Problème de virus

Résolu
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention   -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Mon ordi a été malheureusement infecté par un virus dont je n'arrive pas à me débarrasser, avast n'y fait rien, j'ai tenté BitDefender hier soir qui n'a pas réussi non plus mais a détecté "Trojan.Packed.57084" dans C:/Windows/system32/prls.dll
A cause de ce virus je ne peux plus accèder à "mes images", dès que je tente la fenêtre se ferme avec un message d'avertissement puis " L'application csrcs.exe ne peut être executée en mode Win32".
Je ne sais plus quoi faire pour me débarasser de ce virus, je ne peux même pas tenter de sauver mes photos en les mettant sur un clé usb ou en les gravant car ça me donne le même résultat.
Si vous avez une solution je prends!
Merci d'avance!
A voir également:

32 réponses

  • 1
  • 2
Réponse 1 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Et en mode sans échec?
Télécharge le fichier d’installation d’Hijackthis en cliquant sur ce lien

http://www.trendsecure.com/portal/en-US/tools/security_tools­/hijackthis/download

* Enregistre HJTInstall.exe sur ton bureau.

* Double-clique sur HJTInstall.exe pour lancer le programme

Tuto : https://www.malekal.com/tutoriel-hijackthis/
http://pagesperso-orange.fr/rginformatique/section%20virus/­Hijenr.gif
http://pagesperso-orange.fr/rginformatique/section%20virus/­demohijack.htm

* Accepte la license en cliquant sur le bouton "I Accept"
* Choisis l'option "Do a system scan and save a log file"
* Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
* Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport

* Colle le rapport que tu viens de copier sur ce forum

A+
0
Réponse 2 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Merci!
Voilà ce que ça me donne:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:39:06, on 15/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\PVSW\Bin\WGE_SRV.EXE
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
c:\PVSW\BIN\W3dbsmgr.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Avast4\ashDisp.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Avast4\ashMaiSv.exe
C:\Avast4\ashWebSv.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\marche de sfiancé\TorrentManager.dll (file missing)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [MSys32] "C:\jeux\Sectors of Death\Web\morfitwebentrance.exe"
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [seek balm] C:\DOCUME~1\Julien\APPLIC~1\ONLINE~1\Great comp.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Julien\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Julien\Application Data\Microsoft\Windows\xtiqxaw.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Julien\Application Data\nidle\nidle.exe" 61A847B5BBF72810369239466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Auto-K.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TrayMin220.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
0
Réponse 3 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Oula, il y a énormément de boulot/désinfections dans ce PC. Un peu de patience pour tout mettre nickel...quoi qu'il en soit, si tu ne prends de bonnes habitudes de surfs, tu devras prendre un abonnement sur CCM :-)

Télécharge https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
(Team IDN) sur ton Bureau.
[*]Lance l'installation du programme en exécutant le fichier téléchargé.
[*]Double-clique maintenant sur le raccourci de Toolbar-S&D.
[*]Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
[*]Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
[*]Poste le rapport généré. (C:\TB.txt)

A+
0
Réponse 4 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà le rapport:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile ML-32 )
BIOS : EPP runtime BIOS - Version 1.1
USER : Julien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090714-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:16 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 15/07/2009|21:02 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Julien\LOCALS~1\Temp\NER1ED.tmp\Toolbar.exe
C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO13356\Toolbar.exe
C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14399\Toolbar.exe
C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14409\Toolbar.exe
C:\DOCUME~1\Julien\LOCALS~1\Temp\NeroDemo12061\Toolbar.exe
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\Program Files\AskTBar\bar\1.bin
C:\Program Files\AskTBar\bar\Cache
C:\Program Files\AskTBar\bar\History
C:\Program Files\AskTBar\bar\Settings
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
C:\Program Files\AskTBar\bar\Cache\files.ini
C:\Program Files\AskTBar\bar\History\search2
C:\Program Files\AskTBar\PopSwatr\History
C:\Program Files\AskTBar\PopSwatr\History\allowed
C:\Program Files\AskTBar\PopSwatr\History\notallow
C:\Program Files\AskTBar\SrchAstt\1.bin
C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\bookworm16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diamond_drop_216x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\golden_hearts16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_craft16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjongg_ancient_mayas16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pyra_cubes16x16.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\zuma16x16.gif
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\SrchAstt
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\2.bin
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\SrchAstt\2.bin
C:\WINDOWS\System32\f3PSSavr.scr
C:\DOCUME~1\Julien\LOCALS~1\Temp\nsi1EEC.tmp
C:\DOCUME~1\Julien\LOCALS~1\Temp\nsl22.tmp
C:\DOCUME~1\Julien\LOCALS~1\Temp\nsq78E.tmp
C:\DOCUME~1\Julien\LOCALS~1\Temp\nsv1EF0.tmp

-----------\\ Extensions

(Julien) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://actus.sfr.fr"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner
C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner\Userdata
C:\WINDOWS\Pack.epk
C:\DOCUME~1\Julien\LOCALS~1\Temp\Pack.epk
C:\WINDOWS\System32\nvs2.inf

C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc.dat
C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_nav.dat
C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_navps.dat
C:\WINDOWS\System32\zqhlretl.dat
C:\WINDOWS\System32\zqhlretl_nav.dat
C:\WINDOWS\System32\zqhlretl_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\Julien\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\Julien\APPLIC~1\WinButler

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip
C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen
C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen\Ebp Gestion Commerciale 2007 11 0 0 118.exe
C:\DOCUME~1\Julien\Recent\[PC GAME PATCH] Civilization 4 Warlords Patch 2.08+Crack.lnk
C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack
C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack\WinRAR.v3.xx.Crack.exe



1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|21:05 - Option : [1]

-----------\\ Fin du rapport a 21:05:05,57
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
Réponse 6 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile ML-32 )
BIOS : EPP runtime BIOS - Version 1.1
USER : Julien ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090715-0] 4.8.1335 (Activated)
C:\ (Local Disk) - NTFS - Total:55 Go (Free:16 Go)
D:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/07/2009|22:31 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NER1ED.tmp\Toolbar.exe
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO13356\Toolbar.exe
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14399\Toolbar.exe
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NERO14409\Toolbar.exe
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\NeroDemo12061\Toolbar.exe
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\Program Files\FunWebProducts\ScreenSaver
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\about.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\action.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\arcade.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\around_the_world_in_80_days16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\bookworm16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\buy.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\cards.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\deals.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\diamond_drop_216x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\download.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\dream_day_first_home16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\feedback.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\golden_hearts16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\help.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\highlight.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jewel_craft16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\jigsaw.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\kids.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjong.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mahjongg_ancient_mayas16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\multiplayer.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\mygames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\newGames.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\oberonconfig.xm_
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\obSearchHistory.dat
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\partner.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\peril_at_end_house16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_off.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\popup_on.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\puzzle.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\pyra_cubes16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\search.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sendafriend.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\sports.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\trial.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\uninstall.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\update.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\webgame.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar\zuma16x16.gif
Supprime! - C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
Supprime! - C:\Program Files\MyWebSearch\bar
Supprime! - C:\Program Files\MyWebSearch\SrchAstt
Supprime! - C:\WINDOWS\System32\f3PSSavr.scr
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsi1EEC.tmp
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsl22.tmp
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsq78E.tmp
Supprime! - C:\DOCUME~1\Julien\LOCALS~1\Temp\nsv1EF0.tmp
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\Program Files\AskTBar
Supprime! - C:\Program Files\FunWebProducts
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\GamesBar
Supprime! - C:\Program Files\MyWebSearch

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Julien) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="https://actus.sfr.fr"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Start Page Redirect Cache"="https://www.msn.com/fr-fr?ocid=iehp"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"


--------------------\\ Recherche d'autres infections

C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner
C:\DOCUME~1\Julien\APPLIC~1\MessengerSkinner\Userdata
C:\WINDOWS\Pack.epk
C:\DOCUME~1\Julien\LOCALS~1\Temp\Pack.epk
C:\WINDOWS\System32\nvs2.inf

C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc.dat
C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_nav.dat
C:\DOCUME~1\Julien\LOCALS~1\APPLIC~1\lklhodc_navps.dat
C:\WINDOWS\System32\zqhlretl.dat
C:\WINDOWS\System32\zqhlretl_nav.dat
C:\WINDOWS\System32\zqhlretl_navps.dat
[b]==> EGDACCESS <==/b

--------------------\\ ROGUES ..

C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\Julien\APPLIC~1\WinAntiVirus Pro 2006
C:\DOCUME~1\Julien\APPLIC~1\WinButler

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip
C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen
C:\DOCUME~1\Julien\Local Settings\Temp\R‚pertoire temporaire 3 pour Ebp Gestion Commerciale 2007 v11.0.0.118 Fr Keygen.zip\Ebp Gestion Commerciale 2007 v11.0.0.118 Fr + Keygen\Ebp Gestion Commerciale 2007 11 0 0 118.exe
C:\DOCUME~1\Julien\Recent\[PC GAME PATCH] Civilization 4 Warlords Patch 2.08+Crack.lnk
C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack
C:\DOCUME~1\ALLUSE~1\Menu D‚marrer\Programmes\WinRAR\Crack\WinRAR.v3.xx.Crack.exe



1 - "C:\ToolBar SD\TB_1.txt" - 15/07/2009|21:05 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/07/2009|22:35 - Option : [2]

-----------\\ Fin du rapport a 22:35:21,17
0
Réponse 7 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Ok.

Fais un clic droit sur ce lien :
http://il.mafioso.pagesperso-orange.fr/Navifix/Navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
Réponse 8 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà le rapport:

Fix Navipromo version 4.0.1 commencé le 16/07/2009 11:41:25,93

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 14.07.2009 à 14h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile ML-32 )
BIOS : EPP runtime BIOS - Version 1.1
USER : Julien ( Administrator )
BOOT : Normal boot

Antivirus : avast! antivirus 4.8.1335 [VPS 090716-0] 4.8.1335 (Activated)


C:\ (Local Disk) - NTFS - Total:55 Go (Free:16 Go)
D:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Documents and Settings\Julien\applic~1\MessengerSkinner supprimé !
C:\Documents and Settings\Julien\locals~1\Temp\pack.epk supprimé !
C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
C:\WINDOWS\system32\zqhlretl.dat supprimé !
C:\WINDOWS\system32\zqhlretl_nav.dat supprimé !
C:\WINDOWS\system32\zqhlretl_navps.dat supprimé !
C:\Documents and Settings\Julien\locals~1\applic~1\lklhodc.dat supprimé !
C:\Documents and Settings\Julien\locals~1\applic~1\lklhodc_nav.dat supprimé !
C:\Documents and Settings\Julien\locals~1\applic~1\lklhodc_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Julien\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !




*** Scan terminé 16/07/2009 12:39:55,78 ***
0
Réponse 9 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

# Télchargez votre bureau RogueRemover de RubbeR DuckY : http://www.malwarebytes.org/RogueRemover.zip
# Créez le dossier C:\RogueRemover pour cela :

* Ouvrez le poste de travail
* Ouvrez le disque C
* Clicquez sur le menu Fichier puis Nouveau puis Nouveau Dossier
* Nommez-le RogueRemover
* Dcompressez RogueRemover.zip dans C:\RogueRemove
* Rendez-vousi dans le dossier C:\RogueRemoveet double-clic sur le fichier RogueRemover.exe.
* Clicquez sur le bouton Scan et laisse toi guider.
* Copie/colle le rapport.

A+
0
Réponse 10 / 32
[EniDurb_Rp] Messages postés 1403 Date d'inscription   Statut Membre Dernière intervention   489
 
avast encore une victime , hein régis XD joli ton boulot
esperons que kevin ne lise pas ça
0
Réponse 11 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Pourquoi "encore une victime"???
0
Réponse 12 / 32
[EniDurb_Rp] Messages postés 1403 Date d'inscription   Statut Membre Dernière intervention   489
 
Bonjour

va lire ici tu comprendras pourquoi je dis " encore une victime "
MAIS NE FAIS que ce que REGIS te dit de faire

Cdlt Enidurb
0
Réponse 13 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Ok merci pour la réponse!
0
Réponse 14 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Petit soucis avec cette aplication, voilà la réponse du scan:

Loading database...
Expanding environmentals variable...

Scanning Files...100%
Scanning Folders...100%
Scanning registry Keys...100%
Scanning registry values...100%

Congratulations! RogueRemover did not dtect any items!
0
Réponse 15 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
OK

Relance HijackThis et copie colle un nouveau rapport stp

A+
0
Réponse 16 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
Voilà!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:29:07, on 16/07/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Avast4\aswUpdSv.exe
C:\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
c:\PVSW\Bin\WGE_SRV.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\PSIService.exe
c:\PVSW\BIN\W3dbsmgr.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\svchost.exe
C:\Avast4\ashDisp.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Philips\SPC220NC\Monitor.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Avast4\ashMaiSv.exe
C:\Avast4\ashWebSv.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe csrcs.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: WebManager Class - {D5792AA9-D373-4039-8670-2CDAB6A71F15} - C:\marche de sfiancé\TorrentManager.dll (file missing)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [MSys32] "C:\jeux\Sectors of Death\Web\morfitwebentrance.exe"
O4 - HKLM\..\Run: [avast!] C:\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DLADiag] C:\WINDOWS\DLADiag.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\Philips\SPC220NC\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [seek balm] C:\DOCUME~1\Julien\APPLIC~1\ONLINE~1\Great comp.exe
O4 - HKCU\..\Run: [WinButler] C:\Documents and Settings\Julien\Application Data\WinButler\WinButler.exe
O4 - HKCU\..\Run: [SfKg6wIPu] C:\Documents and Settings\Julien\Application Data\Microsoft\Windows\xtiqxaw.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\Julien\Application Data\nidle\nidle.exe" 61A847B5BBF72810369239466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKLM\..\Policies\Explorer\Run: [csrcs] C:\WINDOWS\system32\csrcs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: Auto-K.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TrayMin220.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: PermissionResearch - C:\WINDOWS\system32\prls.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: EBP - Pervasive.SQL Workgroup (Pervasive.SQL Workgroup) - Unknown owner - c:\PVSW\Bin\WGE_SRV.EXE
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
0
Réponse 17 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Re,

Télécharge ComboFix (de sUBs):http://download.bleepingcomputer.com/sUBs/ComboFix.exe­

- Sauvegarde le sur ton Bureau.
- Double-clique sur Combofix.exe et suis les instructions.
- Lorsqu'il aura terminé, un rapport apparaîtra à l'écran (fichier texte).
- Poste le contenu du rapport dans ta prochaine réponse.

Le rapport est également sauvegardé ici : C:\ComboFix.txt

Ne pas cliquer dans la fenêtre de Combofix durant l'analyse ;ceci provoquerait le gel du programme !

A+
0
Réponse 18 / 32
tbd
 
Voici le rapport:

ComboFix 09-07-14.08 - Julien 18/07/2009 8:24.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.383.138 [GMT 2:00]
Running from: c:\documents and settings\Julien\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090717-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Julien\err.log
c:\recycler\S-1-5-21-2732339857-1078137814-3467438252-1003
c:\recycler\S-1-5-21-823518204-1958367476-725345543-1003
c:\windows\Installer\17708c.msi
c:\windows\Installer\2773d88.msi
c:\windows\Installer\5cd39c15.msp
c:\windows\Installer\5cd39c1e.msp
c:\windows\Installer\5cd39c32.msp
c:\windows\Installer\5cd39c47.msp
c:\windows\Installer\dbd4315.msp
c:\windows\system32\AutoRun.inf
c:\windows\system32\csrcs.exe
c:\windows\system32\ldpackage.dll
c:\windows\system32\mdm.exe
c:\windows\system32\model.dat
c:\windows\system32\prls.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.

2009-07-16 13:06 . 2009-07-16 13:06 -------- d-----w- C:\RogueRemover
2009-07-16 12:58 . 2009-07-16 13:08 -------- d-----w- c:\program files\RogueRemover FREE
2009-07-16 09:39 . 2009-07-16 10:40 -------- d-----w- c:\program files\Navilog1
2009-07-15 19:01 . 2009-07-15 20:35 -------- d-----w- C:\ToolBar SD
2009-07-15 11:38 . 2009-07-15 11:38 -------- d-----w- c:\program files\Trend Micro
2009-07-14 15:44 . 2009-07-14 17:14 -------- d-----w- c:\windows\BDOSCAN8
2009-07-14 14:05 . 2009-04-30 21:16 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-07-14 14:05 . 2009-04-30 21:16 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-14 13:33 . 2009-07-14 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2009-07-14 13:29 . 2009-07-14 14:32 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-07-14 13:26 . 2009-07-14 13:26 -------- d-----w- c:\program files\PhotoFiltre
2009-07-14 13:26 . 2009-07-14 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-14 13:24 . 2009-07-14 13:24 -------- d-----w- c:\program files\Fichiers communs\Sonic
2009-07-12 19:45 . 2009-07-14 13:23 -------- d-----w- c:\program files\eMule
2009-06-20 06:37 . 2009-07-14 13:24 -------- d-----w- c:\program files\Fichiers communs\SureThing Shared
2009-06-20 06:37 . 2009-06-20 06:37 -------- d-----w- c:\program files\Sonic
2009-06-20 06:22 . 2009-06-20 06:22 -------- d-----w- c:\program files\Broadcom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 07:05 . 2009-01-05 16:46 -------- d-----w- c:\program files\DNA
2009-07-18 07:05 . 2009-01-05 16:46 -------- d-----w- c:\documents and settings\Julien\Application Data\DNA
2009-07-14 13:33 . 2009-05-03 06:29 -------- d-----w- c:\program files\Modèles Météo - GFS
2009-07-14 13:26 . 2006-08-31 21:18 -------- d-----w- c:\program files\Yahoo!
2009-07-14 13:24 . 2006-07-02 14:37 -------- d-----w- c:\program files\Google
2009-07-14 13:24 . 2006-07-02 22:26 -------- d-----w- c:\program files\Java
2009-07-14 13:23 . 2006-07-02 22:26 -------- d-----w- c:\program files\Windows Media Connect
2009-07-14 13:23 . 2006-07-02 14:36 -------- d-----w- c:\program files\InterVideo
2009-06-20 06:48 . 2004-08-17 09:31 86920 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-20 06:48 . 2004-08-17 09:31 496584 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-20 06:29 . 2006-07-02 22:26 -------- d-----w- c:\program files\HPQ
2009-06-20 06:28 . 2006-07-02 22:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 06:21 . 2006-07-02 22:26 -------- d-----w- c:\program files\CONEXANT
2009-06-16 14:54 . 2004-08-05 08:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:54 . 2004-08-05 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2004-08-05 08:00 1296896 ----a-w- c:\windows\system32\quartz.dll
2009-06-02 08:52 . 2009-04-18 06:12 -------- d-----w- c:\program files\Zylom Games
2009-05-18 10:38 . 2006-07-02 16:55 89584 ----a-w- c:\documents and settings\Julien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 07:02 . 2004-08-17 09:30 82403 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-13 05:04 . 2004-08-05 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:43 . 2004-08-05 08:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-20 06:42 . 2008-12-19 09:17 86576 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-04-20 06:42 . 2008-12-19 09:17 132672 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-04-20 06:42 . 2008-12-19 09:17 392728 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2009-04-20 06:42 . 2009-04-20 06:42 135680 ----a-w- c:\documents and settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-04-19 20:09 . 2004-08-05 08:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-02-07 07:34 . 2009-02-07 07:33 211345010 ----a-w- c:\program files\GOA_KNC_client.exe
2008-12-02 18:08 . 2008-12-02 18:08 3231826 ----a-w- c:\program files\eMule0.49b-Installer1.exe
2007-09-02 07:36 . 2007-09-02 07:36 493 ----a-w- c:\program files\Raccourci vers Windows Live.lnk
2007-06-14 08:07 . 2007-06-14 08:07 533 ----a-w- c:\program files\Raccourci vers Messenger Plus! Live.lnk
2007-10-09 14:34 . 2007-10-09 14:34 8 --sh--r- c:\windows\system32\DD37CAC7AF.sys
2007-10-09 14:38 . 2007-10-09 14:34 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="c:\program files\Macrogaming\SweetIM\SweetIM.exe" [2006-06-06 40960]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-26 68856]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-05 342848]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-04 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-09 344064]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-04-08 73728]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-31 122940]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-20 729178]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-10-24 499712]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-06-29 233534]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-07-04 184320]
"avast!"="c:\avast4\ashDisp.exe" [2009-02-05 81000]
"CameraFixer"="c:\windows\CameraFixer.exe" [2005-10-03 20480]
"snpstd"="c:\windows\vsnpstd.exe" [2005-10-11 339968]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"DLADiag"="c:\windows\DLADiag.EXE" [2005-08-25 57403]
"Monitor"="c:\windows\Philips\SPC220NC\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 2213160]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

c:\documents and settings\Julien\Menu D‚marrer\Programmes\D‚marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Julien\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-4-20 135680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli AsWlnPkg

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\PVSW\\Bin\\w3dbsmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Julien\\Bureau\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2008 10:10 114768]
R1 DLADiagN;DLADiagN;c:\windows\system32\drivers\DLADiagN.SYS [27/10/2007 11:06 10908]
R1 DLAPMonN;DLAPMonN;c:\windows\system32\drivers\DLAPMonN.SYS [27/10/2007 11:06 22812]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [05/08/2004 10:00 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2008 10:10 20560]
R2 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup;c:\pvsw\Bin\WGE_SRV.EXE [07/12/2006 16:08 32768]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [18/04/2005 03:00 200576]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [23/12/2005 03:35 87936]
S3 SPC220NC;Philips SPC220NC Webcam;c:\windows\system32\drivers\SPC220NC.SYS [26/12/2007 17:17 507136]
S3 Unilocator;Unilocator;c:\windows\system32\LOCATRNT.EXE [30/09/1996 01:00 120832]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASChannel
.
Contents of the 'Scheduled Tasks' folder

2009-07-17 c:\windows\Tasks\User_Feed_Synchronization-{9E4A5A85-3E5E-41B1-A490-905304A071DB}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8CD8EA48-D284-477E-B6DF-85D1E39D855F} - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-seek balm - c:\docume~1\Julien\APPLIC~1\ONLINE~1\Great comp.exe
HKCU-Run-WinButler - c:\documents and settings\Julien\Application Data\WinButler\WinButler.exe
HKCU-Run-SfKg6wIPu - c:\documents and settings\Julien\Application Data\Microsoft\Windows\xtiqxaw.exe
HKCU-Run-nidle - c:\documents and settings\Julien\Application Data\nidle\nidle.exe
HKCU-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
HKLM-Run-MSys32 - c:\jeux\Sectors of Death\Web\morfitwebentrance.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
HKLM-Run-OM2_Monitor - c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
HKLM-Explorer_Run-csrcs - c:\windows\system32\csrcs.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\micros~1\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 09:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?7?7?8??P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1914338042-2647977849-611872985-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8d,6a,8a,ff,97,3b,30,84,5e,bb,a7,e7,fd,81,14,b4,da,5f,09,7f,75,af,75,
b2,f7,02,8e,29,c2,2c,0f,10,c3,3d,2c,d7,5a,f6,7b,2a,95,08,2a,ce,2c,37,1b,11,\
"??"=hex:03,19,76,33,70,8c,2e,19,d1,71,a8,71,bc,15,cf,05

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(856)
c:\windows\system32\Ati2evxx.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(912)
c:\program files\HPQ\IAM\bin\AsWlnPkg.dll

- - - - - - - > 'explorer.exe'(2568)
c:\program files\Macrogaming\SweetIM\mgAdaptersProxy.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\program files\HPQ\IAM\bin\1036\SFSShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\avast4\aswUpdSv.exe
c:\windows\system32\dllhost.exe
c:\avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\PSIService.exe
c:\pvsw\Bin\w3dbsmgr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\fxssvc.exe
c:\avast4\ashMaiSv.exe
c:\avast4\ashWebSv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\HPQ\IAM\Bin\asghost.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\HPQ\Shared\hpqwmi.exe
c:\program files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
c:\program files\Windows Desktop Search\WindowsSearch.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Java\jre1.6.0_05\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-07-18 9:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-18 07:23

Pre-Run: 28 869 206 016 octets libres
Post-Run: 29 384 818 688 octets libres

267 --- E O F --- 2009-07-16 08:11
0
Réponse 19 / 32
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Désinstalles/supprime ceci:
RogueRemover
RogueRemover FREE
Navilog1
ToolBar SD
Trend Micro

Puis,

[*]Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

< Déconnecte-toi et ferme toutes applications en cours (important) >

[*]Double-clique sur le programme d'installation ; laisse-le s' installer par défaut (C:\Program files).
[*]Double-clique sur l'icône AD-Remover située sur ton Bureau.
[*]Au menu principal, choisis l'option L.
[*]Poste le rapport qui apparaît à la fin.

(Le rapport est aussi conservé sous C:\Ad-report(date).log)

(Ctrl+A pour tout sélectionner, Ctrl+C pour copier et Ctrl+V pour coller)

Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus comme une infection ;
ne pas en tenir compte (il s'agit d'un faux positif) et continue la procédure.

A+
0
Réponse 20 / 32
tbd Messages postés 15 Date d'inscription   Statut Membre Dernière intervention  
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 15:00:59, 19/07/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 2 v5.1.2600
Nom du PC: YOUR-F14AC45099 | Utilisateur actuel: Julien
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité *Desactive*
Administrateur: Julien
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{06ADA938-0FB0-4BC0-B19B-0A38AB17F182}
HKCR\CLSID\{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A}
HKCR\CLSID\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCR\Interface\{0C1CF2DF-05A3-4FEF-8CD4-F5CFC4355A16}
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SWEETIE.SWEETIE
HKCR\SWEETIE.SWEETIE.1
HKCR\ToolBand.SWEETIE
HKCR\ToolBand.SWEETIE.1
HKCR\Typelib\{58906392-79C4-497C-ACC6-6942B59F1A08}
HKCR\Typelib\{710993A2-4F87-41D7-B6FE-F5A20368465F}
HKCU\Software\Casino Tropez
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46fa-B455-AAD49B9F9938}
HKCU\Software\SWEETIE
HKCU\Software\WinButler
HKLM\Software\Casino Tropez
HKLM\Software\Macrogaming
HKLM\Software\Microsoft\ESENT\Process\SweetIM
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
HKCR\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}
HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKCR\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}
HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}
HKCR\CLSID\{FE063DBB-4EC0-403e-8DD8-394C54984B2C}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\35F8F48CFBC340946AF151B8E2105C1B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\430B9074095998B438236F5FB1ED75CB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\80719E8EA720305459C0EE8389E9CAFB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A8B8696B937B0D04B8796ADECB6EC106
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B084A05F467835D4394CCF76723438C1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E6E39982D5828024DA11899256779137
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F1B496B301445D115AA4000972A8B18B
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\chrome.manifest
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\META-INF
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\defaults\preferences\ask.src
C:\DOCUME~1\Julien\APPLIC~1\Mozilla\Firefox\Profiles\4mknufzh.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
C:\DOCUME~1\Julien\APPLIC~1\WinButler\config.cfg
C:\DOCUME~1\Julien\APPLIC~1\WinButler
C:\Program Files\Macrogaming\SweetIM
C:\Program Files\Macrogaming\SweetIMBarForIE
C:\Program Files\Macrogaming\SweetIM\conf
C:\Program Files\Macrogaming\SweetIM\data
C:\Program Files\Macrogaming\SweetIM\default.xml
C:\Program Files\Macrogaming\SweetIM\logs
C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnProt.dll
C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\SweetIM\resources
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Macrogaming\SweetIM\update
C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\SweetIM\conf\users
C:\Program Files\Macrogaming\SweetIM\conf\users\anaistruant@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\anne__@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\bruant68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\christiantruant@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\deborah-et-julien@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\debs6801@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\jess.68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\miss68mums@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\mjd68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\moi68moi@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\nais68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\poupete68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\presci_68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\seria68@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\tony-ruant@hotmail.fr
C:\Program Files\Macrogaming\SweetIM\conf\users\anaistruant@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\anaistruant@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\anne__@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\anne__@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\bruant68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\bruant68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\christiantruant@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\christiantruant@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\deborah-et-julien@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\deborah-et-julien@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\debs6801@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\debs6801@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr\content_update_notification.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jadeinlove@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jess.68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\jess.68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_SoundFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_SpecialFX.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\lastuse_Winks.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\julientruant@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\miss68mums@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\miss68mums@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\content_update_notification.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\lastuse_Emoticons.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\missdebs68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\mjd68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\mjd68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\moi68moi@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\moi68moi@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\nais68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\nais68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr\content_update_notification.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\popossum@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\poupete68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\poupete68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\presci_68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\presci_68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\seria68@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\seria68@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\tony-ruant@hotmail.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\tony-ruant@hotmail.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100AC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100B9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100BA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100C6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100CC.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100D1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100DD.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100E8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000100FA.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010104.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001010F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010119.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010814.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001081D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001084A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010850.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010853.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010856.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010857.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010859.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0001085F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00010868.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020057.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002005C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020066.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020069.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002006E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020071.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020073.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020075.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020079.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002007E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002008A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020095.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020096.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002009D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B1.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200B9.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200D7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\000200ED.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020112.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00020119.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002011B.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0002013D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030007.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030011.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00030017.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040015.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040021.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040022.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040028.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040032.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004003C.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0004005A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040063.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00040066.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050001.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00050002.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060024.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006002D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\0006002F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\00060037.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\SweetIM\resources\gdiplus.dll
C:\Program Files\Macrogaming\SweetIM\resources\ImageOle.dll
C:\Program Files\Macrogaming\SweetIM\update\lastversioninfo.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache
C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Thumbs.db
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\eec75c2bc0eb13d9bc317ee99170020c.xml
C:\Program Files\Macrogaming
C:\WINDOWS\Installer\1537be8.msi
C:\WINDOWS\Installer\1537bed.msi
C:\WINDOWS\Prefetch\SWEETIM.EXE-2E64256A.pf

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 1.5 *

Nom du profil: 4mknufzh.default (Julien)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.0.3");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
.
.

* Internet Explorer Version 8.0.6001.18702 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Start Page: hxxp://fr.msn.com/?ocid=iehp

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: res://ieframe.dll/tabswelcome.htm

============== Suspect (Cracks, Serials ... ) ==============

.
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\WinRAR\Crack\WinRAR.v3.xx.Crack.exe
C:\Documents and Settings\Julien\Application Data\BitTorrent\Nero Ultra Edition v9.2.6.0 Multilang - Serials - All Tools.torrent
C:\Documents and Settings\Julien\Application Data\BitTorrent\Nero8-Ultra.Edition-v8.0.3.0-Multilanguage-Serial.by.madays.rar.torrent
.
===================================
.
23160 Octet(s) - C:\Ad-Report-CLEAN.log
.
7 Fichier(s) - C:\DOCUME~1\Julien\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
18 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
38 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 15:39:10 | 19/07/2009
.
============== E.O.F ==============
.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses