WINDOWS\SYSTEM\NTHI.EXE
O4 - HKLM\..\RunServices: [APPGR32.EXE] C:\WINDOWS\SYSTEM\APPGR32.EXE
O4 - HKLM\..\RunServices: [ADDTJ32.EXE] C:\WINDOWS\ADDTJ32.EXE
O4 - HKLM\..\RunServices: [APPFK32.EXE] C:\WINDOWS\SYSTEM\APPFK32.EXE
O4 - HKLM\..\RunServices: [NETXV.EXE] C:\WINDOWS\NETXV.EXE
O4 - HKLM\..\RunServices: [ADDGL.EXE] C:\WINDOWS\ADDGL.EXE
O4 - HKLM\..\RunServices: [MFCUX.EXE] C:\WINDOWS\MFCUX.EXE
O4 - HKLM\..\RunServices: [D3QS.EXE] C:\WINDOWS\SYSTEM\D3QS.EXE
O4 - HKLM\..\RunServices: [WINUW32.EXE] C:\WINDOWS\WINUW32.EXE
O4 - HKLM\..\RunServices: [JAVAVH.EXE] C:\WINDOWS\JAVAVH.EXE
O4 - HKLM\..\RunServices: [JAVAOL32.EXE] C:\WINDOWS\SYSTEM\JAVAOL32.EXE
O4 - HKLM\..\RunServices: [ATLRS32.EXE] C:\WINDOWS\SYSTEM\ATLRS32.EXE
O4 - HKLM\..\RunServices: [IPGC32.EXE] C:\WINDOWS\SYSTEM\IPGC32.EXE
O4 - HKLM\..\RunServices: [SDKON32.EXE] C:\WINDOWS\SDKON32.EXE
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Amsr] C:\WINDOWS\Application Data\uisa.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\78I12UVN\explorer89[1].cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup154.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26cb1018a81531e3ec05/netzip/RdxIE601_fr.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ma/games3.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/toolbar.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {2195BEA6-FEA1-0185-68D1-310D4A6EDCFB} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {204AB4ED-6BA3-4F36-B85F-7D9A1096BC89} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {27D161BC-42D8-75DD-4192-67396F664574} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6E0029D9-E8DF-4F5C-727F-6D5F79A66AFC} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {0E0CC7F4-D541-21A0-39B6-287A25DF0C88} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04CB7E11-6332-2610-2729-428C59A6B6C6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1D9C106F-49E5-3963-D54E-16EA11F9BD87} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {4CDB1569-BC25-20ED-4746-43117A16415C} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {584037FD-EB99-6774-D5B1-6B6E22C04E38} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1220A428-B664-352D-693C-24CF6E1EFE9E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {599B2BB8-29C5-49DF-BAD9-210603D24CC6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {66DE7B6B-07F8-0811-9D60-3F5D2CB69938} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {738BBBEB-1174-19C3-CC76-32EC40EF9914} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {2CB086E1-EF30-2C66-8E1B-2A8733EA840D} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D899FF1-7C61-1434-B9D7-6D4F3BF93B35} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {51943244-A28D-3E2D-31D4-4DDF4296F55A} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04B58104-C182-4A8A-37BC-447F77F923A3} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {277F8518-553E-5BB3-D962-26020523FFEE} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D9BD542-4122-4652-AC8A-18F74F70AD1E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {344C3E72-D662-0FE5-0B4F-4156577E1724} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {3CFD1FBD-9199-5730-336A-349A5D890EE4} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {225BB050-4308-7B9E-B76A-16E520DB9702} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {16679E1A-0DF6-6FDC-A713-62647BFD95D6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {583F4A0B-8EC0-23E9-07E5-203D426D3088} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/15yf09fg.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_FR.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
Il est clair qu'il aurait ete plus simple de te dire quoi NE PAS COCHER......
Salut
redemarres en mode sans echec(presser F8 des l'allumage du pc)
termines ces process et supprimes les exe
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\RUNDLL32.EXE
ensuite coches et fixes ca
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bckdj.dll/sp.html#29126
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=1001547
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yeak.net?598
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O2 - BHO: &EliteSideBar - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - C:\ELITESIDEBAR VERSION 8.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 58.dll
O4 - HKLM\..\Run: [MSOffice] C:\WINDOWS\SYSTEM\MSOFFICE\SERVICES.EXE
O4 - HKLM\..\Run: [bagakfgtuzd] C:\WINDOWS\SYSTEM\pyzgiom.exe
O4 - HKLM\..\Run: [4txmnvrr] C:\WINDOWS\TEMP\4TXMNVRR.EXE
O4 - HKLM\..\Run: [explorer] C:\WINDOWS\system32\explorer.exe -go -c89 -w
O4 - HKLM\..\Run: [bAO1] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [¢‰¸ï04Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [kalvsys] C:\WINDOWS\SYSTEM\KALVJKD32.EXE
O4 - HKLM\..\Run: [¢‰¸ï0+¿ÔÇè]mú*àaîžiC:\Program Files\ISTsvc\istsvc.exe] C:\LYSAYK.EXE
O4 - HKLM\..\Run: [xylkhux] C:\WINDOWS\xylkhux.exe
O4 - HKLM\..\Run: [xylkhux] C:\WINDOWS\xylkhux.exe
O4 - HKLM\..\Run: [Software] C:\WINDOWS\SYSTEM\SOFTWARE\SOFTWARE.EXE
O4 - HKLM\..\Run: [B098984E] C:\WINDOWS\SYSTEM32\URUUUURU.EXE
O4 - HKLM\..\Run: [unkvcvkl] C:\WINDOWS\unkvcvkl.exe
O4 - HKLM\..\Run: [FX] C:\WINDOWS\DOWNLOADED PROGRAM FILES\IELOADER.EXE
O4 - HKLM\..\Run: [Power Scan] C:\PROGRAM FILES\POWER SCAN\POWERSCAN.EXE
O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM\winldra.exe
O4 - HKLM\..\RunServices: [NTHI.EXE] C:\WINDOWS\SYSTEM\NTHI.EXE
O4 - HKLM\..\RunServices: [APPGR32.EXE] C:\WINDOWS\SYSTEM\APPGR32.EXE
O4 - HKLM\..\RunServices: [ADDTJ32.EXE] C:\WINDOWS\ADDTJ32.EXE
O4 - HKLM\..\RunServices: [APPFK32.EXE] C:\WINDOWS\SYSTEM\APPFK32.EXE
O4 - HKLM\..\RunServices: [NETXV.EXE] C:\WINDOWS\NETXV.EXE
O4 - HKLM\..\RunServices: [ADDGL.EXE] C:\WINDOWS\ADDGL.EXE
O4 - HKLM\..\RunServices: [MFCUX.EXE] C:\WINDOWS\MFCUX.EXE
O4 - HKLM\..\RunServices: [D3QS.EXE] C:\WINDOWS\SYSTEM\D3QS.EXE
O4 - HKLM\..\RunServices: [WINUW32.EXE] C:\WINDOWS\WINUW32.EXE
O4 - HKLM\..\RunServices: [JAVAVH.EXE] C:\WINDOWS\JAVAVH.EXE
O4 - HKLM\..\RunServices: [JAVAOL32.EXE] C:\WINDOWS\SYSTEM\JAVAOL32.EXE
O4 - HKLM\..\RunServices: [ATLRS32.EXE] C:\WINDOWS\SYSTEM\ATLRS32.EXE
O4 - HKLM\..\RunServices: [IPGC32.EXE] C:\WINDOWS\SYSTEM\IPGC32.EXE
O4 - HKLM\..\RunServices: [SDKON32.EXE] C:\WINDOWS\SDKON32.EXE
O4 - HKCU\..\Run: [eZmmod] C:\PROGRA~1\ezula\mmod.exe
O4 - HKCU\..\Run: [Amsr] C:\WINDOWS\Application Data\uisa.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1057.dll,InstantAccess
O8 - Extra context menu item: Web Rebates - file://C:\PROGRAM FILES\WEB_REBATES\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL (file missing)
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.topconverting.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O16 - DPF: {11111111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\78I12UVN\explorer89[1].cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup154.cab
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version5/Applet/wchatsign.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversInitialSetup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/26cb1018a81531e3ec05/netzip/RdxIE601_fr.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-intl/ma/games3.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {C4D5E343-9494-97E4-8635-440B49E25FD5} - http://www.interbusca.com/s/toolbar/install/toolbar.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab
O16 - DPF: {3AEA6239-7D97-4B70-A342-A824B55E5A5B} (Adam Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Eve.cab
O16 - DPF: {7CAA184C-91E7-4E84-8681-32F2A0D68DF1} (Apollon Class) - http://htmldialer.parisvoyeur.com/CABSPOLY/cd/1,0,3,8/fr/Daphne.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {2195BEA6-FEA1-0185-68D1-310D4A6EDCFB} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {204AB4ED-6BA3-4F36-B85F-7D9A1096BC89} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {27D161BC-42D8-75DD-4192-67396F664574} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6E0029D9-E8DF-4F5C-727F-6D5F79A66AFC} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {0E0CC7F4-D541-21A0-39B6-287A25DF0C88} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04CB7E11-6332-2610-2729-428C59A6B6C6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1D9C106F-49E5-3963-D54E-16EA11F9BD87} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {4CDB1569-BC25-20ED-4746-43117A16415C} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {584037FD-EB99-6774-D5B1-6B6E22C04E38} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {1220A428-B664-352D-693C-24CF6E1EFE9E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {599B2BB8-29C5-49DF-BAD9-210603D24CC6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {66DE7B6B-07F8-0811-9D60-3F5D2CB69938} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {738BBBEB-1174-19C3-CC76-32EC40EF9914} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {2CB086E1-EF30-2C66-8E1B-2A8733EA840D} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D899FF1-7C61-1434-B9D7-6D4F3BF93B35} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {51943244-A28D-3E2D-31D4-4DDF4296F55A} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {04B58104-C182-4A8A-37BC-447F77F923A3} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {277F8518-553E-5BB3-D962-26020523FFEE} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {6D9BD542-4122-4652-AC8A-18F74F70AD1E} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {344C3E72-D662-0FE5-0B4F-4156577E1724} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {3CFD1FBD-9199-5730-336A-349A5D890EE4} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {225BB050-4308-7B9E-B76A-16E520DB9702} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {16679E1A-0DF6-6FDC-A713-62647BFD95D6} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {583F4A0B-8EC0-23E9-07E5-203D426D3088} - http://82.179.166.72/1/gdnMA208.exe
O16 - DPF: {00000EF1-0786-4633-87C6-1AA7A44296DA} (F1 Organizer Class) - http://www.addictivetechnologies.net/DM0/cab/15yf09fg.cab
O16 - DPF: v3cab - http://searchmiracle.com/cab/2.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/fr/SysWebTelecomInt.cab
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binaries/IA/netslv32_FR.cab
O16 - DPF: {FF521631-31DA-48AC-B4E9-390A7694C906} (EGEGAUTH Class) - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1031_FR.cab
O16 - DPF: {26D73573-F1B3-48C9-A989-E6CE071957A1} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1057.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\SYSTEM\wnim.dll
Il est clair qu'il aurait ete plus simple de te dire quoi NE PAS COCHER......
There's a thin line between Love and Hate....
