Eliminer le cheval de troie NaviPromo AA & AF

Résolu/Fermé

germainepoux - 16 mai 2009 à 16:00
calidaho - 23 août 2009 à 14:47

Bonjour,
Cela fait une semaine que j'essaie de supprimer un cheval de troie. J'ai réussi à trouvé le nom "NaviPromo AA et AF". Je suis venue voir sur ce forum pour trouver une solution. J'ai téléchagé et installé Navilog1. Je l'ai lancer une première fois avec le choix 1; une deuxième fois avec le choix 2. Puis j'ai installé Hijackthis, que j'ai lancé.
Voici ce que j'obtiens, je voudrais savoir si c'est bon

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:22, on 16/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\FREEDO~1\FDM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\p2phost.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S5CC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b2a4fa6ec283) (gupdate1c9b2a4fa6ec283) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

A voir également:

Eliminer le cheval de troie NaviPromo AA & AF
Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
Être à cheval entre deux choses - Forum Études / Formation High-Tech
Maria i maria o maria aa ✓ - Forum Musique / Radio / Clip
Comment créer un cheval de troie pdf ✓ - Forum Virus
Message cheval de troie - Forum Virus

12 réponses

Réponse 1 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 mai 2009 à 16:45

Bonjour,

Il n'y a apparemment plus d'infection navipromo, navilog a bien fait son travail ;)

Par contre, il y a deux autres infections (n'essaye pas de fixer ces lignes avec hijackthis, ou de supprimer les fichiers manuellement !) :

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O23 - Service: FreezeScreenSaver - Unknown owner - C:\Windows\system32\FreezeScreenSaver.exe

On va commencer par s'occuper de la barre d'outil néfaste (AskBar)...
Pour éviter ce genre d'infection, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

• Fais un clic-droit sur le raccourci de Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu' Administrateur"
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)

germainepoux
16 mai 2009 à 16:52

voici le rapport

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Aline ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090415-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:91 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 16/05/2009|16:48 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://home.sweetim.com/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 16/05/2009|16:49 - Option : [1]

-----------\\ Fin du rapport a 16:49:28,71

Réponse 2 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 mai 2009 à 17:48

• Fais un clic-droit sur le raccourci Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu'administrateur"
• Tape sur "2" puis valide en appuyant sur "Entrée".
• Ne ferme pas la fenêtre lors de la suppression !
• Un rapport sera généré, poste son contenu ici.

germainepoux
16 mai 2009 à 17:54

voila ce que j'obtiens

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Aline ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090415-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:91 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 16/05/2009|17:50 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\273143-7-cracks-risques[1].htm
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\dref=http%253A%252F%252Fwww.infos-du-net[1].com%252Fforum%252F273143-7-cracks-risques

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 16/05/2009|16:49 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 16/05/2009|17:51 - Option : [2]

-----------\\ Fin du rapport a 17:51:54,16

germainepoux > germainepoux
16 mai 2009 à 18:00

Désolée j'avais oublié de l'exécuté en tant qu'administrateur, donc je l'ai relancé, voila le nouveau rapport

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL
USER : Aline ( Not Administrator ! )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 090415-0] 4.8.1296 (Activated)
C:\ (Local Disk) - NTFS - Total:224 Go (Free:91 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 16/05/2009|17:57 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
"Url"="https://www.msn.com/fr-fr/actualite/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\273143-7-cracks-risques[1].htm
C:\Users\Aline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YMC0FRV9\dref=http%253A%252F%252Fwww.infos-du-net[1].com%252Fforum%252F273143-7-cracks-risques

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 16/05/2009|16:49 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 16/05/2009|17:51 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 16/05/2009|17:58 - Option : [2]

-----------\\ Fin du rapport a 17:58:10,80

Réponse 3 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 mai 2009 à 18:27

Ok, on va s'occuper du reste :

• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes

• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

germainepoux
16 mai 2009 à 18:45

rapport malwarebytes

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2142
Windows 6.0.6001 Service Pack 1

16/05/2009 18:41:26
mbam-log-2009-05-16 (18-41-26).txt

Type de recherche: Examen rapide
Eléments examinés: 76863
Temps écoulé: 9 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Réponse 4 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 mai 2009 à 18:52

• Télécharge OTMoveIt3 (de OldTimer) sur ton Bureau : http://oldtimer.geekstogo.com/OTMoveIt3.exe
• Double-clique sur OTMoveIt3.exe afin de le lancer.
• Clique sur ce lien et copie le script qu'il contient.
• Colle le script dans le cadre « Paste Instructions for Items to be Moved » et clique sur Moveit.
• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
• Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles
Le nom du rapport correspond au moment de sa création : date_heure.log

germainepoux
16 mai 2009 à 19:04

le rapport
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. C:\Windows\system32\FreezeScreenSaver.exe scheduled to be moved on reboot.
========== SERVICES/DRIVERS ==========
Service\Driver FreezeScreenSaver not found.
Unable to delete service\driver keyFreezeScreenSaver.
========== COMMANDS ==========
File delete failed. C:\Users\Aline\AppData\Local\Temp\ppcrlui_4548_2 scheduled to be deleted on reboot.
File delete failed. C:\Users\Aline\AppData\Local\Temp\~ROMFN_00000858 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05162009_185603

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
16 mai 2009 à 19:07

OTMoveIt n'a pas réussi à supprimer FreezeScreenSaver...

/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

germainepoux
16 mai 2009 à 19:38

Probleme : je n'arrive pas à désactiver avast (antivirus et antispyware)
pourtant je vais dans Scanner résident Avast et je clique sur terminer, il m'affiche comme état : désactivé mais Combofix me demande de désactiver avast! antivirus 4.8.1296 (antivirus et antispyware)
Je ne sais pas comment faire ?

J'ai également AVG, j'ai ignorer l'état de tous les composants, est-ce que ça suffit ? Combofix ne m'a rien dit la dessus.

Réponse 6 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
17 mai 2009 à 15:36

Pour désactiver Avast, je crois qu'il faut faire un clic-droit sur l'icone d'Avast et cliquer sur "Arrêter la protection résidente".

Pour AVG je ne sais plus.

Dans tous les cas, il est fortement déconseillé d'avoir deux antivirus différents, ils risquent de rentrer en conflit, et vont ralentir lourdement ton ordinateur (surtout ces deux là qui ne sont pas top...)

Une fois que tu en auras désinstallé un et désactivé l'autre, tu peux lancer Combofix. S'il t'affiche encore une alerte, ignore la.

germainepoux
17 mai 2009 à 16:12

j'ai désinstallé avast et désactivé AVG.
Quel antivirus me conseille-tu ?

voici le rapport de Combofix
ComboFix 09-05-15.08 - Aline 17/05/2009 15:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.1993 [GMT 2:00]
Lancé depuis: c:\users\Aline\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
/wow section - STAGE 1
'PV' n'est pas reconnu en tant que commande interne
ou externe, un programme exécutable ou un fichier de commandes.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1038951691-2387425700-135970857-1003\$ILORWYE.lnk
c:\$recycle.bin\S-1-5-21-1038951691-2387425700-135970857-1003\$RLORWYE.lnk
c:\users\Aline\AppData\Roaming\.#

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_FreezeScreenSaver

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-17 au 2009-05-17 ))))))))))))))))))))))))))))))))))))
.

2009-05-17 14:00 . 2009-05-17 14:00 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-17 13:48 . 2009-05-17 13:48 6736 ----a-w c:\windows\system32\drivers\PROCEXP90.SYS
2009-05-16 16:56 . 2009-05-16 16:56 -------- d-----w C:\_OTMoveIt
2009-05-16 14:48 . 2009-05-16 15:58 -------- d-----w C:\ToolBar SD
2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\Aline\AppData\Roaming\Malwarebytes
2009-05-16 14:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 14:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\programdata\Malwarebytes
2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-16 14:16 . 2009-05-16 14:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 14:11 . 2009-05-16 14:44 -------- d-----w c:\program files\CCleaner
2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\users\Aline\AppData\Roaming\PeerNetworking
2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\program files\Trend Micro
2009-05-16 13:46 . 2009-05-16 13:46 812344 ----a-w c:\program files\HJTInstall.exe
2009-05-16 13:27 . 2008-06-05 16:18 5737 ----a-w c:\users\Aline\AppData\Local\gnc.exe
2009-05-16 12:39 . 2009-05-16 12:39 88 ----a-w c:\users\Aline\AppData\Local\kwqym.bat
2009-05-16 12:39 . 2009-05-16 12:39 89800 ----a-w c:\users\Aline\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-16 12:34 . 2009-05-16 14:54 -------- d-----w c:\program files\Navilog1
2009-05-15 17:30 . 2009-05-15 17:46 -------- d-----w C:\Downloads
2009-05-12 14:21 . 2009-05-16 23:03 -------- d-----w c:\users\Aline\AppData\Roaming\Free Download Manager
2009-05-12 14:21 . 2009-05-12 14:21 -------- d-----w c:\program files\Free Download Manager
2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\programdata\Azureus
2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\users\All Users\Azureus
2009-05-12 13:05 . 2009-05-17 13:42 -------- d-----w c:\users\Aline\AppData\Roaming\Azureus
2009-05-12 13:04 . 2009-05-12 13:04 -------- d-----w c:\program files\Vuze
2009-05-12 12:54 . 2009-05-12 12:56 -------- d-----w c:\program files\Azureus4.2.0.2
2009-05-12 10:28 . 2009-05-15 17:48 -------- d-----w c:\users\Aline\AppData\Roaming\UseNeXT
2009-05-12 10:27 . 2009-05-12 10:27 -------- d-----w c:\program files\UseNeXT
2009-05-12 09:35 . 2009-05-12 09:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-12 09:35 . 2009-05-12 09:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-12 09:35 . 2009-05-12 09:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-12 09:35 . 2009-05-12 09:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-12 09:35 . 2009-05-16 22:13 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-12 09:34 . 2009-05-12 09:34 23832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
2009-05-10 14:53 . 2009-05-16 10:56 -------- d--h--w C:\$AVG8.VAULT$
2009-05-10 14:07 . 2009-05-10 14:07 -------- d-----w c:\program files\AVG
2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\programdata\avg8
2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\users\All Users\avg8
2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\Aline\AppData\Roaming\Grisoft
2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\programdata\Grisoft
2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\All Users\Grisoft
2009-05-04 21:31 . 2009-05-04 21:31 -------- d-----w c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 12:58 . 2006-03-11 02:02 678968 ----a-w c:\windows\system32\perfh00C.dat
2009-05-17 12:58 . 2006-03-11 02:02 128004 ----a-w c:\windows\system32\perfc00C.dat
2009-05-04 21:31 . 2009-01-23 22:55 -------- d-----w c:\program files\DivX
2009-04-30 14:27 . 2009-04-30 14:27 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-23 21:07 . 2008-07-21 11:18 -------- d-----w c:\program files\Java
2009-04-16 20:04 . 2009-04-16 20:04 -------- d-----w c:\program files\Flash
2009-04-16 11:53 . 2009-04-16 11:53 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-15 21:45 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-04-15 21:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-04-15 21:18 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-15 21:18 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 17:58 . 2009-04-15 17:58 1878888 ----a-w c:\program files\install_flash_player.exe
2009-04-09 11:06 . 2008-07-01 17:06 27839 ----a-w c:\users\Aline\AppData\Roaming\nvModes.dat
2009-04-01 08:38 . 2009-04-01 08:38 -------- d-----w c:\program files\Common Files\xing shared
2009-04-01 08:38 . 2008-11-30 12:27 -------- d-----w c:\program files\Common Files\Real
2009-04-01 08:36 . 2006-03-10 18:51 -------- d-----w c:\program files\Google
2009-03-17 03:38 . 2009-04-15 13:28 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:28 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-22 15:15 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 18:18 . 2009-03-07 18:24 6228072 ----a-w c:\program files\Setup_FreeConverter.exe
2009-03-03 04:46 . 2009-04-15 13:28 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:28 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 13:28 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 13:28 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:28 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:28 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:28 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 13:28 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:28 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-15 13:28 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-15 13:28 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:28 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 13:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2008-12-22 15:49 . 2008-12-22 15:49 129761 ----a-w c:\program files\DicOOo.sxw
2008-12-22 15:08 . 2008-12-22 15:08 9329107 ----a-w c:\program files\LanguageTool-0.9.2.oxt
2008-09-04 14:15 . 2008-09-04 15:04 5948741 ----a-w c:\program files\dmaths310.zip
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-09-20 08:13 . 2008-09-20 08:13 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2006-03-10 18:42 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-03-10 18:42 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2006-03-10 18:42 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2006-03-10 18:42 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-03-10 18:42 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-03-11 02:50 . 2006-03-11 02:08 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22 1172792 ----a-w c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX8400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 29744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-01-28 111928]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-01 198160]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]

c:\users\collŠge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

c:\users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0108030E-FB06-4DE2-9A31-02BA798DBE34}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9C6038C0-0293-4671-A6F1-0C8BB7704A48}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27E0AA76-D323-4A20-8837-45FE1DD0F00F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{01F71DEF-1170-4B4B-9D5B-D4F1C8CF6C0D}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{C56E5FFA-FF9A-41E1-A58B-0196E0A3B4D6}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{84F69530-94CB-4C22-AF44-72F615F148CE}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{1AB281BB-3029-4BF9-A6C5-19B394261558}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{34BF6101-1E32-48E5-A0A3-7A4285589200}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3DE8A06-A61B-4A03-B41A-D54564C86381}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [12/05/2009 11:35 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [12/05/2009 11:34 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/05/2009 11:35 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/05/2009 11:35 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/05/2009 11:35 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/05/2009 11:35 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [12/05/2009 11:35 1366904]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53 226656]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [11/03/2006 03:58 281088]
S2 gupdate1c9b2a4fa6ec283;Service Google Update (gupdate1c9b2a4fa6ec283);c:\program files\Google\Update\GoogleUpdate.exe [01/04/2009 10:36 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/03/2006 20:52 29744]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [05/09/2008 19:16 28224]
.
Contenu du dossier 'Tâches planifiées'

2009-05-17 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 16:38]

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 08:36]

2008-07-15 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2008-07-12 c:\windows\Tasks\PBReg.job
- c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

2008-08-14 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

2009-05-16 c:\windows\Tasks\User_Feed_Synchronization-{99C226A6-3051-4014-BD4C-34F533E55B7D}.job
- c:\windows\system32\msfeedssync.exe [2008-09-13 07:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)
HKLM-Run-EoEngine - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 16:00
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
.
**************************************************************************
.
Heure de fin: 2009-05-17 16:06 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-17 14:06

Avant-CF: 94 555 844 608 octets libres
Après-CF: 94 371 016 704 octets libres

303 --- E O F --- 2009-05-15 17:09

Réponse 7 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
17 mai 2009 à 16:47

Je te donnerai des conseils pour sécuriser ton ordinateur à la fin de la désinfection ;)

Il reste une infection mineure

● Désactive le contrôle des comptes utilisateurs : Menu démarrer --> panneau de configuration --> comptes utilisateurs --> activer ou désactiver le controle des comptes utilisateur --> décoche la case "utiliser le contrôle....." Puis redémarre ton ordinateur.
● Désactive également ton antivirus, car il risque de faire de fausses alertes sur le programme suivant.

● Télécharge Ad-Remover (de C_XX) sur ton Bureau.

/!\ Déconnecte toi et ferme toutes les applications en cours /!\

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Fais un clic-droit sur le raccourci créé et clique sur "Exécuter en temps qu'administrateur"
● Au menu principal choisis l'option "A"
● Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

Aide en images : Installation
Aide en images : Recherche.

germainepoux
17 mai 2009 à 17:15

voilà le rapport

------- LOGFILE OF AD-REMOVER 1.1.3.9 | ONLY XP/VISTA -------

Updated by C_XX on 16/05/2009 at 21:15
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

Start at: 16:59:06, 17/05/2009 | Boot mode: Normal Boot
Option: Scan | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Computer Name: PC-DE-ALINE
Current User: Aline - Administrator
Drive(s):
- C:\ (File System: NTFS)

(!) -- C:\Users\collŠge\Ntuser.dat Loaded as: 'HKU\collŠge'

============ Known Adwares Found ============

.
.
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@atdmt[2].txt

+-----------------| Eorezo Elements Found:

HKCU\Software\EoRezo
HKU\S-1-5-21-1038951691-2387425700-135970857-1002\Software\Eorezo
.
C:\Users\Aline\AppData\Roaming\EoRezo
C:\Users\collŠge\AppData\Roaming\Eorezo

+-----------------| It's TV Elements Found:

.

+-----------------| Sweetim Elements Found:

HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\MediaPlayer.GraphicsUtils
HKLM\Software\Classes\MediaPlayer.GraphicsUtils.1
HKLM\Software\Classes\MgMediaPlayer.GifAnimator
HKLM\Software\Classes\MgMediaPlayer.GifAnimator.1
HKLM\Software\Classes\SWEETIE.IEToolbar
HKLM\Software\Classes\SWEETIE.IEToolbar.1
HKLM\Software\Classes\SWEETIE.SWEETIE
HKLM\Software\Classes\SWEETIE.SWEETIE.3
HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKLM\Software\Classes\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKLM\Software\Classes\Toolbar3.SWEETIE
HKLM\Software\Classes\Toolbar3.SWEETIE.1
HKLM\Software\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKLM\Software\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKLM\Software\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKLM\Software\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\Registry\User\S-1-5-21-1038951691-2387425700-135970857-1002\Software\Sweetim
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Windows\Installer\11c796c.msi
C:\Windows\Installer\11c7971.msi
C:\Program Files\SweetIM
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\searchplugins\sweetim.xml
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\SweetIMToolbarData
C:\ProgramData\SweetIM
C:\Users\Aline\Appdata\LocalLow\SweetIM

+-----------------| Added Scan:

---- Mozilla FireFox Version 2.0 ----

ProfilePath: 4eo6avwd.default (Aline)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "SweetIM Search");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "SweetIM Search");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
.
(Prefs.js) Found: user_pref("browser.search.defaultenginename", "SweetIM Search");
(Prefs.js) Found: user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(Prefs.js) Found: user_pref("browser.search.selectedEngine", "SweetIM Search");
(Prefs.js) Found: user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
(Prefs.js) Found: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(Prefs.js) Found: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
(Prefs.js) Found: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
(Prefs.js) Found: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
(Prefs.js) Found: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
(Prefs.js) Found: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
(Prefs.js) Found: user_pref("sweetim.toolbar.mode.debug", "false");
(Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
(Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
(Prefs.js) Found: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
(Prefs.js) Found: user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://packardbell-partner/locale/partner.properties");
(Prefs.js) Found: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
(Prefs.js) Found: user_pref("sweetim.toolbar.search.history", "streaming%20dexter%20saison%202");
(Prefs.js) Found: user_pref("sweetim.toolbar.search.history.capacity", "10");
(Prefs.js) Found: user_pref("sweetim.toolbar.simapp_id", "{D4A76A96-E77B-4240-A515-E4B2C36BC2E4}");
(Prefs.js) Found: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
(Prefs.js) Found: user_pref("sweetim.toolbar.version", "1.0.0.8");

---- Internet Explorer Version 7.0.6001.18000 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.google.com/

[HKEY_USERS\S-1-5-21-1038951691-2387425700-135970857-1002\..\Internet Explorer\Main]

Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.google.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start Page: hxxp://www.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========

+---------------------------------------------------------------------------+

15107 Byte(s) - C:\Ad-Report-Scan-17.05.2009.log

1 File(s) - C:\Program Files\Ad-remover\BACKUP
0 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 17:07:45 | 17/05/2009
.
+-----------------| E.O.F
.

Réponse 8 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
17 mai 2009 à 22:29

! Déconnecte toi et ferme toutes les applications en cours !

Relance "Ad-remover" en faisant un clic-droit sur le raccourci et en cliquant sur "Exécuter en temps qu'administrateur", et choisis l'option "B" au menu principal

Coche à l'écran de sélection :
1- Suppression Adwares Connus
2- Suppression Eorezo
4- Suppression Sweetim

Puis choisis "S" , le programme va travailler.
Poste le rapport qui apparait à la fin (il est aussi sauvegardé sous C:\Ad-report(date).log )

Aide en images : Nettoyage

germainepoux
17 mai 2009 à 23:19

le rapport

------- LOGFILE OF AD-REMOVER 1.1.3.9 | ONLY XP/VISTA -------

Updated by C_XX on 16/05/2009 at 21:15
Contact: AdRemover.contact@gmail.com
Website: http://pagesperso-orange.fr/NosTools/ad_remover.html

**** LIMITED TO ****

Known Adwares
Eorezo
Sweetim

********************

Start at: 23:05:39, 17/05/2009 | Boot mode: Normal Boot
Option: Clean | Executed from: C:\Program Files\Ad-remover\
Operating System: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Computer Name: PC-DE-ALINE
Current User: Aline - Administrator
Drive(s):
- C:\ (File System: NTFS)

(!) -- C:\Users\collŠge\Ntuser.dat Loaded as: 'HKU\collŠge'

(!) -- IE start pages/Tabs reset

============ Known Adwares Deleted ============

.
.
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Cookies\aline@atdmt[2].txt

+-----------------| Eorezo Elements Deleted :

HKCU\Software\EoRezo
.
C:\Users\Aline\AppData\Roaming\EoRezo
C:\Users\collŠge\AppData\Roaming\Eorezo

+-----------------| Sweetim Elements Deleted :

HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.3
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{266C7330-C0F4-49E5-8F20-A56F9F822875}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\SweetIM
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Internetregistry\Registry\User\S-1-5-21-1038951691-2387425700-135970857-1002\Software\Sweetim
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\Windows\Installer\11c796c.msi
C:\Windows\Installer\11c7971.msi
/!\ NOT DELETED - C:\Program Files\SweetIM
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\searchplugins\sweetim.xml
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\SweetIMToolbarData
C:\ProgramData\SweetIM
C:\Users\Aline\Appdata\LocalLow\SweetIM

(!) -- Temp files deleted.
(!) -- Recycle bin emptied in all drives.

********** /!\ FILE(S)/FOLDER(S) NOT DELETED /!\ **********

"C:\Program Files\SweetIM"

Second run ...

/!\ RESIST ! - "C:\Program Files\SweetIM"

+-----------------| Added Scan:

---- Mozilla FireFox Version 2.0 ----

ProfilePath: 4eo6avwd.default (Aline)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "SweetIM Search");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "SweetIM Search");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1");
(Prefs.js) user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
.
(Prefs.js) Removed: user_pref("browser.search.defaultenginename", "SweetIM Search");
(Prefs.js) Removed: user_pref("browser.search.defaulturl", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(Prefs.js) Removed: user_pref("browser.search.selectedEngine", "SweetIM Search");
(Prefs.js) Removed: user_pref("browser.startup.homepage", "hxxp://home.sweetim.com");
(Prefs.js) Removed: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(Prefs.js) Removed: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
(Prefs.js) Removed: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
(Prefs.js) Removed: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
(Prefs.js) Removed: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
(Prefs.js) Removed: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
(Prefs.js) Removed: user_pref("sweetim.toolbar.mode.debug", "false");
(Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Google");
(Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Google");
(Prefs.js) Removed: user_pref("sweetim.toolbar.previous.browser.startup.homepage", "chrome://packardbell-partner/locale/partner.properties");
(Prefs.js) Removed: user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://packardbell-partner/locale/partner.properties");
(Prefs.js) Removed: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
(Prefs.js) Removed: user_pref("sweetim.toolbar.search.history", "streaming%20dexter%20saison%202");
(Prefs.js) Removed: user_pref("sweetim.toolbar.search.history.capacity", "10");
(Prefs.js) Removed: user_pref("sweetim.toolbar.simapp_id", "{D4A76A96-E77B-4240-A515-E4B2C36BC2E4}");
(Prefs.js) Removed: user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
(Prefs.js) Removed: user_pref("sweetim.toolbar.version", "1.0.0.8");

---- Internet Explorer Version 7.0.6001.18000 ----

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_USERS\S-1-5-21-1038951691-2387425700-135970857-1002\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

=========== Suspicious ==========

+---------------------------------------------------------------------------+

14716 Byte(s) - C:\Ad-Report-Clean-17.05.2009.log
15325 Byte(s) - C:\Ad-Report-Scan-17.05.2009.log

21 File(s) - C:\Program Files\Ad-remover\BACKUP
4 File(s) - C:\Program Files\Ad-remover\QUARANTINE

End at: 23:15:28 | 17/05/2009
.
+-----------------| E.O.F
.

Réponse 9 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
18 mai 2009 à 00:10

Ok, on va faire un script pour finaliser tout ça, et après on passe au nettoyage final et à la sécurisation de ton ordinateur ;)

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour germainepoux, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier germainepoux.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe

• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

germainepoux
18 mai 2009 à 17:48

ComboFix 09-05-15.08 - Aline 18/05/2009 9:26.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.1954 [GMT 2:00]
Lancé depuis: c:\users\Aline\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Aline\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
c:\program files\SweetIM
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-04-18 au 2009-05-18 ))))))))))))))))))))))))))))))))))))
.

2009-05-18 07:34 . 2009-05-18 07:34 -------- d-sh--w C:\$RECYCLE.BIN
2009-05-17 14:57 . 2009-05-17 21:15 -------- d-----w c:\program files\Ad-remover
2009-05-16 16:56 . 2009-05-16 16:56 -------- d-----w C:\_OTMoveIt
2009-05-16 14:48 . 2009-05-16 15:58 -------- d-----w C:\ToolBar SD
2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\Aline\AppData\Roaming\Malwarebytes
2009-05-16 14:16 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-16 14:16 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\programdata\Malwarebytes
2009-05-16 14:16 . 2009-05-16 14:16 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-16 14:16 . 2009-05-16 14:45 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-16 14:11 . 2009-05-16 14:44 -------- d-----w c:\program files\CCleaner
2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\users\Aline\AppData\Roaming\PeerNetworking
2009-05-16 13:47 . 2009-05-16 13:47 -------- d-----w c:\program files\Trend Micro
2009-05-16 13:46 . 2009-05-16 13:46 812344 ----a-w c:\program files\HJTInstall.exe
2009-05-16 13:27 . 2008-06-05 16:18 5737 ----a-w c:\users\Aline\AppData\Local\gnc.exe
2009-05-16 12:39 . 2009-05-16 12:39 88 ----a-w c:\users\Aline\AppData\Local\kwqym.bat
2009-05-16 12:39 . 2009-05-16 12:39 89800 ----a-w c:\users\Aline\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-16 12:34 . 2009-05-16 14:54 -------- d-----w c:\program files\Navilog1
2009-05-15 17:30 . 2009-05-15 17:46 -------- d-----w C:\Downloads
2009-05-12 14:21 . 2009-05-17 21:03 -------- d-----w c:\users\Aline\AppData\Roaming\Free Download Manager
2009-05-12 14:21 . 2009-05-12 14:21 -------- d-----w c:\program files\Free Download Manager
2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\programdata\Azureus
2009-05-12 13:05 . 2009-05-12 13:05 -------- d-----w c:\users\All Users\Azureus
2009-05-12 13:05 . 2009-05-17 21:03 -------- d-----w c:\users\Aline\AppData\Roaming\Azureus
2009-05-12 13:04 . 2009-05-12 13:04 -------- d-----w c:\program files\Vuze
2009-05-12 12:54 . 2009-05-12 12:56 -------- d-----w c:\program files\Azureus4.2.0.2
2009-05-12 10:28 . 2009-05-15 17:48 -------- d-----w c:\users\Aline\AppData\Roaming\UseNeXT
2009-05-12 10:27 . 2009-05-12 10:27 -------- d-----w c:\program files\UseNeXT
2009-05-12 09:35 . 2009-05-12 09:35 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-12 09:35 . 2009-05-12 09:35 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-05-12 09:35 . 2009-05-12 09:35 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-12 09:35 . 2009-05-12 09:35 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-12 09:35 . 2009-05-16 22:13 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-12 09:34 . 2009-05-12 09:34 23832 ----a-w c:\windows\system32\drivers\avgfwd6x.sys
2009-05-10 14:53 . 2009-05-16 10:56 -------- d--h--w C:\$AVG8.VAULT$
2009-05-10 14:07 . 2009-05-10 14:07 -------- d-----w c:\program files\AVG
2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\programdata\avg8
2009-05-10 14:07 . 2009-05-12 09:34 -------- d-----w c:\users\All Users\avg8
2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\Aline\AppData\Roaming\Grisoft
2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\programdata\Grisoft
2009-05-10 13:29 . 2009-05-10 13:29 -------- d-----w c:\users\All Users\Grisoft
2009-05-04 21:31 . 2009-05-04 21:31 -------- d-----w c:\program files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 21:14 . 2009-02-21 17:18 -------- d-----w c:\program files\SweetIM
2009-05-17 19:45 . 2006-03-11 02:02 678968 ----a-w c:\windows\system32\perfh00C.dat
2009-05-17 19:45 . 2006-03-11 02:02 128004 ----a-w c:\windows\system32\perfc00C.dat
2009-05-04 21:31 . 2009-01-23 22:55 -------- d-----w c:\program files\DivX
2009-04-30 14:27 . 2009-04-30 14:27 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-23 21:07 . 2008-07-21 11:18 -------- d-----w c:\program files\Java
2009-04-16 20:04 . 2009-04-16 20:04 -------- d-----w c:\program files\Flash
2009-04-16 11:53 . 2009-04-16 11:53 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-15 21:45 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Collaboration
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Calendar
2009-04-15 21:35 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Photo Gallery
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Journal
2009-04-15 21:35 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Defender
2009-04-15 21:18 . 2006-11-02 10:32 101888 ----a-w c:\windows\system32\ifxcardm.dll
2009-04-15 21:18 . 2006-11-02 10:32 82432 ----a-w c:\windows\system32\axaltocm.dll
2009-04-15 17:58 . 2009-04-15 17:58 1878888 ----a-w c:\program files\install_flash_player.exe
2009-04-09 11:06 . 2008-07-01 17:06 27839 ----a-w c:\users\Aline\AppData\Roaming\nvModes.dat
2009-04-01 08:38 . 2009-04-01 08:38 -------- d-----w c:\program files\Common Files\xing shared
2009-04-01 08:38 . 2008-11-30 12:27 -------- d-----w c:\program files\Common Files\Real
2009-04-01 08:36 . 2006-03-10 18:51 -------- d-----w c:\program files\Google
2009-03-17 03:38 . 2009-04-15 13:28 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 13:28 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 03:19 . 2008-12-22 15:15 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-07 18:18 . 2009-03-07 18:24 6228072 ----a-w c:\program files\Setup_FreeConverter.exe
2009-03-03 04:46 . 2009-04-15 13:28 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 13:28 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 13:28 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 13:28 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 13:28 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 13:28 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 13:28 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 13:28 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 13:28 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-15 13:28 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-15 13:28 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 13:28 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 13:28 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2008-12-22 15:49 . 2008-12-22 15:49 129761 ----a-w c:\program files\DicOOo.sxw
2008-12-22 15:08 . 2008-12-22 15:08 9329107 ----a-w c:\program files\LanguageTool-0.9.2.oxt
2008-09-04 14:15 . 2008-09-04 15:04 5948741 ----a-w c:\program files\dmaths310.zip
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-09-20 08:13 . 2008-09-20 08:13 122880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04 . 2006-03-10 18:42 61036 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2006-03-10 18:42 48742 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2006-03-10 18:42 29313 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2006-03-10 18:42 41082 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2006-03-10 18:42 166510 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2006-03-11 02:50 . 2006-03-11 02:08 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_14.00.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-10 18:18 . 2009-05-18 06:45 51104 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-18 06:45 66124 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-12 17:27 . 2009-05-18 06:45 12186 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1038951691-2387425700-135970857-1002_UserData.bin
- 2006-11-02 13:02 . 2009-05-17 13:59 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-05-18 07:33 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-05-18 07:33 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2009-05-17 13:59 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-05-18 07:33 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-05-17 13:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-17 13:59 . 2009-05-17 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-18 07:33 . 2009-05-18 07:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-17 13:59 . 2009-05-17 13:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-18 07:33 . 2009-05-18 07:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-19 19:56 . 2009-05-17 19:41 194822 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-05-17 19:45 595506 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-05-17 12:58 595506 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-05-17 19:45 104940 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-05-17 12:58 104940 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX8400 Series"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 182272]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 29744]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 366400]
"toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SystrayORAHSS"="c:\program files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 90112]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-01 198160]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-01-21 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-01-21 8534560]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-01-21 88608]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-12 1947928]

c:\users\collŠge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

c:\users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0108030E-FB06-4DE2-9A31-02BA798DBE34}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9C6038C0-0293-4671-A6F1-0C8BB7704A48}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27E0AA76-D323-4A20-8837-45FE1DD0F00F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{01F71DEF-1170-4B4B-9D5B-D4F1C8CF6C0D}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{C56E5FFA-FF9A-41E1-A58B-0196E0A3B4D6}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{84F69530-94CB-4C22-AF44-72F615F148CE}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{1AB281BB-3029-4BF9-A6C5-19B394261558}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{34BF6101-1E32-48E5-A0A3-7A4285589200}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3DE8A06-A61B-4A03-B41A-D54564C86381}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= c:\program files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [12/05/2009 11:35 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [12/05/2009 11:34 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/05/2009 11:35 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [12/05/2009 11:35 108552]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\RTL8187B.sys [11/03/2006 03:58 281088]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [05/09/2008 19:16 28224]
.
Contenu du dossier 'Tâches planifiées'

2009-05-18 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 16:38]

2009-05-18 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-01 08:36]

2008-07-15 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2008-07-12 c:\windows\Tasks\PBReg.job
- c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

2008-08-14 c:\windows\Tasks\PBRegbk.job
- c:\program files\HDReg\HDRegDel.exe [2005-06-21 13:20]

2009-05-18 c:\windows\Tasks\User_Feed_Synchronization-{99C226A6-3051-4014-BD4C-34F533E55B7D}.job
- c:\windows\system32\msfeedssync.exe [2008-09-13 07:33]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 09:34
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\users\Aline\AppData\Local\Temp\sv862.tmp
c:\users\Aline\AppData\Local\Temp\~ROMFN_00000984 1020 bytes

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\progra~1\AVG\AVG8\avgfws8.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\conime.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\OpenOffice.org 2.2\program\soffice.exe
c:\progra~1\COMMON~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\OpenOffice.org 2.2\program\soffice.bin
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-05-18 9:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-18 07:40
ComboFix2.txt 2009-05-17 14:06

Avant-CF: 93 100 523 520 octets libres
Après-CF: 95 491 723 264 octets libres

369 --- E O F --- 2009-05-15 17:09

Réponse 10 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
19 mai 2009 à 05:51

Désolé, petite erreur dans le script, Combofix n'a rien supprimé... Il faut recommencer :

Télécharge ce script, et effectue les mêmes manipulation stp : http://sd-1.archive-host.com/membres/up/7739387536519291/germainepoux2.zip

germainepoux
19 mai 2009 à 09:56

Petit souci : je n'arrive plus à télécharger, j'ai un message qui me dit "Les paramètres de sécurité actuels ne vous permettent pas de télécharger ce fichier".

J'ai essayé de voir d'où venait le problème mais sans succés. J'ai remis le contrôle d'utilisateur, j'ai vérifié les paramètres d'internet, mais comme je suis super douée, je n'ai rien trouvé. AU SECOURS !!!!

germainepoux > germainepoux
19 mai 2009 à 12:30

Ca a fini par se débloquer, j'ai pu lancer le script, voila le rapport

ComboFix 09-05-15.08 - Aline 19/05/2009 12:07:04.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3062.2043 [GMT 2:00]
Lancé depuis: C:\Users\Aline\Desktop\ComboFix.exe
Commutateurs utilisés :: C:\Users\Aline\Desktop\CFScript.txt
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
C:\Windows\system32\FreezeScreenSaver.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SweetIM
C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Windows\system32\FreezeScreenSaver.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-19 au 2009-05-19 ))))))))))))))))))))))))))))))))))))
.

2009-05-19 10:14:45 . 2009-05-19 10:14:45 0 d-sh--w C:\$RECYCLE.BIN
2009-05-19 09:41:00 . 2009-05-19 09:41:00 0 d--h--w C:\Windows\msdownld.tmp
2009-05-17 14:57:50 . 2009-05-17 21:15:28 0 d-----w C:\Program Files\Ad-remover
2009-05-16 16:56:03 . 2009-05-16 16:56:03 0 d-----w C:\_OTMoveIt
2009-05-16 14:48:22 . 2009-05-16 15:58:10 0 d-----w C:\ToolBar SD
2009-05-16 14:16:18 . 2009-05-16 14:16:18 0 d-----w C:\Users\Aline\AppData\Roaming\Malwarebytes
2009-05-16 14:16:13 . 2009-04-06 13:32:46 15504 ----a-w C:\Windows\system32\drivers\mbam.sys
2009-05-16 14:16:10 . 2009-04-06 13:32:54 38496 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2009-05-16 14:16:08 . 2009-05-16 14:16:08 0 d-----w C:\ProgramData\Malwarebytes
2009-05-16 14:16:08 . 2009-05-16 14:16:08 0 d-----w C:\Users\All Users\Malwarebytes
2009-05-16 14:16:08 . 2009-05-16 14:45:14 0 d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 14:11:59 . 2009-05-16 14:44:53 0 d-----w C:\Program Files\CCleaner
2009-05-16 13:47:51 . 2009-05-16 13:47:51 0 d-----w C:\Users\Aline\AppData\Roaming\PeerNetworking
2009-05-16 13:47:43 . 2009-05-16 13:47:43 0 d-----w C:\Program Files\Trend Micro
2009-05-16 13:46:25 . 2009-05-16 13:46:32 812344 ----a-w C:\Program Files\HJTInstall.exe
2009-05-16 13:27:45 . 2008-06-05 16:18:02 5737 ----a-w C:\Users\Aline\AppData\Local\gnc.exe
2009-05-16 12:39:39 . 2009-05-16 12:39:39 88 ----a-w C:\Users\Aline\AppData\Local\kwqym.bat
2009-05-16 12:39:38 . 2009-05-16 12:39:38 89800 ----a-w C:\Users\Aline\AppData\Local\GDIPFONTCACHEV1.DAT
2009-05-16 12:34:15 . 2009-05-16 14:54:22 0 d-----w C:\Program Files\Navilog1
2009-05-15 17:30:39 . 2009-05-15 17:46:30 0 d-----w C:\Downloads
2009-05-12 14:21:26 . 2009-05-19 07:38:03 0 d-----w C:\Users\Aline\AppData\Roaming\Free Download Manager
2009-05-12 14:21:23 . 2009-05-12 14:21:26 0 d-----w C:\Program Files\Free Download Manager
2009-05-12 13:05:21 . 2009-05-12 13:05:21 0 d-----w C:\ProgramData\Azureus
2009-05-12 13:05:21 . 2009-05-12 13:05:21 0 d-----w C:\Users\All Users\Azureus
2009-05-12 13:05:17 . 2009-05-19 09:34:16 0 d-----w C:\Users\Aline\AppData\Roaming\Azureus
2009-05-12 13:04:41 . 2009-05-12 13:04:58 0 d-----w C:\Program Files\Vuze
2009-05-12 12:54:54 . 2009-05-12 12:56:14 0 d-----w C:\Program Files\Azureus4.2.0.2
2009-05-12 10:28:05 . 2009-05-15 17:48:24 0 d-----w C:\Users\Aline\AppData\Roaming\UseNeXT
2009-05-12 10:27:43 . 2009-05-12 10:27:44 0 d-----w C:\Program Files\UseNeXT
2009-05-12 09:35:38 . 2009-05-12 09:35:38 11952 ----a-w C:\Windows\system32\avgrsstx.dll
2009-05-12 09:35:37 . 2009-05-12 09:35:37 12552 ----a-w C:\Windows\system32\drivers\avgrkx86.sys
2009-05-12 09:35:35 . 2009-05-12 09:35:35 108552 ----a-w C:\Windows\system32\drivers\avgtdix.sys
2009-05-12 09:35:29 . 2009-05-12 09:35:29 325896 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2009-05-12 09:35:25 . 2009-05-19 07:43:39 0 d-----w C:\Windows\system32\drivers\Avg
2009-05-12 09:34:07 . 2009-05-12 09:34:07 23832 ----a-w C:\Windows\system32\drivers\avgfwd6x.sys
2009-05-10 14:53:41 . 2009-05-16 10:56:10 0 d--h--w C:\$AVG8.VAULT$
2009-05-10 14:07:20 . 2009-05-10 14:07:20 0 d-----w C:\Program Files\AVG
2009-05-10 14:07:20 . 2009-05-12 09:34:06 0 d-----w C:\ProgramData\avg8
2009-05-10 14:07:20 . 2009-05-12 09:34:06 0 d-----w C:\Users\All Users\avg8
2009-05-10 13:29:27 . 2009-05-10 13:29:27 0 d-----w C:\Users\Aline\AppData\Roaming\Grisoft
2009-05-10 13:29:20 . 2009-05-10 13:29:20 0 d-----w C:\ProgramData\Grisoft
2009-05-10 13:29:20 . 2009-05-10 13:29:20 0 d-----w C:\Users\All Users\Grisoft
2009-05-04 21:31:01 . 2009-05-04 21:31:05 0 d-----w C:\Program Files\Common Files\DivX Shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 19:45:16 . 2006-03-11 02:02:45 678968 ----a-w C:\Windows\system32\perfh00C.dat
2009-05-17 19:45:16 . 2006-03-11 02:02:45 128004 ----a-w C:\Windows\system32\perfc00C.dat
2009-05-04 21:31:31 . 2009-01-23 22:55:31 0 d-----w C:\Program Files\DivX
2009-04-30 14:27:19 . 2009-04-30 14:27:19 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-04-23 21:07:53 . 2008-07-21 11:18:24 0 d-----w C:\Program Files\Java
2009-04-16 20:04:16 . 2009-04-16 20:04:15 0 d-----w C:\Program Files\Flash
2009-04-16 11:53:23 . 2009-04-16 11:53:23 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-15 21:45:29 . 2006-11-02 12:50:50 174 --sha-w C:\Program Files\desktop.ini
2009-04-15 21:35:26 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Sidebar
2009-04-15 21:35:26 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Collaboration
2009-04-15 21:35:26 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Calendar
2009-04-15 21:35:26 . 2006-11-02 11:18:33 0 d-----w C:\Program Files\Windows Mail
2009-04-15 21:35:25 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Photo Gallery
2009-04-15 21:35:25 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Journal
2009-04-15 21:35:22 . 2006-11-02 12:37:34 0 d-----w C:\Program Files\Windows Defender
2009-04-15 21:18:31 . 2006-11-02 10:32:57 101888 ----a-w C:\Windows\system32\ifxcardm.dll
2009-04-15 21:18:30 . 2006-11-02 10:32:57 82432 ----a-w C:\Windows\system32\axaltocm.dll
2009-04-15 17:58:11 . 2009-04-15 17:58:08 1878888 ----a-w C:\Program Files\install_flash_player.exe
2009-04-09 11:06:19 . 2008-07-01 17:06:58 27839 ----a-w C:\Users\Aline\AppData\Roaming\nvModes.dat
2009-04-01 08:38:45 . 2009-04-01 08:38:45 0 d-----w C:\Program Files\Common Files\xing shared
2009-04-01 08:38:37 . 2008-11-30 12:27:12 0 d-----w C:\Program Files\Common Files\Real
2009-04-01 08:36:53 . 2006-03-10 18:51:35 0 d-----w C:\Program Files\Google
2009-03-17 03:38:46 . 2009-04-15 13:28:30 13824 ----a-w C:\Windows\system32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-15 13:28:30 24064 ----a-w C:\Windows\system32\amxread.dll
2009-03-09 03:19:08 . 2008-12-22 15:15:40 410984 ----a-w C:\Windows\system32\deploytk.dll
2009-03-08 11:34:57 . 2009-05-19 09:36:00 914944 ----a-w C:\Windows\system32\wininet.dll
2009-03-08 11:34:28 . 2009-05-19 09:36:11 43008 ----a-w C:\Windows\system32\licmgr10.dll
2009-03-08 11:33:38 . 2009-05-19 09:36:13 18944 ----a-w C:\Windows\system32\corpol.dll
2009-03-08 11:33:17 . 2009-05-19 09:36:02 109056 ----a-w C:\Windows\system32\iesysprep.dll
2009-03-08 11:33:16 . 2009-05-19 09:36:01 109568 ----a-w C:\Windows\system32\PDMSetup.exe
2009-03-08 11:33:15 . 2009-05-19 09:36:02 107520 ----a-w C:\Windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33:15 . 2009-05-19 09:36:01 132608 ----a-w C:\Windows\system32\ieUnatt.exe
2009-03-08 11:33:15 . 2009-05-19 09:36:01 107008 ----a-w C:\Windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33:15 . 2009-05-19 09:36:01 103936 ----a-w C:\Windows\system32\SetDepNx.exe
2009-03-08 11:33:04 . 2009-05-19 09:36:06 420352 ----a-w C:\Windows\system32\vbscript.dll
2009-03-08 11:32:54 . 2009-05-19 09:36:14 72704 ----a-w C:\Windows\system32\admparse.dll
2009-03-08 11:32:49 . 2009-05-19 09:36:10 71680 ----a-w C:\Windows\system32\iesetup.dll
2009-03-08 11:32:38 . 2009-05-19 09:36:09 66560 ----a-w C:\Windows\system32\wextract.exe
2009-03-08 11:32:32 . 2009-05-19 09:36:02 169472 ----a-w C:\Windows\system32\iexpress.exe
2009-03-08 11:31:37 . 2009-05-19 09:36:13 34816 ----a-w C:\Windows\system32\imgutil.dll
2009-03-08 11:31:17 . 2009-05-19 09:36:14 48128 ----a-w C:\Windows\system32\mshtmler.dll
2009-03-08 11:31:00 . 2009-05-19 09:36:02 45568 ----a-w C:\Windows\system32\mshta.exe
2009-03-08 11:22:37 . 2009-05-19 09:36:14 156160 ----a-w C:\Windows\system32\msls31.dll
2009-03-07 18:18:46 . 2009-03-07 18:24:25 6228072 ----a-w C:\Program Files\Setup_FreeConverter.exe
2009-03-03 04:46:01 . 2009-04-15 13:28:40 3599328 ----a-w C:\Windows\system32\ntkrnlpa.exe
2009-03-03 04:46:01 . 2009-04-15 13:28:39 3547632 ----a-w C:\Windows\system32\ntoskrnl.exe
2009-03-03 04:39:36 . 2009-04-15 13:28:44 183296 ----a-w C:\Windows\system32\sdohlp.dll
2009-03-03 04:39:32 . 2009-04-15 13:28:42 551424 ----a-w C:\Windows\system32\rpcss.dll
2009-03-03 04:39:22 . 2009-04-15 13:28:37 26112 ----a-w C:\Windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37:11 . 2009-04-15 13:28:39 98304 ----a-w C:\Windows\system32\iasrecst.dll
2009-03-03 04:37:11 . 2009-04-15 13:28:39 44032 ----a-w C:\Windows\system32\iasdatastore.dll
2009-03-03 04:37:11 . 2009-04-15 13:28:37 54784 ----a-w C:\Windows\system32\iasads.dll
2009-03-03 03:04:59 . 2009-04-15 13:28:44 666624 ----a-w C:\Windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38:13 . 2009-04-15 13:28:44 17408 ----a-w C:\Windows\system32\iashost.exe
2009-02-24 19:34:16 . 2009-02-24 19:34:16 90112 ----a-w C:\Windows\system32\dpl100.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 823296 ----a-w C:\Windows\system32\divx_xx0c.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 823296 ----a-w C:\Windows\system32\divx_xx07.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 815104 ----a-w C:\Windows\system32\divx_xx0a.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 802816 ----a-w C:\Windows\system32\divx_xx11.dll
2009-02-24 19:34:14 . 2009-02-24 19:34:14 684032 ----a-w C:\Windows\system32\DivX.dll
2008-12-22 15:49:45 . 2008-12-22 15:49:44 129761 ----a-w C:\Program Files\DicOOo.sxw
2008-12-22 15:08:38 . 2008-12-22 15:08:31 9329107 ----a-w C:\Program Files\LanguageTool-0.9.2.oxt
2008-09-04 14:15:32 . 2008-09-04 15:04:22 5948741 ----a-w C:\Program Files\dmaths310.zip
2009-02-24 19:34:32 . 2009-02-24 19:34:32 1044480 ----a-w C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34:32 . 2009-02-24 19:34:32 200704 ----a-w C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2008-09-20 08:13:39 . 2008-09-20 08:13:41 122880 ----a-w C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-10-11 08:04:58 . 2006-03-10 18:42:17 61036 ----a-w C:\Program Files\mozilla firefox\components\jar50.dll
2006-10-11 08:04:59 . 2006-03-10 18:42:17 48742 ----a-w C:\Program Files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05:03 . 2006-03-10 18:42:17 29313 ----a-w C:\Program Files\mozilla firefox\components\myspell.dll
2006-10-11 08:05:03 . 2006-03-10 18:42:17 41082 ----a-w C:\Program Files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04:58 . 2006-03-10 18:42:17 166510 ----a-w C:\Program Files\mozilla firefox\components\xpinstal.dll
2006-03-11 02:50:20 . 2006-03-11 02:08:58 8192 --sha-w C:\Windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-17_14.00.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-19 09:36:11 . 2009-03-08 11:32:44 94720 C:\Windows\winsxs\x86_microsoft-windows-ie-setup_31bf3856ad364e35_8.0.6001.18702_none_7c2a7e005d93bd9b\inseng.dll
+ 2009-05-19 09:36:10 . 2009-03-08 11:32:49 71680 C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iesetup.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:32:48 55808 C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\iernonce.dll
+ 2009-05-19 09:36:15 . 2009-03-08 11:31:51 59904 C:\Windows\winsxs\x86_microsoft-windows-ie-infocard_31bf3856ad364e35_8.0.6001.18702_none_3d86a1c07a097782\icardie.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:31:37 34816 C:\Windows\winsxs\x86_microsoft-windows-ie-imagesupport_31bf3856ad364e35_8.0.6001.18702_none_20dfeb2e08d9ec0a\imgutil.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:32:38 66560 C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\wextract.exe
+ 2009-05-19 09:36:14 . 2009-03-08 11:31:17 48128 C:\Windows\winsxs\x86_microsoft-windows-ie-htmleditingsupport_31bf3856ad364e35_8.0.6001.18702_none_d658a8dacff20c9e\mshtmler.dll
+ 2009-05-19 09:36:15 . 2009-03-08 11:31:24 66560 C:\Windows\winsxs\x86_microsoft-windows-ie-htmlediting_31bf3856ad364e35_8.0.6001.18702_none_2b140bc159303551\mshtmled.dll
+ 2009-05-19 09:36:02 . 2009-03-08 11:31:00 45568 C:\Windows\winsxs\x86_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.6001.18702_none_3c45119b1f28ff3d\mshta.exe
+ 2009-05-19 09:36:09 . 2009-03-08 11:31:52 13312 C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedssync.exe
+ 2009-05-19 09:36:11 . 2009-03-08 11:31:51 55296 C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\msfeedsbs.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:34:28 43008 C:\Windows\winsxs\x86_microsoft-windows-ie-controls_31bf3856ad364e35_8.0.6001.18702_none_accc7a4465be292a\licmgr10.dll
+ 2009-05-19 09:36:14 . 2009-03-08 11:32:54 72704 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\admparse.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:33:28 64512 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\WininetPlugin.dll
+ 2009-05-19 09:36:14 . 2009-03-08 11:33:24 25600 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\jsproxy.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:33:38 18944 C:\Windows\winsxs\x86_microsoft-windows-i..tivexpolicyprovider_31bf3856ad364e35_8.0.6001.18702_none_6f561c09617d9439\corpol.dll
+ 2009-05-19 09:36:08 . 2009-03-08 11:31:35 46592 C:\Windows\winsxs\x86_microsoft-windows-i..ablenetworkgraphics_31bf3856ad364e35_8.0.6001.18702_none_d0b191832934e44c\pngfilt.dll
+ 2006-03-10 18:18:19 . 2009-05-19 10:15:52 52004 C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2009-05-19 10:15:56 66260 C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-12 17:27:08 . 2009-05-19 10:15:57 12376 C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1038951691-2387425700-135970857-1002_UserData.bin
+ 2009-05-19 09:36:08 . 2009-03-08 11:31:35 46592 C:\Windows\System32\pngfilt.dll
+ 2009-05-19 09:36:15 . 2009-03-08 11:31:24 66560 C:\Windows\System32\mshtmled.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:31:52 13312 C:\Windows\System32\msfeedssync.exe
+ 2009-05-19 09:36:11 . 2009-03-08 11:31:51 55296 C:\Windows\System32\msfeedsbs.dll
- 2008-10-16 13:50:09 . 2008-02-22 05:01:41 64512 C:\Windows\System32\migration\WininetPlugin.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:33:28 64512 C:\Windows\System32\migration\WininetPlugin.dll
+ 2009-05-19 09:36:14 . 2009-03-08 11:33:24 25600 C:\Windows\System32\jsproxy.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:32:44 94720 C:\Windows\System32\inseng.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:32:48 55808 C:\Windows\System32\iernonce.dll
+ 2009-05-19 09:36:15 . 2009-03-08 11:31:51 59904 C:\Windows\System32\icardie.dll
+ 2006-11-02 13:02:04 . 2009-05-19 10:14:09 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02:04 . 2009-05-17 13:59:34 16384 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02:04 . 2009-05-19 10:14:09 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02:04 . 2009-05-17 13:59:34 49152 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02:04 . 2009-05-19 10:14:09 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02:04 . 2009-05-17 13:59:34 16384 C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-19 09:36:12 . 2009-03-08 11:35:02 2048 C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18702_none_83daaad046b59436\iecompat.dll
+ 2009-05-19 10:13:54 . 2009-05-19 10:13:54 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-05-17 13:59:20 . 2009-05-17 13:59:20 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-19 10:13:54 . 2009-05-19 10:13:54 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-17 13:59:20 . 2009-05-17 13:59:20 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-19 09:36:06 . 2009-03-08 11:33:04 420352 C:\Windows\winsxs\x86_microsoft-windows-scripting-vbscript_31bf3856ad364e35_8.0.6001.18702_none_2b4525a943b273a6\vbscript.dll
+ 2009-05-19 09:36:06 . 2009-03-08 11:33:14 726528 C:\Windows\winsxs\x86_microsoft-windows-scripting-jscript_31bf3856ad364e35_8.0.6001.18702_none_65cb0af10cefc76a\jscript.dll
+ 2009-05-19 09:36:14 . 2009-03-08 11:22:37 156160 C:\Windows\winsxs\x86_microsoft-windows-msls31_31bf3856ad364e35_8.0.6001.18702_none_aeeaf610b83f2e48\msls31.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:35:00 121344 C:\Windows\winsxs\x86_microsoft-windows-js-debuggeride_31bf3856ad364e35_8.0.6001.18702_none_1de359b6148047cc\jsdebuggeride.dll
+ 2009-05-19 09:36:00 . 2009-03-08 11:33:55 256000 C:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.6001.18702_none_cb86fb78a76dcdde\ieinstal.exe
+ 2009-05-19 09:36:14 . 2009-03-08 11:22:45 164352 C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieui.dll
+ 2009-05-19 09:36:05 . 2009-03-08 11:34:26 105984 C:\Windows\winsxs\x86_microsoft-windows-ie-winsockautodialstub_31bf3856ad364e35_8.0.6001.18702_none_d315f3a07395d0ed\url.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:34:47 208384 C:\Windows\winsxs\x86_microsoft-windows-ie-winfxdocobj_31bf3856ad364e35_8.0.6001.18702_none_d4a239fe30224f93\WinFXDocObj.exe
+ 2009-05-19 09:36:07 . 2009-03-08 11:33:46 759296 C:\Windows\winsxs\x86_microsoft-windows-ie-vgx_31bf3856ad364e35_8.0.6001.18702_none_d02233c4fe8667df\VGX.dll
+ 2009-05-19 09:36:02 . 2009-03-08 11:33:17 109056 C:\Windows\winsxs\x86_microsoft-windows-ie-sysprep_31bf3856ad364e35_8.0.6001.18702_none_fe7d3c2acfc7f690\iesysprep.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:32:53 173056 C:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.6001.18702_none_a8bbd77e7444b9cb\ie4uinit.exe
+ 2009-05-19 09:36:14 . 2009-03-08 21:09:23 140128 C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\sqmapi.dll
+ 2009-05-19 09:36:10 . 2009-03-08 11:34:17 193536 C:\Windows\winsxs\x86_microsoft-windows-ie-ratings_31bf3856ad364e35_8.0.6001.18702_none_aa7d60ae7286ab24\msrating.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:33:16 109568 C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\PDMSetup.exe
+ 2009-05-19 09:36:01 . 2009-01-08 01:20:17 355832 C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\pdm.dll
+ 2009-05-19 09:36:02 . 2009-01-08 01:20:17 265720 C:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.6001.18702_none_d0610d06fe575a49\msdbg2.dll
+ 2009-05-19 09:36:10 . 2009-03-08 11:34:47 236544 C:\Windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.6001.18702_none_44170552678500f2\webcheck.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:34:16 109568 C:\Windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.6001.18702_none_1a118a8629ee860e\occache.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:35:11 233984 C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilerui_31bf3856ad364e35_8.0.6001.18702_none_d5ea1c01e3fe67ea\jsprofilerui.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:35:02 118272 C:\Windows\winsxs\x86_microsoft-windows-ie-jsprofilercore_31bf3856ad364e35_8.0.6001.18702_none_ed92bec9472aab53\JSProfilerCore.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:35:01 521216 C:\Windows\winsxs\x86_microsoft-windows-ie-jscriptdebugui_31bf3856ad364e35_8.0.6001.18702_none_9d577137e370ad2c\jsdbgui.dll
+ 2009-05-19 09:35:59 . 2009-03-08 21:09:24 638816 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
+ 2009-05-19 09:36:01 . 2009-03-08 11:33:15 132608 C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\ieUnatt.exe
+ 2009-05-19 09:36:01 . 2009-03-08 11:35:03 144384 C:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.6001.18702_none_10e8e2fad95106ab\ExtExport.exe
+ 2009-05-19 09:36:02 . 2009-03-08 11:32:32 169472 C:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.6001.18702_none_4766ff3b547d623d\iexpress.exe
+ 2009-05-19 09:36:09 . 2009-03-08 11:33:29 196096 C:\Windows\winsxs\x86_microsoft-windows-ie-ieshims_31bf3856ad364e35_8.0.6001.18702_none_2a78524fb0047330\IEShims.dll
+ 2009-05-19 09:36:02 . 2009-03-08 11:33:48 246784 C:\Windows\winsxs\x86_microsoft-windows-ie-ieproxy_31bf3856ad364e35_8.0.6001.18702_none_731a06b9605c0cc2\ieproxy.dll
+ 2009-05-19 09:36:00 . 2009-03-08 11:34:00 115712 C:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.6001.18702_none_e9612e8087062a88\ielowutil.exe
+ 2009-05-19 09:40:26 . 2009-04-25 12:39:00 102400 C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.22867_none_842869855fff5a59\iecompat.dll
+ 2009-05-19 09:40:26 . 2009-04-25 03:31:29 102400 C:\Windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18777_none_8393fcce46e9d680\iecompat.dll
+ 2009-05-19 09:36:02 . 2009-03-08 11:33:15 125952 C:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_8.0.6001.18702_none_a0d17792aa595b3e\iecleanup.exe
+ 2009-05-19 09:36:01 . 2009-03-08 11:33:15 103936 C:\Windows\winsxs\x86_microsoft-windows-ie-gc-setdepnx_31bf3856ad364e35_8.0.6001.18702_none_9396116207a33bbc\SetDepNx.exe
+ 2009-05-19 09:36:02 . 2009-03-08 11:33:15 107520 C:\Windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.6001.18702_none_0ad3f877399acafc\RegisterIEPKEYs.exe
+ 2009-05-19 09:36:08 . 2009-03-08 11:32:24 594432 C:\Windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_8.0.6001.18702_none_42d1aca65041d4fb\msfeeds.dll
+ 2009-05-19 09:36:12 . 2009-03-08 11:31:37 216064 C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtrans.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:31:42 348160 C:\Windows\winsxs\x86_microsoft-windows-ie-directxtransforms_31bf3856ad364e35_8.0.6001.18702_none_7ab17169976f82c4\dxtmsft.dll
+ 2009-05-19 09:36:00 . 2009-03-08 11:35:31 742912 C:\Windows\winsxs\x86_microsoft-windows-ie-devtools_31bf3856ad364e35_8.0.6001.18702_none_1e902f2a55a1ce84\iedvtool.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:31:55 183808 C:\Windows\winsxs\x86_microsoft-windows-ie-behaviors_31bf3856ad364e35_8.0.6001.18702_none_1faea70907d94aa5\iepeers.dll
+ 2009-05-19 09:36:06 . 2009-03-08 11:11:10 445952 C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:32:50 163840 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieakui.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:33:06 229376 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitmostfiles_31bf3856ad364e35_8.0.6001.18702_none_911d44271c9159e9\ieaksie.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:33:01 125952 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitengine_31bf3856ad364e35_8.0.6001.18702_none_87015889ddff063f\ieakeng.dll
+ 2009-05-19 09:36:05 . 2009-03-08 21:09:24 391536 C:\Windows\winsxs\x86_microsoft-windows-ie-adminkitbranding_31bf3856ad364e35_8.0.6001.18702_none_573b8ed36d48a30a\iedkcs32.dll
+ 2009-05-19 09:36:00 . 2009-03-08 11:34:57 914944 C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.6001.18702_none_e4d415d7b79e8243\wininet.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:32:02 611840 C:\Windows\winsxs\x86_microsoft-windows-i..mlrenderingadvanced_31bf3856ad364e35_8.0.6001.18702_none_c3b0c8fe923e1b1f\mstime.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:33:15 107008 C:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.6001.18702_none_eb622404d6d4cb81\SetIEInstalledDate.exe
+ 2009-05-19 09:36:08 . 2009-03-08 11:32:46 128512 C:\Windows\winsxs\x86_microsoft-windows-advpack_31bf3856ad364e35_8.0.6001.18702_none_8eb687d4089bfe4d\advpack.dll
- 2008-09-13 09:27:18 . 2008-01-19 07:33:37 208384 C:\Windows\System32\WinFXDocObj.exe
+ 2009-05-19 09:36:09 . 2009-03-08 11:34:47 208384 C:\Windows\System32\WinFXDocObj.exe
+ 2009-05-19 09:36:10 . 2009-03-08 11:34:47 236544 C:\Windows\System32\webcheck.dll
+ 2009-04-19 19:56:40 . 2009-05-17 19:41:40 194822 C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-09-13 09:25:55 . 2008-01-19 07:36:46 105984 C:\Windows\System32\url.dll
+ 2009-05-19 09:36:05 . 2009-03-08 11:34:26 105984 C:\Windows\System32\url.dll
- 2006-11-02 10:33:01 . 2009-05-17 12:58:01 595506 C:\Windows\System32\perfh009.dat
+ 2006-11-02 10:33:01 . 2009-05-17 19:45:16 595506 C:\Windows\System32\perfh009.dat
- 2006-11-02 10:33:01 . 2009-05-17 12:58:01 104940 C:\Windows\System32\perfc009.dat
+ 2006-11-02 10:33:01 . 2009-05-17 19:45:16 104940 C:\Windows\System32\perfc009.dat
+ 2009-05-19 09:36:11 . 2009-03-08 11:34:16 109568 C:\Windows\System32\occache.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:32:02 611840 C:\Windows\System32\mstime.dll
+ 2009-05-19 09:36:10 . 2009-03-08 11:34:17 193536 C:\Windows\System32\msrating.dll
+ 2009-05-19 09:36:08 . 2009-03-08 11:32:24 594432 C:\Windows\System32\msfeeds.dll
+ 2009-05-19 09:36:06 . 2009-03-08 11:33:14 726528 C:\Windows\System32\jscript.dll
+ 2009-05-19 09:36:14 . 2009-03-08 11:22:45 164352 C:\Windows\System32\ieui.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:31:55 183808 C:\Windows\System32\iepeers.dll
+ 2009-05-19 09:36:05 . 2009-03-08 21:09:24 391536 C:\Windows\System32\iedkcs32.dll
+ 2009-05-19 09:36:06 . 2009-03-08 11:11:10 445952 C:\Windows\System32\ieapfltr.dll
+ 2009-05-19 09:36:09 . 2009-03-08 11:32:50 163840 C:\Windows\System32\ieakui.dll
+ 2009-05-19 09:36:11 . 2009-03-08 11:33:06 229376 C:\Windows\System32\ieaksie.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:33:01 125952 C:\Windows\System32\ieakeng.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:32:53 173056 C:\Windows\System32\ie4uinit.exe
+ 2009-05-19 09:36:12 . 2009-03-08 11:31:37 216064 C:\Windows\System32\dxtrans.dll
+ 2009-05-19 09:36:13 . 2009-03-08 11:31:42 348160 C:\Windows\System32\dxtmsft.dll
+ 2009-05-19 09:52:16 . 2009-05-19 10:08:09 245760 C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-19 09:36:08 . 2009-03-08 11:32:46 128512 C:\Windows\System32\advpack.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:32:20 1985024 C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_8.0.6001.18702_none_2a8eccb3a24fa0a0\iertutil.dll
+ 2009-05-19 09:35:52 . 2009-03-08 11:41:15 5937152 C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.6001.18702_none_f62e34f637f4eb79\mshtml.dll
+ 2009-05-19 09:36:02 . 2009-02-07 04:07:56 3698584 C:\Windows\winsxs\x86_microsoft-windows-ie-antiphishfilter_31bf3856ad364e35_8.0.6001.18702_none_de7d38b18189fc96\ieapfltr.dat
+ 2009-05-19 09:35:59 . 2009-03-08 11:34:55 1206784 C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_8.0.6001.18702_none_97ce3a35ec955bb0\urlmon.dll
+ 2009-05-19 09:35:59 . 2009-03-08 11:34:55 1206784 C:\Windows\System32\urlmon.dll
- 2006-11-02 10:22:39 . 2009-05-10 17:11:33 6553600 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2006-11-02 10:22:39 . 2009-05-19 10:12:27 6553600 C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-05-19 09:35:52 . 2009-03-08 11:41:15 5937152 C:\Windows\System32\mshtml.dll
+ 2009-05-19 09:36:01 . 2009-03-08 11:32:20 1985024 C:\Windows\System32\iertutil.dll
+ 2009-05-19 09:36:02 . 2009-02-07 04:07:56 3698584 C:\Windows\System32\ieapfltr.dat
+ 2009-05-19 10:06:17 . 2009-05-19 10:06:18 6332416 C:\Windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2009-05-19 09:35:57 . 2009-03-08 11:39:47 11063808 C:\Windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_8.0.6001.18702_none_478d8ef9c3ea79a6\ieframe.dll
+ 2009-05-08 10:28:21 . 2009-05-19 09:40:32 53487630 C:\Windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2009-05-19 09:35:57 . 2009-03-08 11:39:47 11063808 C:\Windows\System32\ieframe.dll
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX8400 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE" [2007-04-12 06:00:00 182272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-11 19:07:30 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 02:53:40 894512]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40:22 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-20 08:13:39 29744]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 01:18:32 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 16:20:56 28672]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 11:00:00 174872]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 17:16:26 90112]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 15:38:32 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 00:04:34 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2009-04-01 08:38:06 198160]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2008-01-21 03:34:00 92704]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-01-21 03:34:00 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-01-21 03:34:00 88608]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 03:19:17 148888]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-05-12 09:35:15 1947928]

C:\Users\collŠge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

C:\Users\Aline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2008-9-2 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0108030E-FB06-4DE2-9A31-02BA798DBE34}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9C6038C0-0293-4671-A6F1-0C8BB7704A48}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{27E0AA76-D323-4A20-8837-45FE1DD0F00F}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{01F71DEF-1170-4B4B-9D5B-D4F1C8CF6C0D}"= C:\Program Files\AVG\AVG8\avgam.exe:avgam.exe
"{C56E5FFA-FF9A-41E1-A58B-0196E0A3B4D6}"= C:\Program Files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{84F69530-94CB-4C22-AF44-72F615F148CE}"= C:\Program Files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{1AB281BB-3029-4BF9-A6C5-19B394261558}"= C:\Program Files\AVG\AVG8\avgemc.exe:avgemc.exe
"{34BF6101-1E32-48E5-A0A3-7A4285589200}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3DE8A06-A61B-4A03-B41A-D54564C86381}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS

R0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\drivers\avgrkx86.sys [12/05/2009 11:35:37 12552]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6x.sys [12/05/2009 11:34:07 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [12/05/2009 11:35:29 325896]
R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [12/05/2009 11:35:35 108552]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [12/05/2009 11:35:14 908568]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [12/05/2009 11:35:11 298776]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [12/05/2009 11:35:15 1366904]
R2 SeaPort;SeaPort;C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14/01/2009 18:53:02 226656]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8187B.sys [11/03/2006 03:58:11 281088]
S2 gupdate1c9b2a4fa6ec283;Service Google Update (gupdate1c9b2a4fa6ec283);C:\Program Files\Google\Update\GoogleUpdate.exe [01/04/2009 10:36:37 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [10/03/2006 20:52:30 29744]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\System32\drivers\PCAMp50.sys [05/09/2008 19:16:32 28224]
.
Contenu du dossier 'Tâches planifiées'

2009-05-19 C:\Windows\Tasks\Extension de garantie.job
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-03-10 18:43:16 . 2006-11-21 16:38:02]

2009-05-19 C:\Windows\Tasks\GoogleUpdateTaskMachine.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-01 08:36:37 . 2009-04-01 08:36:13]

2008-07-15 C:\Windows\Tasks\HDReg.job
- C:\Program Files\HDReg\HDRegRem.exe [2003-07-15 08:14:54 . 2003-07-15 08:14:54]

2008-07-12 C:\Windows\Tasks\PBReg.job
- C:\Program Files\HDReg\HDRegDel.exe [2005-06-21 13:20:28 . 2005-06-21 13:20:28]

2008-08-14 C:\Windows\Tasks\PBRegbk.job
- C:\Program Files\HDReg\HDRegDel.exe [2005-06-21 13:20:28 . 2005-06-21 13:20:28]

2009-05-19 C:\Windows\Tasks\User_Feed_Synchronization-{99C226A6-3051-4014-BD4C-34F533E55B7D}.job
- C:\Windows\system32\msfeedssync.exe [2009-05-19 09:36:09 . 2009-03-08 11:31:52]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - C:\Users\Aline\AppData\Roaming\Mozilla\Firefox\Profiles\4eo6avwd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: C:\Program Files\Mozilla Firefox\components\xpinstal.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
FF - component: C:\Program Files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- PARAMETRES FIREFOX ----
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
C:\Program Files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.hideGoButton", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&mozver={moz:version}-{moz:buildid}&");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&mozver={moz:version}-{moz:buildid}&");
C:\Program Files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 12:14:38
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Windows\System32\audiodg.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Heure de fin: 2009-05-19 12:21:29 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-05-19 10:21:23
ComboFix2.txt 2009-05-18 07:40:55
ComboFix3.txt 2009-05-17 14:06:28

Avant-CF: 88 087 449 600 octets libres
Après-CF: 88 029 982 720 octets libres

502 --- E O F --- 2009-05-19 07:11:52

Réponse 11 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
20 mai 2009 à 17:45

Parfait, poste un dernier rapport hijackthis stp

germainepoux
20 mai 2009 à 18:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:27, on 20/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S5CC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll C:\Windows\System32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9b2a4fa6ec283) (gupdate1c9b2a4fa6ec283) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Réponse 12 / 12

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
20 mai 2009 à 19:25

Très bien, ton ordinateur n'est plus infecté !

Avant de retourner surfer sur internet, il y a certaines choses que tu dois faire pour finir le nettoyage et améliorer sensiblement la sécurité de ton ordinateur, ça t'évitera peut-être de devoir revenir ici avec une nouvelle infection dans le futur ;) Mais sache qu'aucun logiciel de sécurité ne te protègera à 100%, ce qui fait la différence, c'est ta vigilance lorsque tu télécharges ou installes quelque chose : pour en savoir plus, je t'invite à bien lire la page indiquée tout en bas de ce message (7).

1) Les barres d'outils

Souvent installées avec d'autres logiciels sans que l'utilisateur y fasse attention, les barres d'outils se multiplient sur les ordinateurs et ont deux résultats : ralentir les ordinateurs et provoquer des bugs des navigateurs.
Je te conseille de désinstaller la tienne qui ets inutile (barre d'outil Windows Live).
Pour ça, ferme ton navigateur, puis Menu démarrer --> Panneau de configuration --> ajout/suppression de programmes --> désinstalle la Windows Live Toolbar.

2) Sécurise ton ordinateur

• Anti-virus :
Tu as tout d'abord des restes de Norton, il faut les supprimer : Outil de désinstallation Norton

Ensuite, si tu souhaites remplacer AVG, tu dois le désactiver, puis le désinstaller et faire redémarrer ton ordinateur.
Tu pourras alors le remplacer par AntiVir, qui est ce qui se fait de mieux parmi les antivirus gratuits.

• Anti-spyware :
* Installe Spyware Blaster : il ne prend pas de mémoire, c'est juste un logiciel qui vaccine ton pc contre certaines infections. Il faut le mettre à jour manuellement (« Updates »), tous les 15 jours environ, et activer toutes les protections (« Enable all protection »)
* En complément, garde MalwareBytes pour son scan de nettoyage performant.

• Pour naviguer sur internet plus en sécurité et à l’abri des publicités, je te conseille vivement d’installer et d'utiliser le navigateur Firefox. Une fois que c'est fait, lance le et installe les deux extensions de sécurité suivantes :
AdBlockPlus pour bloquer les publicités ;
WOT, pour t'avertir des sites web dangereux.

• Adobe Reader n’est pas à jour, c’est une faille de sécurité. Désinstalle le en allant dans menu démarrer --> panneau de configuration --> ajout/suppression de programmes. Puis télécharge et installe la nouvelle version.

• Tu dois aussi mettre à jour tous tes autres programmes pour combler des failles de sécurité... Vérifie les mises disponibles à l'aide de ce petit programme (choisis la version sans installation) : Update Checker

3) Relance Hijackthis (pour la dernière fois), choisis "scan system only" et coche les lignes suivantes qui sont inutiles (j'ai intégré les barres d'outils dans cette liste) :

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

Si tu as bien mis à jour Adobe Reader comme je te l'ai recommandé, cette ligne devrait apparaitre, tu peux la cocher : O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

Coche également toutes les lignes commençant par 016

Ensuite, clique sur "Fix checked"

4) Télécharge ToolsCleaner sur ton Bureau pour nettoyer l'ordi de tous les outils qu'on a utilisé : ToolsCleaner
Fais un clic-droit dessus et choisis « Exécuter en temps qu'administrateur ». Clique sur Recherche et laisse le scan se finir, puis clique sur Suppression pour nettoyer.
Tu peux aussi supprimer les fichiers temporaires.
Ensuite, supprime manuellement ToolsCleaner (mets le à la corbeille).
S'il ne supprime pas tout, supprime manuellement ce qui reste.

5) Télécharge et installe CCleaner (si ce n’est déjà fait) : https://www.ccleaner.com/ccleaner/download

Lance CCleaner
Clique sur Option --> avancé --> décoche « effacer uniquement les fichiers plus vieux que 48h »
Puis Nettoyeur --> Analyse > Lancer le nettoyage, puis sur OK dans la fenêtre qui s' affiche.
Enfin, Registre --> corrige toutes les erreurs, et recommence jusqu'à ce qu'il ne trouve plus d'erreurs.

(Tu peux garder ce logiciel et l'utiliser régulièrement).

6) Pour finir le nettoyage, il faut purger la restauration du système (pour supprimer les points de restauration infectés).

• Menu démarrer --> clic droit sur ordinateur --> propriétés --> protection du système
• Désactive la restauration du système sur tous les lecteurs
• Clique sur OK.

Puis refais la manipulation inverse pour réactiver la restauration système.

7) Je t'invite enfin à visiter cette page qui t'apportera des informations de prévention et de protection contre les infections (environ 15 minutes de lecture très instructive et utile) : Prévention et sécurité sur internet

Bonne lecture, bon courage, et n'hésite pas à poser des questions en cas de besoin ;)

germainepoux
21 mai 2009 à 10:44

Bonjour,

J'ai fait le nettoyage de mon ordi, j'ai lancé un scan avec AntiVir, il m'a trouvé un virus qui n'en était pas un donc tout va bien.

Je te remercie pour toute l'aide que tu m'as apporté, et tout le temps que tu m'as accordé.

MERCI !!!!

anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790 > germainepoux
21 mai 2009 à 21:31

De rien ;)

Bonne continuation !

calidaho > anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015
23 août 2009 à 14:47

Bonjour,

Il y a 3 semaines, j'ai eu une alerte sur un cheval de troie, que je pensais avoir supprimé. Toutefois, depuis le lendemain, je n'ai pas d'accès internet. J'ai essayé plusieurs anti-virus mais ceux ci ne détectent rien. Après avoir lu les messages de ce forum, je vous envoie le log de hijackthis.

Merci de votre aide

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Util\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Util\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Util\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\Util\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?290de83fd655410e94bee61e162b3ebd
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?290de83fd655410e94bee61e162b3ebd
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7E285D-5EF7-4060-B88B-4CCF6A2B3A01}: NameServer = 192.168.1.1
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Util\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon_old - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Util\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Franson GpsGate 2.0 - Unknown owner - C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MacDrive service (MacDriveService) - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Discussions similaires

prelevement bizarre

Présence ou non de cheval de troie ?

windows defender cheval de troie

ouh i ouh ah ah

Cheval de Troie et ordi bloqué!!!

Discussions similaires

Newsletters