Problème de virus

Résolu
tbd Messages postés 15 Date d'inscription   Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Mon ordi a été malheureusement infecté par un virus dont je n'arrive pas à me débarrasser, avast n'y fait rien, j'ai tenté BitDefender hier soir qui n'a pas réussi non plus mais a détecté "Trojan.Packed.57084" dans C:/Windows/system32/prls.dll
A cause de ce virus je ne peux plus accèder à "mes images", dès que je tente la fenêtre se ferme avec un message d'avertissement puis " L'application csrcs.exe ne peut être executée en mode Win32".
Je ne sais plus quoi faire pour me débarasser de ce virus, je ne peux même pas tenter de sauver mes photos en les mettant sur un clé usb ou en les gravant car ça me donne le même résultat.
Si vous avez une solution je prends!
Merci d'avance!
Configuration: Windows XP Internet Explorer 7.0

32 réponses

  • 1
  • 2
  1. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Et en mode sans échec?
    Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

    http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

    * Enregistre HJTInstall.exe sur ton bureau.

    * Double-clique sur HJTInstall.exe pour lancer le programme

    Tuto : https://www.malekal.com/tutoriel-hijackthis/
    http://pagesperso-orange.fr/rginformatique/section%20virus/­Hijenr.gif
    http://pagesperso-orange.fr/rginformatique/section%20virus/­demohijack.htm

    * Accepte la license en cliquant sur le bouton "I Accept"
    * Choisis l'option "Do a system scan and save a log file"
    * Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
    * Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

    * Colle le rapport que tu viens de copier sur ce forum

    A+
    0
  2. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Merci!
    Voilà ce que ça me donne:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:39:06, on 15/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Avast4\aswUpdSv.exe
    C:\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\PVSW\Bin\WGE_SRV.EXE
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    c:\PVSW\BIN\W3dbsmgr.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Avast4\ashDisp.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\Philips\SPC220NC\Monitor.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\DNA\btdna.exe
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Avast4\ashMaiSv.exe
    C:\Avast4\ashWebSv.exe
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\marche de sfiancé\TorrentManager.dll (file missing)
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [MSys32] "C:\jeux\Sectors of Death\Web\morfitwebentrance.exe"
    O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [seek balm] C:\DOCUME~1\Julien\APPLIC~1\ONLINE~1\Great comp.exe
    O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Julien\Application Data\WinButler\WinButler.exe
    O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Julien\Application Data\Microsoft\Windows\xtiqxaw.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Julien\Application Data\nidle\nidle.exe" 61A847B5BBF72810369239466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Auto-K.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: TrayMin220.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    0
  3. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Oula, il y a énormément de boulot/désinfections dans ce PC. Un peu de patience pour tout mettre nickel...quoi qu'il en soit, si tu ne prends de bonnes habitudes de surfs, tu devras prendre un abonnement sur CCM :-)

    Télécharge https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
    (Team IDN) sur ton Bureau.
    [*]Lance l'installation du programme en exécutant le fichier téléchargé.
    [*]Double-clique maintenant sur le raccourci de Toolbar-S&D.
    [*]Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    [*]Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    [*]Poste le rapport généré. (C:\TB.txt)

    A+
    0
  4. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Voilà le rapport:

    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile ML-32 )
    BIOS : EPP runtime BIOS - Version 1.1
    USER : Julien ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1335 [VPS 090714-0] 4.8.1335 (Activated)
    C:\ (Local Disk) - NTFS - Total:55 Go (Free:16 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 15/07/2009|21:02 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\Julien\LOCALS~1\Temp\NER1ED.tmp\Toolbar.exe
    C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO13356\Toolbar.exe
    C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14399\Toolbar.exe
    C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14409\Toolbar.exe
    C:\DOCUME~1\Julien\LOCALS~1\Temp\NeroDemo12061\Toolbar.exe
    C:\Program Files\AskBarDis
    C:\Program Files\AskBarDis\bar
    C:\Program Files\AskBarDis\unins000.exe
    C:\Program Files\AskBarDis\bar\bin
    C:\Program Files\AskBarDis\bar\Cache
    C:\Program Files\AskBarDis\bar\History
    C:\Program Files\AskBarDis\bar\Settings
    C:\Program Files\AskBarDis\bar\bin\askBar.dll
    C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
    C:\Program Files\AskBarDis\bar\bin\psvince.dll
    C:\Program Files\AskBarDis\bar\Cache\files.ini
    C:\Program Files\AskTBar
    C:\Program Files\AskTBar\bar
    C:\Program Files\AskTBar\PopSwatr
    C:\Program Files\AskTBar\SrchAstt
    C:\Program Files\AskTBar\bar\1.bin
    C:\Program Files\AskTBar\bar\Cache
    C:\Program Files\AskTBar\bar\History
    C:\Program Files\AskTBar\bar\Settings
    C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
    C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
    C:\Program Files\AskTBar\bar\Cache\files.ini
    C:\Program Files\AskTBar\bar\History\search2
    C:\Program Files\AskTBar\PopSwatr\History
    C:\Program Files\AskTBar\PopSwatr\History\allowed
    C:\Program Files\AskTBar\PopSwatr\History\notallow
    C:\Program Files\AskTBar\SrchAstt\1.bin
    C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
    C:\Program Files\FunWebProducts
    C:\Program Files\FunWebProducts\ScreenSaver
    C:\Program Files\FunWebProducts\ScreenSaver\Images
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\bookworm16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diamond_drop_216x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\golden_hearts16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_craft16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjongg_ancient_mayas16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pyra_cubes16x16.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\zuma16x16.gif
    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
    C:\Program Files\MyWebSearch
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch\SrchAstt
    C:\Program Files\MyWebSearch\bar\1.bin
    C:\Program Files\MyWebSearch\bar\2.bin
    C:\Program Files\MyWebSearch\bar\Settings
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\SrchAstt\2.bin
    C:\WINDOWS\System32\f3PSSavr.scr
    C:\DOCUME~1\Julien\LOCALS~1\Temp\nsi1EEC.tmp
    C:\DOCUME~1\Julien\LOCALS~1\Temp\nsl22.tmp
    C:\DOCUME~1\Julien\LOCALS~1\Temp\nsq78E.tmp
    C:\DOCUME~1\Julien\LOCALS~1\Temp\nsv1EF0.tmp

    -----------\\ Extensions

    (Julien) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Search Page"="https://actus.sfr.fr"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

    --------------------\\ Recherche d'autres infections

    C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner\Userdata
    C:\WINDOWS\Pack.epk
    C:\DOCUME~1\Julien\LOCALS~1\Temp\Pack.epk
    C:\WINDOWS\System32\nvs2.inf

    C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc.dat
    C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_nav.dat
    C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_navps.dat
    C:\WINDOWS\System32\zqhlretl.dat
    C:\WINDOWS\System32\zqhlretl_nav.dat
    C:\WINDOWS\System32\zqhlretl_navps.dat
    [b]==> EGDACCESS <==/b

    --------------------\\ ROGUES ..

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
    C:\DOCUME~1\Julien\APPLIC~1\WinAntiVirus Pro 2006
    C:\DOCUME~1\Julien\APPLIC~1\WinButler

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip
    C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen
    C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen\Ebp Gestion Commerciale 2007 11 0 0 118.exe
    C:\DOCUME~1\Julien\Recent\[PC GAME PATCH] Civilization 4 Warlords Patch 2.08+Crack.lnk
    C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack
    C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack\WinRAR.v3.xx.Crack.exe

    1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|21:05 - Option : [1]

    -----------\\ Fin du rapport a 21:05:05,57
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    ! Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.
    0
  7. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile ML-32 )
    BIOS : EPP runtime BIOS - Version 1.1
    USER : Julien ( Administrator )
    BOOT : Normal boot
    Antivirus : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 (Activated)
    C:\ (Local Disk) - NTFS - Total:55 Go (Free:16 Go)
    D:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [2] ( 15/07/2009|22:31 )

    -----------\\ SUPPRESSION

    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NER1ED.tmp\Toolbar.exe
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO13356\Toolbar.exe
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14399\Toolbar.exe
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14409\Toolbar.exe
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NeroDemo12061\Toolbar.exe
    Supprime! - C:\Program Files\AskBarDis\bar
    Supprime! - C:\Program Files\AskBarDis\unins000.exe
    Supprime! - C:\Program Files\AskTBar\bar
    Supprime! - C:\Program Files\AskTBar\PopSwatr
    Supprime! - C:\Program Files\AskTBar\SrchAstt
    Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\bookworm16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diamond_drop_216x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\golden_hearts16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_craft16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjongg_ancient_mayas16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pyra_cubes16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\zuma16x16.gif
    Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
    Supprime! - C:\Program Files\MyWebSearch\bar
    Supprime! - C:\Program Files\MyWebSearch\SrchAstt
    Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsi1EEC.tmp
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsl22.tmp
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsq78E.tmp
    Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsv1EF0.tmp
    Supprime! - C:\Program Files\AskBarDis
    Supprime! - C:\Program Files\AskTBar
    Supprime! - C:\Program Files\FunWebProducts
    Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
    Supprime! - C:\Program Files\MyWebSearch

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (Julien) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Search Page"="https://actus.sfr.fr"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"

    --------------------\\ Recherche d'autres infections

    C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner
    C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner\Userdata
    C:\WINDOWS\Pack.epk
    C:\DOCUME~1\Julien\LOCALS~1\Temp\Pack.epk
    C:\WINDOWS\System32\nvs2.inf

    C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc.dat
    C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_nav.dat
    C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_navps.dat
    C:\WINDOWS\System32\zqhlretl.dat
    C:\WINDOWS\System32\zqhlretl_nav.dat
    C:\WINDOWS\System32\zqhlretl_navps.dat
    [b]==> EGDACCESS <==/b

    --------------------\\ ROGUES ..

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
    C:\DOCUME~1\Julien\APPLIC~1\WinAntiVirus Pro 2006
    C:\DOCUME~1\Julien\APPLIC~1\WinButler

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip
    C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen
    C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen\Ebp Gestion Commerciale 2007 11 0 0 118.exe
    C:\DOCUME~1\Julien\Recent\[PC GAME PATCH] Civilization 4 Warlords Patch 2.08+Crack.lnk
    C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack
    C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack\WinRAR.v3.xx.Crack.exe

    1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|21:05 - Option : [1]
    2 - "C:\ToolBar SD\TB_2.txt" - 15/07/2009|22:35 - Option : [2]

    -----------\\ Fin du rapport a 22:35:21,17
    0
  8. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Ok.

    Fais un clic droit sur ce lien :
    http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
  9. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Voilà le rapport:

    Fix Navipromo version 4.0.1 commencé le 16/07/2009 11:41:25,93

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!

    Outil exécuté depuis C:\Program Files\navilog1

    Mise à jour le 14.07.2009 à 14h00 par IL-MAFIOSO

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile ML-32 )
    BIOS : EPP runtime BIOS - Version 1.1
    USER : Julien ( Administrator )
    BOOT : Normal boot

    Antivirus : avast! antivirus 4.8.1335 [VPS 090716-0] 4.8.1335 (Activated)

    C:\ (Local Disk) - NTFS - Total:55 Go (Free:16 Go)
    D:\ (CD or DVD)

    Recherche executée en mode normal

    Nettoyage exécuté au redémarrage de l'ordinateur

    C:\Documents and Settings\Julien\applic~1\MessengerSkinner supprimé !
    C:\Documents and Settings\Julien\locals~1\Temp\pack.epk supprimé !
    C:\WINDOWS\pack.epk supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !
    C:\WINDOWS\system32\zqhlretl.dat supprimé !
    C:\WINDOWS\system32\zqhlretl_nav.dat supprimé !
    C:\WINDOWS\system32\zqhlretl_navps.dat supprimé !
    C:\Documents and Settings\Julien\locals~1\applic~1\lklhodc.dat supprimé !
    C:\Documents and Settings\Julien\locals~1\applic~1\lklhodc_nav.dat supprimé !
    C:\Documents and Settings\Julien\locals~1\applic~1\lklhodc_navps.dat supprimé !

    Nettoyage contenu C:\WINDOWS\Temp effectué !
    Nettoyage contenu C:\Documents and Settings\Julien\locals~1\Temp effectué !

    *** Sauvegarde du Registre vers dossier Safebackup ***

    sauvegarde du Registre réalisée avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    Certificat Egroup supprimé !
    Certificat Electronic-Group supprimé !
    Certificat OOO-Favorit supprimé !

    *** Scan terminé 16/07/2009 12:39:55,78 ***
    0
  10. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    # Télchargez votre bureau RogueRemover de RubbeR DuckY : http://www.malwarebytes.org/RogueRemover.zip
    # Créez le dossier C:\RogueRemover pour cela :

    * Ouvrez le poste de travail
    * Ouvrez le disque C
    * Clicquez sur le menu Fichier puis Nouveau puis Nouveau Dossier
    * Nommez-le RogueRemover
    * Dcompressez RogueRemover.zip dans C:\RogueRemove
    * Rendez-vousi dans le dossier C:\RogueRemoveet double-clic sur le fichier RogueRemover.exe.
    * Clicquez sur le bouton Scan et laisse toi guider.
    * Copie/colle le rapport.

    A+
    0
  11. [EniDurb_Rp] Messages postés 1769 Statut Membre 489
     
    avast encore une victime , hein régis XD joli ton boulot
    esperons que kevin ne lise pas ça
    0
  12. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Pourquoi "encore une victime"???
    0
  13. [EniDurb_Rp] Messages postés 1769 Statut Membre 489
     
    Bonjour

    va lire ici tu comprendras pourquoi je dis " encore une victime "
    MAIS NE FAIS que ce que REGIS te dit de faire

    Cdlt Enidurb
    0
  14. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Ok merci pour la réponse!
    0
  15. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Petit soucis avec cette aplication, voilà la réponse du scan:

    Loading database...
    Expanding environmentals variable...

    Scanning Files...100%
    Scanning Folders...100%
    Scanning registry Keys...100%
    Scanning registry values...100%

    Congratulations! RogueRemover did not dtect any items!
    0
  16. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    OK

    Relance HijackThis et copie colle un nouveau rapport stp

    A+
    0
  17. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    Voilà!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:29:07, on 16/07/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Avast4\aswUpdSv.exe
    C:\Avast4\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\HPQ\IAM\bin\asghost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    c:\PVSW\Bin\WGE_SRV.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\PSIService.exe
    c:\PVSW\BIN\W3dbsmgr.EXE
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Avast4\ashDisp.exe
    C:\WINDOWS\CameraFixer.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Philips\SPC220NC\Monitor.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    C:\Avast4\ashMaiSv.exe
    C:\Avast4\ashWebSv.exe
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Program Files\HPQ\Shared\hpqwmi.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\Explorer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
    O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\marche de sfiancé\TorrentManager.dll (file missing)
    O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [MSys32] "C:\jeux\Sectors of Death\Web\morfitwebentrance.exe"
    O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [seek balm] C:\DOCUME~1\Julien\APPLIC~1\ONLINE~1\Great comp.exe
    O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Julien\Application Data\WinButler\WinButler.exe
    O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Julien\Application Data\Microsoft\Windows\xtiqxaw.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Julien\Application Data\nidle\nidle.exe" 61A847B5BBF72810369239466188719AB689201522886B092CBD44BD8689220221DD3257
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    O4 - Global Startup: Auto-K.lnk = ?
    O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: TrayMin220.lnk = ?
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
    O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
    O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
    O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    0
  18. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Re,

    Télécharge ComboFix (de sUBs):http://download.bleepingcomputer.com/sUBs/ComboFix.exe­

    - Sauvegarde le sur ton Bureau.
    - Double-clique sur Combofix.exe et suis les instructions.
    - Lorsqu'il aura terminé, un rapport apparaîtra à l'écran (fichier texte).
    - Poste le contenu du rapport dans ta prochaine réponse.

    Le rapport est également sauvegardé ici : C:\ComboFix.txt

    Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ;ceci provoquerait le gel du programme !

    A+
    0
  19. tbd
     
    Voici le rapport:

    ComboFix 09-07-14.08 - Julien 18/07/2009 8:24.1.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.383.138 [GMT 2:00]
    Running from: c:\documents and settings\Julien\Bureau\ComboFix.exe
    AV: avast! antivirus 4.8.1335 [VPS 090717-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Julien\err.log
    c:\recycler\S-1-5-21-2732339857-1078137814-3467438252-1003
    c:\recycler\S-1-5-21-823518204-1958367476-725345543-1003
    c:\windows\Installer\17708c.msi
    c:\windows\Installer\2773d88.msi
    c:\windows\Installer\5cd39c15.msp
    c:\windows\Installer\5cd39c1e.msp
    c:\windows\Installer\5cd39c32.msp
    c:\windows\Installer\5cd39c47.msp
    c:\windows\Installer\dbd4315.msp
    c:\windows\system32\AutoRun.inf
    c:\windows\system32\csrcs.exe
    c:\windows\system32\ldpackage.dll
    c:\windows\system32\mdm.exe
    c:\windows\system32\model.dat
    c:\windows\system32\prls.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_BOONTY_GAMES
    -------\Service_Boonty Games

    ((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
    .

    2009-07-16 13:06 . 2009-07-16 13:06 -------- d-----w- C:\RogueRemover
    2009-07-16 12:58 . 2009-07-16 13:08 -------- d-----w- c:\program files\RogueRemover FREE
    2009-07-16 09:39 . 2009-07-16 10:40 -------- d-----w- c:\program files\Navilog1
    2009-07-15 19:01 . 2009-07-15 20:35 -------- d-----w- C:\ToolBar SD
    2009-07-15 11:38 . 2009-07-15 11:38 -------- d-----w- c:\program files\Trend Micro
    2009-07-14 15:44 . 2009-07-14 17:14 -------- d-----w- c:\windows\BDOSCAN8
    2009-07-14 14:05 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2009-07-14 14:05 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2009-07-14 13:33 . 2009-07-14 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
    2009-07-14 13:29 . 2009-07-14 14:32 -------- d-----w- c:\windows\system32\CatRoot_bak
    2009-07-14 13:26 . 2009-07-14 13:26 -------- d-----w- c:\program files\PhotoFiltre
    2009-07-14 13:26 . 2009-07-14 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2009-07-14 13:24 . 2009-07-14 13:24 -------- d-----w- c:\program files\Fichiers communs\Sonic
    2009-07-12 19:45 . 2009-07-14 13:23 -------- d-----w- c:\program files\eMule
    2009-06-20 06:37 . 2009-07-14 13:24 -------- d-----w- c:\program files\Fichiers communs\SureThing Shared
    2009-06-20 06:37 . 2009-06-20 06:37 -------- d-----w- c:\program files\Sonic
    2009-06-20 06:22 . 2009-06-20 06:22 -------- d-----w- c:\program files\Broadcom

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-18 07:05 . 2009-01-05 16:46 -------- d-----w- c:\program files\DNA
    2009-07-18 07:05 . 2009-01-05 16:46 -------- d-----w- c:\documents and settings\Julien\Application Data\DNA
    2009-07-14 13:33 . 2009-05-03 06:29 -------- d-----w- c:\program files\Modèles Météo - GFS
    2009-07-14 13:26 . 2006-08-31 21:18 -------- d-----w- c:\program files\Yahoo!
    2009-07-14 13:24 . 2006-07-02 14:37 -------- d-----w- c:\program files\Google
    2009-07-14 13:24 . 2006-07-02 22:26 -------- d-----w- c:\program files\Java
    2009-07-14 13:23 . 2006-07-02 22:26 -------- d-----w- c:\program files\Windows Media Connect
    2009-07-14 13:23 . 2006-07-02 14:36 -------- d-----w- c:\program files\InterVideo
    2009-06-20 06:48 . 2004-08-17 09:31 86920 ----a-w- c:\windows\system32\perfc00C.dat
    2009-06-20 06:48 . 2004-08-17 09:31 496584 ----a-w- c:\windows\system32\perfh00C.dat
    2009-06-20 06:29 . 2006-07-02 22:26 -------- d-----w- c:\program files\HPQ
    2009-06-20 06:28 . 2006-07-02 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-20 06:21 . 2006-07-02 22:26 -------- d-----w- c:\program files\CONEXANT
    2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
    2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
    2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
    2009-06-02 08:52 . 2009-04-18 06:12 -------- d-----w- c:\program files\Zylom Games
    2009-05-18 10:38 . 2006-07-02 16:55 89584 ----a-w- c:\documents and settings\Julien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-16 07:02 . 2004-08-17 09:30 82403 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
    2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
    2009-04-20 06:42 . 2008-12-19 09:17 86576 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
    2009-04-20 06:42 . 2008-12-19 09:17 132672 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
    2009-04-20 06:42 . 2008-12-19 09:17 392728 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
    2009-04-20 06:42 . 2009-04-20 06:42 135680 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
    2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
    2009-02-07 07:34 . 2009-02-07 07:33 211345010 ----a-w- c:\program files\GOA_KNC_client.exe
    2008-12-02 18:08 . 2008-12-02 18:08 3231826 ----a-w- c:\program files\eMule0.49b-Installer1.exe
    2007-09-02 07:36 . 2007-09-02 07:36 493 ----a-w- c:\program files\Raccourci vers Windows Live.lnk
    2007-06-14 08:07 . 2007-06-14 08:07 533 ----a-w- c:\program files\Raccourci vers Messenger Plus! Live.lnk
    2007-10-09 14:34 . 2007-10-09 14:34 8 --sh--r- c:\windows\system32\DD37CAC7AF.sys
    2007-10-09 14:38 . 2007-10-09 14:34 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
    "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-05 342848]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 344064]
    "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728]
    "UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 499712]
    "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
    "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
    "avast!"="c:\avast4\ashDisp.exe" [2009-02-05 81000]
    "CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
    "snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
    "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
    "DLADiag"="c:\windows\DLADiag.EXE" [2005-08-25 57403]
    "Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

    c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\
    Notification de cadeaux MSN.lnk - c:\documents and settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-20 135680]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli AsWlnPkg

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "c:\\PVSW\\Bin\\w3dbsmgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\Julien\\Bureau\\Skype.exe"=

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 10:10 114768]
    R1 DLADiagN;DLADiagN;c:\windows\system32\drivers\DLADiagN.SYS [27/10/2007 11:06 10908]
    R1 DLAPMonN;DLAPMonN;c:\windows\system32\drivers\DLAPMonN.SYS [27/10/2007 11:06 22812]
    R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 10:00 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 10:10 20560]
    R2 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup;c:\pvsw\Bin\WGE_SRV.EXE [07/12/2006 16:08 32768]
    R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/04/2005 03:00 200576]
    S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [23/12/2005 03:35 87936]
    S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [26/12/2007 17:17 507136]
    S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT.EXE [30/09/1996 01:00 120832]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASChannel
    .
    Contents of the 'Scheduled Tasks' folder

    2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{9E4A5A85-3E5E-41B1-A490-905304A071DB}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8CD8EA48-D284-477E-B6DF-85D1E39D855F} - (no file)
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    HKCU-Run-seek balm - c:\docume~1\Julien\APPLIC~1\ONLINE~1\Great comp.exe
    HKCU-Run-WinButler - c:\documents and settings\Julien\Application Data\WinButler\WinButler.exe
    HKCU-Run-SfKg6wIPu - c:\documents and settings\Julien\Application Data\Microsoft\Windows\xtiqxaw.exe
    HKCU-Run-nidle - c:\documents and settings\Julien\Application Data\nidle\nidle.exe
    HKCU-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
    HKLM-Run-MSys32 - c:\jeux\Sectors of Death\Web\morfitwebentrance.exe
    HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
    HKLM-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
    HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe

    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    IE: E&xport to Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-18 09:04
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?7?7?8??P???? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1914338042-2647977849-611872985-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:8d,6a,8a,ff,97,3b,30,84,5e,bb,a7,e7,fd,81,14,b4,da,5f,09,7f,75,af,75,
    b2,f7,02,8e,29,c2,2c,0f,10,c3,3d,2c,d7,5a,f6,7b,2a,95,08,2a,ce,2c,37,1b,11,\
    "??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(856)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
    c:\program files\HPQ\IAM\Bin\ASChnl.dll
    c:\program files\HPQ\IAM\Bin\ItMsg.dll

    - - - - - - - > 'lsass.exe'(912)
    c:\program files\HPQ\IAM\bin\AsWlnPkg.dll

    - - - - - - - > 'explorer.exe'(2568)
    c:\program files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    c:\program files\HPQ\IAM\Bin\SFSShell.dll
    c:\program files\HPQ\IAM\bin\ItMsg.dll
    c:\program files\HPQ\IAM\bin\1036\SFSShell.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ati2evxx.exe
    c:\avast4\aswUpdSv.exe
    c:\windows\system32\dllhost.exe
    c:\avast4\ashServ.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\windows\system32\scardsvr.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\drivers\CDAC11BA.EXE
    c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\PSIService.exe
    c:\pvsw\Bin\w3dbsmgr.exe
    c:\windows\system32\searchindexer.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\fxssvc.exe
    c:\avast4\ashMaiSv.exe
    c:\avast4\ashWebSv.exe
    c:\windows\system32\ati2evxx.exe
    c:\program files\HPQ\IAM\Bin\asghost.exe
    c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
    c:\program files\HPQ\Shared\hpqwmi.exe
    c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
    c:\program files\Windows Desktop Search\WindowsSearch.exe
    c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
    c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
    .
    **************************************************************************
    .
    Completion time: 2009-07-18 9:23 - machine was rebooted
    ComboFix-quarantined-files.txt 2009-07-18 07:23

    Pre-Run: 28 869 206 016 octets libres
    Post-Run: 29 384 818 688 octets libres

    267 --- E O F --- 2009-07-16 08:11
    0
  20. Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 349
     
    Salut

    Désinstalles/supprime ceci:
    RogueRemover
    RogueRemover FREE
    Navilog1
    ToolBar SD
    Trend Micro

    Puis,

    [*]Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
    http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

    < Déconnecte-toi et ferme toutes applications en cours (important) >

    [*]Double-clique sur le programme d'installation ; laisse-le s' installer par défaut (C:\Program files).
    [*]Double-clique sur l'icône AD-Remover située sur ton Bureau.
    [*]Au menu principal, choisis l'option L.
    [*]Poste le rapport qui apparaît à la fin.

    (Le rapport est aussi conservé sous C:\Ad-report(date).log)

    (Ctrl+A pour tout sélectionner, Ctrl+C pour copier et Ctrl+V pour coller)

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection ;
    ne pas en tenir compte (il s'agit d'un faux positif) et continue la procédure.

    A+
    0
  21. tbd Messages postés 15 Date d'inscription   Statut Membre
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
    .
    Mit à jour par C_XX le 24/06/2009 à 7:10 PM
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 15:00:59, 19/07/2009 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Program Files\Ad-remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
    Nom du PC: YOUR-F14AC45099 | Utilisateur actuel: Julien
    .
    Administrateur: Administrateur
    N'est pas administrateur: ASPNET
    N'est pas administrateur: HelpAssistant *Desactive*
    N'est pas administrateur: Invité *Desactive*
    Administrateur: Julien
    N'est pas administrateur: SUPPORT_388945a0 *Desactive*
    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    .
    HKCR\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
    HKCR\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
    HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
    HKCR\SWEETIE.IEToolbar
    HKCR\SWEETIE.IEToolbar.1
    HKCR\SWEETIE.SWEETIE
    HKCR\SWEETIE.SWEETIE.1
    HKCR\ToolBand.SWEETIE
    HKCR\ToolBand.SWEETIE.1
    HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
    HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
    HKCU\Software\Casino Tropez
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
    HKCU\Software\SWEETIE
    HKCU\Software\WinButler
    HKLM\Software\Casino Tropez
    HKLM\Software\Macrogaming
    HKLM\Software\Microsoft\ESENT\Process\SweetIM
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKCR\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
    HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
    HKCR\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
    HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    .
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
    C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\DOCUME~1\Julien\APPLIC~1\WinButler\config.cfg
    C:\DOCUME~1\Julien\APPLIC~1\WinButler
    C:\Program Files\Macrogaming\SweetIM
    C:\Program Files\Macrogaming\SweetIMBarForIE
    C:\Program Files\Macrogaming\SweetIM\conf
    C:\Program Files\Macrogaming\SweetIM\data
    C:\Program Files\Macrogaming\SweetIM\default.xml
    C:\Program Files\Macrogaming\SweetIM\logs
    C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
    C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
    C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
    C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
    C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mghooking.dll
    C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
    C:\Program Files\Macrogaming\SweetIM\mglogger.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
    C:\Program Files\Macrogaming\SweetIM\mgMsnProt.dll
    C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
    C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
    C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
    C:\Program Files\Macrogaming\SweetIM\resources
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\Macrogaming\SweetIM\update
    C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
    C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
    C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
    C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users
    C:\Program Files\Macrogaming\SweetIM\conf\users\anaistruant@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\anne__@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\bruant68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\christiantruant@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\deborah-et-julien@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\debs6801@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\jess.68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\miss68mums@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\mjd68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\moi68moi@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\nais68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\poupete68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\presci_68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\seria68@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\tony-ruant@hotmail.fr
    C:\Program Files\Macrogaming\SweetIM\conf\users\anaistruant@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\anaistruant@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\anne__@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\anne__@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\bruant68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\bruant68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\christiantruant@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\christiantruant@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\deborah-et-julien@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\deborah-et-julien@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\debs6801@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\debs6801@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr\content_update_notification.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jess.68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\jess.68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_Emoticons.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_SoundFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_SpecialFX.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_Winks.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\miss68mums@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\miss68mums@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\content_update_notification.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\lastuse_Emoticons.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mjd68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\mjd68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\moi68moi@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\moi68moi@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nais68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\nais68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr\content_update_notification.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\poupete68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\poupete68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\presci_68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\presci_68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\seria68@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\seria68@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\tony-ruant@hotmail.fr\emoticons_shortcut.xml
    C:\Program Files\Macrogaming\SweetIM\conf\users\tony-ruant@hotmail.fr\user_config.xml
    C:\Program Files\Macrogaming\SweetIM\data\contentdb
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DD.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010853.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010868.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020057.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020066.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020069.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007E.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020095.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B1.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B8.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B9.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D7.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020112.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020119.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002011B.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030007.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030011.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030017.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040015.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040021.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040032.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003C.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040066.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050001.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050002.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060024.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006002D.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006002F.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060037.dat
    C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
    C:\Program Files\Macrogaming\SweetIM\resources\gdiplus.dll
    C:\Program Files\Macrogaming\SweetIM\resources\ImageOle.dll
    C:\Program Files\Macrogaming\SweetIM\update\lastversioninfo.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
    C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache
    C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
    C:\Program Files\Macrogaming\SweetIMBarForIE\Thumbs.db
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
    C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
    C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
    C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\eec75c2bc0eb13d9bc317ee99170020c.xml
    C:\Program Files\Macrogaming
    C:\WINDOWS\Installer\1537be8.msi
    C:\WINDOWS\Installer\1537bed.msi
    C:\WINDOWS\Prefetch\SWEETIM.EXE-2E64256A.pf

    (!) -- Fichiers temporaires supprimés.

    .
    ============== Scan additionnel ==============
    .

    * Mozilla FireFox Version 1.5 *

    Nom du profil: 4mknufzh.default (Julien)
    .
    (Prefs.js) user_pref("browser.search.defaultenginename", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Google");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
    (Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
    (Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
    (Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.0.3");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
    (Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
    .
    .

    * Internet Explorer Version 8.0.6001.18702 *

    [HKEY_CURRENT_USER\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Start Page: hxxp://fr.msn.com/?ocid=iehp

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search bar: hxxp://search.msn.com/spbasic.htm
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Start Page: hxxp://fr.msn.com/

    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

    Tabs: res://ieframe.dll/tabswelcome.htm

    ============== Suspect (Cracks, Serials ... ) ==============

    .
    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\WinRAR\Crack\WinRAR.v3.xx.Crack.exe
    C:\Documents and Settings\Julien\Application Data\BitTorrent\Nero Ultra Edition v9.2.6.0 Multilang - Serials - All Tools.torrent
    C:\Documents and Settings\Julien\Application Data\BitTorrent\Nero8-Ultra.Edition-v8.0.3.0-Multilanguage-Serial.by.madays.rar.torrent
    .
    ===================================
    .
    23160 Octet(s) - C:\Ad-Report-CLEAN.log
    .
    7 Fichier(s) - C:\DOCUME~1\Julien\LOCALS~1\Temp
    2 Fichier(s) - C:\WINDOWS\Temp
    .
    18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
    38 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
    .
    Fin à: 15:39:10 | 19/07/2009
    .
    ============== E.O.F ==============
    .
    0
  • 1
  • 2