Virus inconnu

Question

Bonjour,
J'ai un problème depuis ce matin. Lorsque J'essai d'aller sur des sites, je suis toujours rediriger vers d'autres sites.  J'ai la version gratuite d'AVG et elle n'a rien bloquer et rien détecter jusqu'à maintenant. J'ai aussi avira mais bon c'est pareil.

Je mis connais pas trop donc voici ce que  hijack me donne, j'espère que vous allez pouvoir m'aider! :

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\winamp toolbar\WinampTbServer.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\program files\antivir personaledition classic\avcenter.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\Francois\LOCALS~1\Temp\b.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: DepositFiles.com BHO - {9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Deposit IE Toolbar - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DF Manager] C:\DepositFiles\Depositfiles Filemanager\dfmanager.exe -minimize
O4 - HKCU\..\Run: [Monopod] C:\DOCUME~1\Francois\LOCALS~1\Temp\b.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Metacafe.lnk = C:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Download all with DF Manager - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: winrkp32 - winrkp32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

Merci à l'avance pour votre aide.

gen-hackman · Answer

salut :

&#9654 Télécharge et install UsbFix par Chiquitine29

 (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

&#9654 Double clic sur le raccourci UsbFix présent sur ton bureau .

&#9654 Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

&#9654 Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée] 

&#9654 Laisse travailler l'outil.

&#9654 Ensuite post le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller ) 

 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
          Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
          Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Fran · Answer

Désolé si j'ai mis du temps voici le rapport :

Start at: 21:57:34 | 2009-08-08
Website : http://pagesperso-orange.fr/NosTools/index.html

AMD Athlon(tm) 64 Processor 3700+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall Status : Disabled
AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
AV : Avira AntiVir PersonalEdition Classic  7.0.3.159
 [ Enabled | Updated ]
AV : AVG Anti-Virus Free 8.5 [ Enabled | Updated ]
AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ Enabled | Updated ]
AV : Avira AntiVir PersonalEdition 8.0.1.30 [ (!) Disabled | (!) Outdated ]
AV : Avira AntiVir PersonalEdition Classic 0.0.0.0 [ (!) Disabled | Updated ]
AV : Avira AntiVir PersonalEdition Classic  7.0.2.82
 [ Enabled | Updated ]

A:\ -> Disque amovible
C:\ -> Disque fixe local # 39,06 Go (3,25 Go free) [Systeme] # NTFS
D:\ -> Disque fixe local # 109,99 Go (1,09 Go free) [Donnees] # NTFS
E:\ -> Disque CD-ROM # 654,81 Mo (0 Mo free) [MORROWIND] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\Francois\LOCALS~1\Temp\b.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Présent ! E:\Setup.exe  
Présent ! E:\autorun.inf  

################## | Other | https://www.virustotal.com/gui/ |

Suspect ! D:\q2lite\Q2Lite.exe  

################## | Registre # Clés Run infectieuses |


################## | Registre # Mountpoints2 |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.014 ! |

gen-hackman · Answer

relance usbfix , option vaccination puis option desinstallation 

ensuite :


&#9654 Télécharge Ad-remover ( de C_XX ) sur ton bureau : 


&#9654 Déconnecte toi et ferme toutes applications en cours ! 

&#9654 Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut . 

&#9654 Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
 
&#9654 Au menu principal choisis l'option "L" et tape sur [entrée] .

&#9654 Laisse travailler l'outil et ne touche à rien ... 

&#9654 Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log ) 
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller ) 

&#9654 Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. 
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. 
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Fran · Answer

Désolé, j'ai encore mis beaucoup de temps voila le raport de ad-remover

Lancé à:  9:30:57, 2009-08-09 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 2 v5.1.2600
Nom du PC: DDE65AF568C24DC | Utilisateur actuel: zzz
.
Administrateur: Administrateur 
N'est pas administrateur: ASPNET 
Administrateur: zzz 
N'est pas administrateur: HelpAssistant *Desactive* 
N'est pas administrateur: Invité *Desactive* 
N'est pas administrateur: SUPPORT_388945a0 *Desactive* 
. 
============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== 
.
.
.

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.0.13 *

 Nom du profil: k554qdgo.default (zzz)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Yahoo! Search"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "Yahoo! Search"); 
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="); 
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.13"); 
.
. 

* Internet Explorer Version 6.0.2900.2180 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

   Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
2333 Octet(s) - C:\Ad-Report-CLEAN.log 
.
112 Fichier(s) - C:\DOCUME~1\zzz\LOCALS~1\Temp 
2 Fichier(s) - C:\WINDOWS\Temp 
.
22 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
0 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 11:38:10 | 2009-08-09
.

gen-hackman · Answer

relance usbfix , option vaccination , puis option desinstallation

ensuite :

Télécharge OTL de OLDTimer

&#9654 enregistre le sur ton Bureau.

&#9654 Double clic sur OTL.exe pour le lancer.

&#9654 Coche les 2 cases Lop et Purity

&#9654 Coche la case devant scan all users

&#9654 règle-le sur "60 Days"

&#9654Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

&#9654&#9654&#9654 NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

&#9654 Clique sur Parcourir et cherche le fichier ci-dessus.

&#9654 Clique sur Ouvrir.

&#9654 Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

&#9654 Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".

Fran · Answer

Les voila

http://www.cijoint.fr/cjlink.php?file=cj200908/cijgq0oAuE.txt
http://www.cijoint.fr/cjlink.php?file=cj200908/cij5HFj0nW.txt

gen-hackman · Answer

&#9654 Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau. 

&#9654-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
 
&#9654-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe 

&#9654- Coche la case devant :sites de confiance

&#9654- Ne coche aucune autre case 

&#9654-Clique sur Restaurer 

&#9654-Redémarre ton PC

ensuite :

&#9654 Double clic sur OTL.exe pour le lancer.


&#9654Copie la liste qui se trouve en gras ci-dessous,

&#9654 colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe
msb.exe
b.exe

:OTL
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - No CLSID value found.
O3 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\..\Toolbar\WebBrowser: (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKU\S-1-5-21-746137067-1606980848-725345543-1003..\Run: [Monopod] C:\Documents and Settings\Francois\Local Settings\Temp\b.exe ()
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\winrkp32: DllName - winrkp32.dll -  File not found


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"iTunesHelper"=-
"nwiz"=-
"QuickTime Task"=-
"RemoteControl"=-
"SoundMan"=-
"TkBellExe"=-

[HKEYUSERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=-
"*{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-

:files
C:\WINDOWS\msb.exe
C:\Documents and Settings\Francois\Local Settings\Temp\b.exe
C:\Documents and Settings\Francois\Bureau\UsbFix.exe
C:\a98686197059c1706a28
C:\d7bf4ffcefa39e590cd993fcb33840d7
C:\WINDOWS\msa.exe
C:\WINDOWS	asks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
C:\WINDOWS	asks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
C:\WINDOWS\System32\msxml71.dll
C:\*sqm
C:\Documents and Settings\All Users\Application Data\shctxex.vb
C:\Program Files\system

:commands
[purity]
[emptytemp]
[reboot]


&#9654 Clique sur RunFix pour lancer la suppression.


&#9654 Poste le rapport.

Fran · Answer

Le voila

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
Process firefox.exe killed successfully!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
No active process named msb.exe was found!
No active process named b.exe was found!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll unregistered successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4E7BD74F-2B8D-469E-92EA-EC65A294AE31} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-92EA-EC65A294AE31}\ not found.
Registry value HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\Monopod deleted successfully.
C:\Documents and Settings\Francois\Local Settings\Temp\b.exe moved successfully.
Starting removal of ActiveX control {41564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmvadvd.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{41564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrkp32\ deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\nwiz deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SoundMan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe deleted successfully.
Registry key HKEYUSERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEYUSERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
========== FILES ==========
C:\WINDOWS\msb.exe moved successfully.
File\Folder C:\Documents and Settings\Francois\Local Settings\Temp\b.exe not found.
C:\Documents and Settings\Francois\Bureau\UsbFix.exe moved successfully.
C:\a98686197059c1706a28 moved successfully.
C:\d7bf4ffcefa39e590cd993fcb33840d7	ools moved successfully.
Folder move failed. C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx35\x86 scheduled to be moved on reboot.
Folder move failed. C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx35 scheduled to be moved on reboot.
Folder move failed. C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx30\x86 scheduled to be moved on reboot.
Folder move failed. C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx30 scheduled to be moved on reboot.
C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx20 moved successfully.
C:\d7bf4ffcefa39e590cd993fcb33840d7 moved successfully.
C:\WINDOWS\msa.exe moved successfully.
C:\WINDOWS	asks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job moved successfully.
C:\WINDOWS	asks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job moved successfully.
C:\WINDOWS\System32\msxml71.dll unregistered successfully.
C:\WINDOWS\System32\msxml71.dll moved successfully.
C:\sqmdata00.sqm moved successfully.
C:\sqmdata01.sqm moved successfully.
C:\sqmdata02.sqm moved successfully.
C:\sqmdata03.sqm moved successfully.
C:\sqmdata04.sqm moved successfully.
C:\sqmdata05.sqm moved successfully.
C:\sqmdata06.sqm moved successfully.
C:\sqmdata07.sqm moved successfully.
C:\sqmdata08.sqm moved successfully.
C:\sqmdata09.sqm moved successfully.
C:\sqmdata10.sqm moved successfully.
C:\sqmdata11.sqm moved successfully.
C:\sqmdata12.sqm moved successfully.
C:\sqmdata13.sqm moved successfully.
C:\sqmdata14.sqm moved successfully.
C:\sqmdata15.sqm moved successfully.
C:\sqmdata16.sqm moved successfully.
C:\sqmdata17.sqm moved successfully.
C:\sqmdata18.sqm moved successfully.
C:\sqmdata19.sqm moved successfully.
C:\sqmnoopt00.sqm moved successfully.
C:\sqmnoopt01.sqm moved successfully.
C:\sqmnoopt02.sqm moved successfully.
C:\sqmnoopt03.sqm moved successfully.
C:\sqmnoopt04.sqm moved successfully.
C:\sqmnoopt05.sqm moved successfully.
C:\sqmnoopt06.sqm moved successfully.
C:\sqmnoopt07.sqm moved successfully.
C:\sqmnoopt08.sqm moved successfully.
C:\sqmnoopt09.sqm moved successfully.
C:\sqmnoopt10.sqm moved successfully.
C:\sqmnoopt11.sqm moved successfully.
C:\sqmnoopt12.sqm moved successfully.
C:\sqmnoopt13.sqm moved successfully.
C:\sqmnoopt14.sqm moved successfully.
C:\sqmnoopt15.sqm moved successfully.
C:\sqmnoopt16.sqm moved successfully.
C:\sqmnoopt17.sqm moved successfully.
C:\sqmnoopt18.sqm moved successfully.
C:\sqmnoopt19.sqm moved successfully.
C:\Documents and Settings\All Users\Application Data\shctxex.vb moved successfully.
File\Folder C:\Program Files\system not found.
========== COMMANDS ==========
C:\Program Files\&#1109;ystem\YSTEM~1 moved successfully.
C:\Program Files\&#1109;ystem moved successfully.
 
[EMPTYTEMP]
 
User: Administrateur
->Temp folder emptied: 11093 bytes
->Temporary Internet Files folder emptied: 231831 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Francois
->Temp folder emptied: 111220537 bytes
->Temporary Internet Files folder emptied: 2904669 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 188104066 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
->FireFox cache emptied: 6707400 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4726849 bytes
 
User: TEMP
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114937 bytes
%systemroot%\System32 .tmp files removed: 6852608 bytes
Windows Temp folder emptied: 2691780 bytes
RecycleBin emptied: 865263 bytes
 
Total Files Cleaned = 311,37 mb
 
 
OTL by OldTimer - Version 3.0.10.5 log created on 08092009_135615

Files\Folders moved on Reboot...
File\Folder C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx35\x86 not found!
File\Folder C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx35 not found!
File\Folder C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx30\x86 not found!
File\Folder C:\d7bf4ffcefa39e590cd993fcb33840d7\dotnetfx30 not found!

Registry entries deleted on Reboot...

gen-hackman · Answer

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



&#9654 Télécharge :

Malwarebytes  

ou  :

Malwarebytes

&#9654 Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

&#9654 Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

&#9654 Lance Malwarebyte's .

Fais un examen dit "Complet" .

&#9654 Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
&#9654 à la fin tu cliques sur "résultat" .
&#9654 Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

&#9654 Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


&#9654 Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Fran · Answer

Je n'arrive pas a l'installer,je clique sur mbam-setup.exe mais rien ne se passe.

gen-hackman · Answer

▶ Télécharge Dr Web CureIt sur ton Bureau : ▶ redemarre en mode sans échec ▶- Double clique (clic droit "en tant qu'admin" sous Vista) et ensuite clique sur ; ▶- Clique à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton . Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X". ▶- Lorsque le scan rapide est terminé, clique sur le menu puis ; Choisis l'onglet , et décoche . Clique ensuite sur . ▶- De retour à la fenêtre principale : clique pour activer ▶- Clique le bouton avec flèche verte sur la droite, et le scan débutera. ▶- Clique pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter". ▶- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autre). Si oui, alors clique dessus et ensuite clique sur l'icône , au dessous, et choisis . ▶- Du menu principal de l'outil, au haut à gauche, clique sur le menu et choisis . Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv ▶- Ferme Dr.Web Cureit ▶- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage). ▶- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.

Fran · Answer

Voila

Process.com	C:\Program Files\Ad-remover	Tool.Prockill	Quarantaine.
AD-R.exe\data026	C:\Program Files\Ad-remover\BACKUP\AD-R.exe	Tool.Prockill	
AD-R.exe	C:\Program Files\Ad-remover\BACKUP	Conteneur comporte des objets infectés	Quarantaine.
UACndtvmoethh.dll	C:\WINDOWS\system32	BackDoor.Tdss.49	Supprimé.
UsbFix.exe\data025	C:\_OTL\MovedFiles\08092009_135615\Documents and Settings\Francois\Bureau\UsbFix.exe	Tool.Prockill	
UsbFix.exe	C:\_OTL\MovedFiles\08092009_135615\Documents and Settings\Francois\Bureau	Conteneur comporte des objets infectés	Quarantaine.
b.exe	C:\_OTL\MovedFiles\08092009_135615\Documents and Settings\Francois\Local Settings\Temp	Trojan.HohoSpy.2	Supprimé.

gen-hackman · Answer

Desactive la protection residente de ton antivirus et ton parefeu si present , le temps du scan

Telecharge  List'em et enregistre-le sur ton bureau et pas ailleurs

double-clic (Pour vista clic droit "executer en tant qu'administrateur")sur l'icone présent sur le bureau pour le lancer

laisse travailler l'outil, le scan devrait durer moins de 10 mn

une fois le scan Terminé le rapport s'affiche

colle son contenu si des fichiers sont detectés dans ta prochaine reponse ici.

Fran · Answer

List'em by g3n-h@ckm@n 1.0.1.1 


Microsoft Windows XP [version 5.1.2600]

Infections possibles : 

C:\WINDOWS\System32\ACTSKN43.OCX - Présent ! 
C:\WINDOWS\System32\avgrsstx.dll - Présent !

gen-hackman · Answer

desisntalle AVG puis fais ceci : /!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\ ▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" _________________________________________________________________ >Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.< >>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<< ===================================================== ▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil: https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix Avant d'utiliser ComboFix : ______________________________________________________________________ >> referme les fenêtres de tous les programmes en cours. >> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, >>la protection en temps réel de ton Antivirus et de tes Antispywares, >>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. °°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°° ▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!! ▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. >> Reviens sur le forum, et ▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Fran · Answer

Quand je déinstalle AVG ca me demande si je veux aussi suprimer ce qu'il y a dans le virus vault, je coche oui?

gen-hackman · Answer

oui

Fran · Answer

J'ai désactiver avira antivirus, mais lorsque j'arruve pour exécuter combofix il m'averti que avira est toujours actif

gen-hackman · Answer

lance-le en mode sans echec et ignore les messages d'erreur

Fran · Answer

Pendant le scan en mode sans échec j'ai eu des messages d'erreurs l'un étant un RegisteredPackage endommagé ou illisible et l'autre étant PEV.exe endommagé ou illisible je sais pas si c'est normal.

Au redémarrage en mode normal j'ai aussi eu un message d'erreur pour system32/cf3291 endommagé je crois.

En tout cas, voici le rapport

Microsoft Windows XP Professionnel  5.1.2600.2.1252.2.1036.18.2047.1799 [GMT -4:00]
Running from: c:\documents and settings\Francois\Bureau\fran.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) {804FD0EC-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00DA-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00EB-0D24-347CA8A3377C}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804FD2B8-FFA4-00FC-0D24-347CA8A3377C}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\148fef6.msp
c:\windows\Installer\148fefb.msp
c:\windows\Installer\3b306.msp
c:\windows\Installer\3b307.msp
c:\windows\Installer\3b308.msp
c:\windows\Installer\3b309.msp
c:\windows\Installer\3b30a.msp
c:\windows\Installer\3b30b.msp
c:\windows\Installer\3b30c.msp
c:\windows\Installer\3b30d.msp
c:\windows\Installer\3b30e.msp
c:\windows\Installer\3b30f.msp
c:\windows\Installer\682a90.msi
c:\windows\Installer\682a91.msp
c:\windows\Installer\682a92.msp
c:\windows\Installer\682a93.msp
c:\windows\Installer\682a94.msp
c:\windows\Installer\682a95.msp
c:\windows\Installer\682a96.msp
c:\windows\Installer\682a97.msp
c:\windows\Installer\682a98.msp
c:\windows\Installer\682a99.msp
c:\windows\Installer\682a9a.msp
c:\windows\system32\drivers\SKYNETologiqix.sys
c:\windows\system32\drivers\UACjgjrvtlrru.sys
c:\windows\system32\SKYNETcfaqpmuy.dat
c:\windows\system32\SKYNETjyijkypg.dll
c:\windows\system32\SKYNETnqelypjb.dll
c:\windows\system32\SKYNETqoojfgtp.dat
c:\windows\system32\UAChakgqqiitm.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjubaybishm.dat
c:\windows\system32\UAClxjguxivkf.dll
c:\windows\system32\UACmljmrwnojb.db
c:\windows\system32\UACndtvmoethh.dll
c:\windows\system32\UACoocukpooca.dll
c:\windows\system32\UACtaiqmnjbfk.dll
c:\windows\system32\wnstssv.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETwykmovnt
-------\Legacy_SKYNETwykmovnt
-------\Service_UACd.sys
-------\Legacy_UACd.sys


(((((((((((((((((((((((((   Files Created from 2009-07-13 to 2009-08-13  )))))))))))))))))))))))))))))))
.

2009-08-13 03:14 . 2009-08-13 03:14	--------	d-----w-	c:\windows\ServicePackFiles
2009-08-10 23:30 . 2009-08-10 23:30	--------	d-----w-	c:\documents and settings\Francois\DoctorWeb
2009-08-09 17:56 . 2009-08-09 17:56	--------	d-----w-	C:\_OTL
2009-08-09 13:30 . 2009-08-09 15:38	--------	d-----w-	c:\program files\Ad-remover
2009-08-09 01:57 . 2009-08-09 15:53	--------	d-----w-	C:\UsbFix
2009-08-07 18:57 . 2008-07-06 12:06	89088	-c----w-	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-07 18:57 . 2008-07-06 12:06	575488	-c----w-	c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-07 18:57 . 2008-07-06 12:06	575488	------w-	c:\windows\system32\xpsshhdr.dll
2009-08-07 18:57 . 2008-07-06 12:06	117760	------w-	c:\windows\system32\prntvpt.dll
2009-08-07 18:57 . 2008-07-06 10:50	597504	-c----w-	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-07 18:57 . 2009-08-07 18:57	--------	d-----w-	C:\491e5d1fad1701acc801
2009-08-07 18:57 . 2008-07-06 12:06	1676288	-c----w-	c:\windows\system32\dllcache\xpssvcs.dll
2009-08-07 18:57 . 2008-07-06 12:06	1676288	------w-	c:\windows\system32\xpssvcs.dll
2009-08-07 18:56 . 2009-08-07 18:58	--------	d-----w-	c:\windows\SxsCaPendDel
2009-08-07 18:54 . 2009-08-07 18:54	--------	d-----w-	c:\program files\MSXML 6.0
2009-08-07 18:28 . 2009-08-07 18:28	--------	d-----w-	c:\program files\Trend Micro

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 21:02 . 2007-01-03 07:30	--------	d-----w-	c:\documents and settings\Francois\Application Data\Xfire
2009-08-13 19:29 . 2008-01-08 05:27	--------	d-----w-	c:\documents and settings\Francois\Application Data\Hamachi
2009-08-12 01:38 . 2009-06-29 12:51	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-08-07 18:56 . 2001-09-28 17:00	77042	----a-w-	c:\windows\system32\perfc00C.dat
2009-08-07 18:56 . 2001-09-28 17:00	474660	----a-w-	c:\windows\system32\perfh00C.dat
2009-08-07 17:39 . 2008-12-21 19:35	--------	d-----w-	c:\program files\AVS4YOU
2009-08-05 09:06 . 2004-08-04 04:54	205312	----a-w-	c:\windows\system32\mswebdvd.dll
2009-08-02 03:24 . 2006-05-26 19:42	--------	d-----w-	c:\docume~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2009-07-31 13:38 . 2009-04-15 02:24	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-07-17 18:56 . 2004-08-04 04:54	58880	----a-w-	c:\windows\system32\atl.dll
2009-07-13 06:18 . 2004-08-04 04:54	233472	----a-w-	c:\windows\system32\wmpdxm.dll
2009-07-05 00:20 . 2009-07-04 07:28	--------	d-----w-	c:\program files\Wakfu
2009-07-04 19:54 . 2006-05-26 21:16	--------	d-----w-	c:\program files\Bethesda Softworks
2009-07-04 07:17 . 2008-08-28 02:19	--------	d-----w-	c:\program files\Windows Live Safety Center
2009-06-28 20:35 . 2009-06-28 20:33	--------	d-----w-	c:\program files\Oblivion Face Exchange Lite
2009-06-26 16:18 . 2004-08-04 04:54	663552	----a-w-	c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-04 04:54	81920	----a-w-	c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2004-08-04 04:54	95744	----a-w-	c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-04 04:54	661504	----a-w-	c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-04 04:54	527360	----a-w-	c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-04 04:54	517120	----a-w-	c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-04 04:54	48640	----a-w-	c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-04 04:54	186880	----a-w-	c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-04 04:54	177152	----a-w-	c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-04 04:54	123392	----a-w-	c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2004-08-04 04:54	47104	----a-w-	c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-04 04:54	225280	----a-w-	c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-04 04:54	16896	----a-w-	c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-04 04:54	138240	----a-w-	c:\windows\system32\mqad.dll
2009-06-23 13:15 . 2009-06-07 06:15	--------	d-----w-	c:\program files\Dofus
2009-06-22 11:49 . 2004-08-04 04:54	19968	----a-w-	c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-04 04:54	117248	----a-w-	c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-04 04:54	4608	----a-w-	c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-04 02:58	91776	----a-w-	c:\windows\system32\drivers\mqac.sys
2009-06-16 14:54 . 2004-08-04 04:54	119808	----a-w-	c:\windows\system32	2embed.dll
2009-06-16 14:54 . 2001-09-28 17:00	82432	----a-w-	c:\windows\system32\fontsub.dll
2009-06-15 11:33 . 2004-08-04 04:55	78848	----a-w-	c:\windows\system32	elnet.exe
2009-06-15 11:32 . 2004-08-04 04:55	82944	----a-w-	c:\windows\system32	lntsess.exe
2009-06-10 14:23 . 2004-08-04 04:54	85504	----a-w-	c:\windows\system32\avifil32.dll
2009-06-10 06:30 . 2004-08-04 04:54	132096	----a-w-	c:\windows\system32\wkssvc.dll
2009-06-05 07:46 . 2006-05-24 20:42	655872	----a-w-	c:\windows\system32\mstscax.dll
2009-06-03 19:27 . 2004-08-04 04:54	1296896	----a-w-	c:\windows\system32\quartz.dll
2009-05-28 08:15 . 2007-04-23 01:30	75096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-05-25 21:08 . 2007-08-25 18:19	138168	-c--a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-05-25 21:08 . 2007-08-25 18:19	189472	----a-w-	c:\windows\system32\PnkBstrB.exe
2008-12-27 06:30 . 2008-12-27 06:30	461	----a-w-	c:\program files\Raccourci vers Xfire.lnk
2006-07-13 18:30 . 2006-07-13 18:30	239	-c--a-w-	c:\program files\Morrowind.ini
2006-07-13 18:30 . 2006-07-13 18:30	96	-c--a-w-	c:\program files\Warnings.txt
2006-07-13 18:30 . 2006-07-13 18:30	133	-c--a-w-	c:\program files\ProgramFlow.txt
2004-10-01 19:00 . 2006-05-25 18:13	40960	----a-w-	c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DF Manager"="c:\depositfiles\Depositfiles Filemanager\dfmanager.exe" [2009-05-28 1808896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-07 7557120]
"SW20"="c:\windows\system32\sw20.exe" [2006-02-22 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-02-22 69632]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-03-07 86016]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2006-07-19 180269]

c:\documents and settings\Francois\Menu D‚marrer\Programmes\D‚marrage\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2008-1-8 625952]
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-4-29 3145552]

c:\docume~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
D‚marrage rapide du logiciel HP Image Zone.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
Metacafe.lnk - c:\program files\Metacafe\MetacafeAgent.exe [2008-5-28 145736]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-3-31 122880]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\GameSpy Arcade\Aphex.exe"=
"c:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"=
"c:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe"=
"c:\WINDOWS\system32\dplaysvr.exe"=
"c:\Program Files\uTorrent\utorrent.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\Xfire\xfire.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\MSN Messenger\msnmsgr.exe"=
"c:\Program Files\MSN Messenger\livecall.exe"=
"c:\Program Files\iTunes\iTunes.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\EA GAMES\Battlefield 2\BF2.exe"=
"c:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"=
"c:\WINDOWS\system32\PnkBstrA.exe"=
"c:\WINDOWS\system32\PnkBstrB.exe"=
"c:\Program Files\Teamspeak2_RC2\server_windows.exe"=
"c:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface
"1068:TCP"= 1068:TCP:*:Disabled:Akamai NetSession Interface
"3435:TCP"= 3435:TCP:*:Disabled:Akamai NetSession Interface
"1079:TCP"= 1079:TCP:*:Disabled:Akamai NetSession Interface
"3199:TCP"= 3199:TCP:*:Disabled:Akamai NetSession Interface
"1985:TCP"= 1985:TCP:*:Disabled:Akamai NetSession Interface
"2252:TCP"= 2252:TCP:*:Disabled:Akamai NetSession Interface
"2488:TCP"= 2488:TCP:*:Disabled:Akamai NetSession Interface
"3737:TCP"= 3737:TCP:*:Disabled:Akamai NetSession Interface
"3842:TCP"= 3842:TCP:*:Disabled:Akamai NetSession Interface
"3958:TCP"= 3958:TCP:*:Disabled:Akamai NetSession Interface
"4050:TCP"= 4050:TCP:*:Disabled:Akamai NetSession Interface
"4207:TCP"= 4207:TCP:*:Disabled:Akamai NetSession Interface
"4348:TCP"= 4348:TCP:*:Disabled:Akamai NetSession Interface
"1600:TCP"= 1600:TCP:*:Disabled:Akamai NetSession Interface
"3095:TCP"= 3095:TCP:*:Disabled:Akamai NetSession Interface
"3275:TCP"= 3275:TCP:*:Disabled:Akamai NetSession Interface
"2179:TCP"= 2179:TCP:*:Disabled:Akamai NetSession Interface
"3183:TCP"= 3183:TCP:*:Disabled:Akamai NetSession Interface
"3243:TCP"= 3243:TCP:*:Disabled:Akamai NetSession Interface
"2750:TCP"= 2750:TCP:*:Disabled:Akamai NetSession Interface
"2902:TCP"= 2902:TCP:*:Disabled:Akamai NetSession Interface
"2971:TCP"= 2971:TCP:*:Disabled:Akamai NetSession Interface
"3612:TCP"= 3612:TCP:*:Disabled:Akamai NetSession Interface
"4824:TCP"= 4824:TCP:*:Disabled:Akamai NetSession Interface
"2388:TCP"= 2388:TCP:*:Disabled:Akamai NetSession Interface
"2358:TCP"= 2358:TCP:*:Disabled:Akamai NetSession Interface
"1229:TCP"= 1229:TCP:*:Disabled:Akamai NetSession Interface
"1388:TCP"= 1388:TCP:*:Disabled:Akamai NetSession Interface
"1665:TCP"= 1665:TCP:*:Disabled:Akamai NetSession Interface
"3883:TCP"= 3883:TCP:*:Disabled:Akamai NetSession Interface
"3904:TCP"= 3904:TCP:*:Disabled:Akamai NetSession Interface
"1246:TCP"= 1246:TCP:*:Disabled:Akamai NetSession Interface
"1277:TCP"= 1277:TCP:*:Disabled:Akamai NetSession Interface
"2546:TCP"= 2546:TCP:*:Disabled:Akamai NetSession Interface
"2621:TCP"= 2621:TCP:*:Disabled:Akamai NetSession Interface
"4079:TCP"= 4079:TCP:*:Disabled:Akamai NetSession Interface
"1154:TCP"= 1154:TCP:*:Disabled:Akamai NetSession Interface
"1119:TCP"= 1119:TCP:*:Disabled:Akamai NetSession Interface
"1231:TCP"= 1231:TCP:*:Disabled:Akamai NetSession Interface
"2010:TCP"= 2010:TCP:*:Disabled:Akamai NetSession Interface
"1840:TCP"= 1840:TCP:*:Disabled:Akamai NetSession Interface
"4322:TCP"= 4322:TCP:*:Disabled:Akamai NetSession Interface
"4847:TCP"= 4847:TCP:*:Disabled:Akamai NetSession Interface
"1189:TCP"= 1189:TCP:*:Disabled:Akamai NetSession Interface
"1727:TCP"= 1727:TCP:*:Disabled:Akamai NetSession Interface
"1070:TCP"= 1070:TCP:*:Disabled:Akamai NetSession Interface
"1623:TCP"= 1623:TCP:*:Disabled:Akamai NetSession Interface
"1200:TCP"= 1200:TCP:*:Disabled:Akamai NetSession Interface
"1306:TCP"= 1306:TCP:*:Disabled:Akamai NetSession Interface
"1570:TCP"= 1570:TCP:*:Disabled:Akamai NetSession Interface
"1163:TCP"= 1163:TCP:*:Disabled:Akamai NetSession Interface
"2737:TCP"= 2737:TCP:*:Disabled:Akamai NetSession Interface
"3000:TCP"= 3000:TCP:*:Disabled:Akamai NetSession Interface
"1310:TCP"= 1310:TCP:*:Disabled:Akamai NetSession Interface
"3784:TCP"= 3784:TCP:*:Disabled:Akamai NetSession Interface
"2575:TCP"= 2575:TCP:*:Disabled:Akamai NetSession Interface
"1067:TCP"= 1067:TCP:*:Disabled:Akamai NetSession Interface
"1040:TCP"= 1040:TCP:*:Disabled:Akamai NetSession Interface
"1525:TCP"= 1525:TCP:*:Disabled:Akamai NetSession Interface
"1666:TCP"= 1666:TCP:*:Disabled:Akamai NetSession Interface
"1538:TCP"= 1538:TCP:*:Disabled:Akamai NetSession Interface
"1811:TCP"= 1811:TCP:*:Disabled:Akamai NetSession Interface
"1855:TCP"= 1855:TCP:*:Disabled:Akamai NetSession Interface
"3264:TCP"= 3264:TCP:*:Disabled:Akamai NetSession Interface
"1143:TCP"= 1143:TCP:*:Disabled:Akamai NetSession Interface
"1170:TCP"= 1170:TCP:*:Disabled:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:*:Disabled:Akamai NetSession Interface
"1055:TCP"= 1055:TCP:*:Disabled:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:*:Disabled:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:*:Disabled:Akamai NetSession Interface
"1183:TCP"= 1183:TCP:*:Disabled:Akamai NetSession Interface
"1969:TCP"= 1969:TCP:*:Disabled:Akamai NetSession Interface
"2112:TCP"= 2112:TCP:*:Disabled:Akamai NetSession Interface
"4446:TCP"= 4446:TCP:*:Disabled:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:*:Disabled:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:*:Disabled:Akamai NetSession Interface
"1060:TCP"= 1060:TCP:*:Disabled:Akamai NetSession Interface
"1069:TCP"= 1069:TCP:*:Disabled:Akamai NetSession Interface
"1202:TCP"= 1202:TCP:*:Disabled:Akamai NetSession Interface
"1201:TCP"= 1201:TCP:*:Disabled:Akamai NetSession Interface
"1337:TCP"= 1337:TCP:*:Disabled:Akamai NetSession Interface
"2681:TCP"= 2681:TCP:*:Disabled:Akamai NetSession Interface
"1493:TCP"= 1493:TCP:*:Disabled:Akamai NetSession Interface
"1258:TCP"= 1258:TCP:*:Disabled:Akamai NetSession Interface
"2770:TCP"= 2770:TCP:*:Disabled:Akamai NetSession Interface
"1769:TCP"= 1769:TCP:*:Disabled:Akamai NetSession Interface
"1880:TCP"= 1880:TCP:*:Disabled:Akamai NetSession Interface
"2942:TCP"= 2942:TCP:*:Disabled:Akamai NetSession Interface
"2020:TCP"= 2020:TCP:*:Disabled:Akamai NetSession Interface
"1655:TCP"= 1655:TCP:*:Disabled:Akamai NetSession Interface
"3332:TCP"= 3332:TCP:*:Disabled:Akamai NetSession Interface
"1404:TCP"= 1404:TCP:*:Disabled:Akamai NetSession Interface
"3728:TCP"= 3728:TCP:*:Disabled:Akamai NetSession Interface
"1438:TCP"= 1438:TCP:*:Disabled:Akamai NetSession Interface
"1468:TCP"= 1468:TCP:*:Disabled:Akamai NetSession Interface
"1488:TCP"= 1488:TCP:*:Disabled:Akamai NetSession Interface
"1550:TCP"= 1550:TCP:*:Disabled:Akamai NetSession Interface
"2867:TCP"= 2867:TCP:*:Disabled:Akamai NetSession Interface
"2489:TCP"= 2489:TCP:*:Disabled:Akamai NetSession Interface
"2805:TCP"= 2805:TCP:*:Disabled:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:*:Disabled:Akamai NetSession Interface
"1695:TCP"= 1695:TCP:*:Disabled:Akamai NetSession Interface
"3159:TCP"= 3159:TCP:*:Disabled:Akamai NetSession Interface
"3316:TCP"= 3316:TCP:*:Disabled:Akamai NetSession Interface
"4109:TCP"= 4109:TCP:*:Disabled:Akamai NetSession Interface
"2270:TCP"= 2270:TCP:*:Disabled:Akamai NetSession Interface
"2302:TCP"= 2302:TCP:*:Disabled:Akamai NetSession Interface
"1076:TCP"= 1076:TCP:*:Disabled:Akamai NetSession Interface
"1086:TCP"= 1086:TCP:*:Disabled:Akamai NetSession Interface
"1093:TCP"= 1093:TCP:*:Disabled:Akamai NetSession Interface
"1100:TCP"= 1100:TCP:*:Disabled:Akamai NetSession Interface
"1112:TCP"= 1112:TCP:*:Disabled:Akamai NetSession Interface
"1120:TCP"= 1120:TCP:*:Disabled:Akamai NetSession Interface
"1126:TCP"= 1126:TCP:*:Disabled:Akamai NetSession Interface
"1135:TCP"= 1135:TCP:*:Disabled:Akamai NetSession Interface
"1147:TCP"= 1147:TCP:*:Disabled:Akamai NetSession Interface
"4932:TCP"= 4932:TCP:*:Disabled:Akamai NetSession Interface
"1756:TCP"= 1756:TCP:*:Disabled:Akamai NetSession Interface
"1905:TCP"= 1905:TCP:*:Disabled:Akamai NetSession Interface
"1030:TCP"= 1030:TCP:*:Disabled:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:*:Disabled:Akamai NetSession Interface
"1900:TCP"= 1900:TCP:*:Disabled:Akamai NetSession Interface
"1731:TCP"= 1731:TCP:*:Disabled:Akamai NetSession Interface
"3949:TCP"= 3949:TCP:*:Disabled:Akamai NetSession Interface
"4184:TCP"= 4184:TCP:*:Disabled:Akamai NetSession Interface
"4678:TCP"= 4678:TCP:*:Disabled:Akamai NetSession Interface
"1848:TCP"= 1848:TCP:*:Disabled:Akamai NetSession Interface
"1340:TCP"= 1340:TCP:*:Disabled:Akamai NetSession Interface
"1531:TCP"= 1531:TCP:*:Disabled:Akamai NetSession Interface
"2190:TCP"= 2190:TCP:*:Disabled:Akamai NetSession Interface
"2287:TCP"= 2287:TCP:*:Disabled:Akamai NetSession Interface
"4961:TCP"= 4961:TCP:*:Disabled:Akamai NetSession Interface
"1176:TCP"= 1176:TCP:*:Disabled:Akamai NetSession Interface
"1644:TCP"= 1644:TCP:*:Disabled:Akamai NetSession Interface
"1121:TCP"= 1121:TCP:*:Disabled:Akamai NetSession Interface
"2038:TCP"= 2038:TCP:*:Disabled:Akamai NetSession Interface
"4887:TCP"= 4887:TCP:*:Disabled:Akamai NetSession Interface
"4933:TCP"= 4933:TCP:*:Disabled:Akamai NetSession Interface
"4999:TCP"= 4999:TCP:*:Disabled:Akamai NetSession Interface
"1169:TCP"= 1169:TCP:*:Disabled:Akamai NetSession Interface
"1537:TCP"= 1537:TCP:*:Disabled:Akamai NetSession Interface
"1801:TCP"= 1801:TCP:*:Disabled:Akamai NetSession Interface
"1983:TCP"= 1983:TCP:*:Disabled:Akamai NetSession Interface
"2071:TCP"= 2071:TCP:*:Disabled:Akamai NetSession Interface
"3009:TCP"= 3009:TCP:*:Disabled:Akamai NetSession Interface
"3027:TCP"= 3027:TCP:*:Disabled:Akamai NetSession Interface
"3488:TCP"= 3488:TCP:*:Disabled:Akamai NetSession Interface
"4091:TCP"= 4091:TCP:*:Disabled:Akamai NetSession Interface
"2061:TCP"= 2061:TCP:*:Disabled:Akamai NetSession Interface
"3010:TCP"= 3010:TCP:*:Disabled:Akamai NetSession Interface
"2660:TCP"= 2660:TCP:*:Disabled:Akamai NetSession Interface
"1252:TCP"= 1252:TCP:*:Disabled:Akamai NetSession Interface
"1505:TCP"= 1505:TCP:*:Disabled:Akamai NetSession Interface
"1699:TCP"= 1699:TCP:*:Disabled:Akamai NetSession Interface
"2553:TCP"= 2553:TCP:*:Disabled:Akamai NetSession Interface
"1561:TCP"= 1561:TCP:*:Disabled:Akamai NetSession Interface
"1710:TCP"= 1710:TCP:*:Disabled:Akamai NetSession Interface
"2509:TCP"= 2509:TCP:*:Disabled:Akamai NetSession Interface
"2895:TCP"= 2895:TCP:*:Disabled:Akamai NetSession Interface
"2908:TCP"= 2908:TCP:*:Disabled:Akamai NetSession Interface
"2973:TCP"= 2973:TCP:*:Disabled:Akamai NetSession Interface
"3314:TCP"= 3314:TCP:*:Disabled:Akamai NetSession Interface
"4611:TCP"= 4611:TCP:*:Disabled:Akamai NetSession Interface
"1122:TCP"= 1122:TCP:*:Disabled:Akamai NetSession Interface
"2234:TCP"= 2234:TCP:*:Disabled:Akamai NetSession Interface
"2393:TCP"= 2393:TCP:*:Disabled:Akamai NetSession Interface
"3189:TCP"= 3189:TCP:*:Disabled:Akamai NetSession Interface
"4883:TCP"= 4883:TCP:*:Disabled:Akamai NetSession Interface
"3157:TCP"= 3157:TCP:*:Disabled:Akamai NetSession Interface
"3427:TCP"= 3427:TCP:*:Disabled:Akamai NetSession Interface
"3455:TCP"= 3455:TCP:*:Disabled:Akamai NetSession Interface
"1788:TCP"= 1788:TCP:*:Disabled:Akamai NetSession Interface
"1548:TCP"= 1548:TCP:*:Disabled:Akamai NetSession Interface
"1579:TCP"= 1579:TCP:*:Disabled:Akamai NetSession Interface
"1882:TCP"= 1882:TCP:*:Disabled:Akamai NetSession Interface
"1950:TCP"= 1950:TCP:*:Disabled:Akamai NetSession Interface
"2162:TCP"= 2162:TCP:*:Disabled:Akamai NetSession Interface
"3499:TCP"= 3499:TCP:*:Disabled:Akamai NetSession Interface
"3864:TCP"= 3864:TCP:*:Disabled:Akamai NetSession Interface
"3974:TCP"= 3974:TCP:*:Disabled:Akamai NetSession Interface
"2262:TCP"= 2262:TCP:*:Disabled:Akamai NetSession Interface
"2619:TCP"= 2619:TCP:*:Disabled:Akamai NetSession Interface
"2822:TCP"= 2822:TCP:*:Disabled:Akamai NetSession Interface
"3923:TCP"= 3923:TCP:*:Disabled:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:*:Disabled:Akamai NetSession Interface
"2394:TCP"= 2394:TCP:*:Disabled:Akamai NetSession Interface
"1524:TCP"= 1524:TCP:*:Disabled:Akamai NetSession Interface
"2330:TCP"= 2330:TCP:*:Disabled:Akamai NetSession Interface
"2413:TCP"= 2413:TCP:*:Disabled:Akamai NetSession Interface
"1571:TCP"= 1571:TCP:*:Disabled:Akamai NetSession Interface
"1577:TCP"= 1577:TCP:*:Disabled:Akamai NetSession Interface
"1588:TCP"= 1588:TCP:*:Disabled:Akamai NetSession Interface
"3677:TCP"= 3677:TCP:*:Disabled:Akamai NetSession Interface
"4030:TCP"= 4030:TCP:*:Disabled:Akamai NetSession Interface
"4210:TCP"= 4210:TCP:*:Disabled:Akamai NetSession Interface
"4239:TCP"= 4239:TCP:*:Disabled:Akamai NetSession Interface
"3172:TCP"= 3172:TCP:*:Disabled:Akamai NetSession Interface
"3376:TCP"= 3376:TCP:*:Disabled:Akamai NetSession Interface
"3558:TCP"= 3558:TCP:*:Disabled:Akamai NetSession Interface
"1346:TCP"= 1346:TCP:*:Disabled:Akamai NetSession Interface
"1646:TCP"= 1646:TCP:*:Disabled:Akamai NetSession Interface
"1133:TCP"= 1133:TCP:*:Disabled:Akamai NetSession Interface
"2355:TCP"= 2355:TCP:*:Disabled:Akamai NetSession Interface
"1527:TCP"= 1527:TCP:*:Disabled:Akamai NetSession Interface
"2996:TCP"= 2996:TCP:*:Disabled:Akamai NetSession Interface
"3204:TCP"= 3204:TCP:*:Disabled:Akamai NetSession Interface
"3371:TCP"= 3371:TCP:*:Disabled:Akamai NetSession Interface
"4893:TCP"= 4893:TCP:*:Disabled:Akamai NetSession Interface
"4955:TCP"= 4955:TCP:*:Disabled:Akamai NetSession Interface
"1345:TCP"= 1345:TCP:*:Disabled:Akamai NetSession Interface
"1370:TCP"= 1370:TCP:*:Disabled:Akamai NetSession Interface
"4851:TCP"= 4851:TCP:*:Disabled:Akamai NetSession Interface
"4875:TCP"= 4875:TCP:*:Disabled:Akamai NetSession Interface
"2323:TCP"= 2323:TCP:*:Disabled:Akamai NetSession Interface
"1257:TCP"= 1257:TCP:*:Disabled:Akamai NetSession Interface
"1402:TCP"= 1402:TCP:*:Disabled:Akamai NetSession Interface
"2289:TCP"= 2289:TCP:*:Disabled:Akamai NetSession Interface
"1813:TCP"= 1813:TCP:*:Disabled:Akamai NetSession Interface
"4318:TCP"= 4318:TCP:*:Disabled:Akamai NetSession Interface
"2060:TCP"= 2060:TCP:*:Disabled:Akamai NetSession Interface
"3942:TCP"= 3942:TCP:*:Disabled:Akamai NetSession Interface
"3992:TCP"= 3992:TCP:*:Disabled:Akamai NetSession Interface
"4731:TCP"= 4731:TCP:*:Disabled:Akamai NetSession Interface
"1465:TCP"= 1465:TCP:*:Disabled:Akamai NetSession Interface
"4765:TCP"= 4765:TCP:*:Disabled:Akamai NetSession Interface
"1331:TCP"= 1331:TCP:*:Disabled:Akamai NetSession Interface
"3525:TCP"= 3525:TCP:*:Disabled:Akamai NetSession Interface
"1359:TCP"= 1359:TCP:*:Disabled:Akamai NetSession Interface
"1342:TCP"= 1342:TCP:*:Disabled:Akamai NetSession Interface
"2137:TCP"= 2137:TCP:*:Disabled:Akamai NetSession Interface
"4120:TCP"= 4120:TCP:*:Disabled:Akamai NetSession Interface
"4179:TCP"= 4179:TCP:*:Disabled:Akamai NetSession Interface
"4996:TCP"= 4996:TCP:*:Disabled:Akamai NetSession Interface
"1364:TCP"= 1364:TCP:*:Disabled:Akamai NetSession Interface
"1818:TCP"= 1818:TCP:*:Disabled:Akamai NetSession Interface
"1105:TCP"= 1105:TCP:*:Disabled:Akamai NetSession Interface
"2709:TCP"= 2709:TCP:*:Disabled:Akamai NetSession Interface
"2724:TCP"= 2724:TCP:*:Disabled:Akamai NetSession Interface
"3122:TCP"= 3122:TCP:*:Disabled:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:*:Disabled:Akamai NetSession Interface
"1038:TCP"= 1038:TCP:*:Disabled:Akamai NetSession Interface
"4137:TCP"= 4137:TCP:*:Disabled:Akamai NetSession Interface
"2556:TCP"= 2556:TCP:*:Disabled:Akamai NetSession Interface
"2840:TCP"= 2840:TCP:*:Disabled:Akamai NetSession Interface
"1554:TCP"= 1554:TCP:*:Disabled:Akamai NetSession Interface
"2356:TCP"= 2356:TCP:*:Disabled:Akamai NetSession Interface
"1073:TCP"= 1073:TCP:*:Disabled:Akamai NetSession Interface
"1460:TCP"= 1460:TCP:*:Disabled:Akamai NetSession Interface
"3809:TCP"= 3809:TCP:*:Disabled:Akamai NetSession Interface
"1360:TCP"= 1360:TCP:*:Disabled:Akamai NetSession Interface
"2342:TCP"= 2342:TCP:*:Disabled:Akamai NetSession Interface
"1932:TCP"= 1932:TCP:*:Disabled:Akamai NetSession Interface
"3029:TCP"= 3029:TCP:*:Disabled:Akamai NetSession Interface
"3416:TCP"= 3416:TCP:*:Disabled:Akamai NetSession Interface
"1211:TCP"= 1211:TCP:*:Disabled:Akamai NetSession Interface
"1074:TCP"= 1074:TCP:*:Disabled:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:*:Disabled:Akamai NetSession Interface
"1396:TCP"= 1396:TCP:*:Disabled:Akamai NetSession Interface
"4319:TCP"= 4319:TCP:*:Disabled:Akamai NetSession Interface
"1215:TCP"= 1215:TCP:*:Disabled:Akamai NetSession Interface
"2680:TCP"= 2680:TCP:*:Disabled:Akamai NetSession Interface
"2704:TCP"= 2704:TCP:*:Disabled:Akamai NetSession Interface
"1625:TCP"= 1625:TCP:*:Disabled:Akamai NetSession Interface
"1994:TCP"= 1994:TCP:*:Disabled:Akamai NetSession Interface
"2268:TCP"= 2268:TCP:*:Disabled:Akamai NetSession Interface
"2519:TCP"= 2519:TCP:*:Disabled:Akamai NetSession Interface
"3114:TCP"= 3114:TCP:*:Disabled:Akamai NetSession Interface
"3374:TCP"= 3374:TCP:*:Disabled:Akamai NetSession Interface
"3727:TCP"= 3727:TCP:*:Disabled:Akamai NetSession Interface
"1296:TCP"= 1296:TCP:*:Disabled:Akamai NetSession Interface
"1440:TCP"= 1440:TCP:*:Disabled:Akamai NetSession Interface
"1134:TCP"= 1134:TCP:*:Disabled:Akamai NetSession Interface
"2563:TCP"= 2563:TCP:*:Disabled:Akamai NetSession Interface
"1479:TCP"= 1479:TCP:*:Disabled:Akamai NetSession Interface
"3295:TCP"= 3295:TCP:*:Disabled:Akamai NetSession Interface
"3191:TCP"= 3191:TCP:*:Disabled:Akamai NetSession Interface
"3456:TCP"= 3456:TCP:*:Disabled:Akamai NetSession Interface
"4122:TCP"= 4122:TCP:*:Disabled:Akamai NetSession Interface
"4246:TCP"= 4246:TCP:*:Disabled:Akamai NetSession Interface
"4500:TCP"= 4500:TCP:*:Disabled:Akamai NetSession Interface
"4777:TCP"= 4777:TCP:*:Disabled:Akamai NetSession Interface
"1692:TCP"= 1692:TCP:*:Disabled:Akamai NetSession Interface
"3400:TCP"= 3400:TCP:*:Disabled:Akamai NetSession Interface
"3438:TCP"= 3438:TCP:*:Disabled:Akamai NetSession Interface
"4189:TCP"= 4189:TCP:*:Disabled:Akamai NetSession Interface
"2777:TCP"= 2777:TCP:*:Disabled:Akamai NetSession Interface
"3051:TCP"= 3051:TCP:*:Disabled:Akamai NetSession Interface
"3073:TCP"= 3073:TCP:*:Disabled:Akamai NetSession Interface
"1054:TCP"= 1054:TCP:*:Disabled:Akamai NetSession Interface
"1099:TCP"= 1099:TCP:*:Disabled:Akamai NetSession Interface
"1107:TCP"= 1107:TCP:*:Disabled:Akamai NetSession Interface
"1115:TCP"= 1115:TCP:*:Disabled:Akamai NetSession Interface
"1149:TCP"= 1149:TCP:*:Disabled:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:*:Disabled:Akamai NetSession Interface
"3592:TCP"= 3592:TCP:*:Disabled:Akamai NetSession Interface
"3622:TCP"= 3622:TCP:*:Disabled:Akamai NetSession Interface
"3672:TCP"= 3672:TCP:*:Disabled:Akamai NetSession Interface
"1640:TCP"= 1640:TCP:*:Disabled:Akamai NetSession Interface
"1057:TCP"= 1057:TCP:*:Disabled:Akamai NetSession Interface
"2212:TCP"= 2212:TCP:*:Disabled:Akamai NetSession Interface
"2238:TCP"= 2238:TCP:*:Disabled:Akamai NetSession Interface
"2299:TCP"= 2299:TCP:*:Disabled:Akamai NetSession Interface
"1110:TCP"= 1110:TCP:*:Disabled:Akamai NetSession Interface
"1823:TCP"= 1823:TCP:*:Disabled:Akamai NetSession Interface
"3541:TCP"= 3541:TCP:*:Disabled:Akamai NetSession Interface
"1755:TCP"= 1755:TCP:*:Disabled:Akamai NetSession Interface
"1785:TCP"= 1785:TCP:*:Disabled:Akamai NetSession Interface
"2109:TCP"= 2109:TCP:*:Disabled:Akamai NetSession Interface
"3299:TCP"= 3299:TCP:*:Disabled:Akamai NetSession Interface
"1713:TCP"= 1713:TCP:*:Disabled:Akamai NetSession Interface
"1723:TCP"= 1723:TCP:*:Disabled:Akamai NetSession Interface
"1114:TCP"= 1114:TCP:*:Disabled:Akamai NetSession Interface
"3573:TCP"= 3573:TCP:*:Disabled:Akamai NetSession Interface
"4444:TCP"= 4444:TCP:*:Disabled:Akamai NetSession Interface
"1534:TCP"= 1534:TCP:*:Disabled:Akamai NetSession Interface
"2605:TCP"= 2605:TCP:*:Disabled:Akamai NetSession Interface
"1799:TCP"= 1799:TCP:*:Disabled:Akamai NetSession Interface
"3994:TCP"= 3994:TCP:*:Disabled:Akamai NetSession Interface
"1958:TCP"= 1958:TCP:*:Disabled:Akamai NetSession Interface
"4683:TCP"= 4683:TCP:*:Disabled:Akamai NetSession Interface
"4776:TCP"= 4776:TCP:*:Disabled:Akamai NetSession Interface
"3154:TCP"= 3154:TCP:*:Disabled:Akamai NetSession Interface
"3399:TCP"= 3399:TCP:*:Disabled:Akamai NetSession Interface
"3464:TCP"= 3464:TCP:*:Disabled:Akamai NetSession Interface
"3601:TCP"= 3601:TCP:*:Disabled:Akamai NetSession Interface
"3229:TCP"= 3229:TCP:*:Disabled:Akamai NetSession Interface
"2496:TCP"= 2496:TCP:*:Disabled:Akamai NetSession Interface
"3195:TCP"= 3195:TCP:*:Disabled:Akamai NetSession Interface
"4564:TCP"= 4564:TCP:*:Disabled:Akamai NetSession Interface
"2461:TCP"= 2461:TCP:*:Disabled:Akamai NetSession Interface
"2954:TCP"= 2954:TCP:*:Disabled:Akamai NetSession Interface
"4266:TCP"= 4266:TCP:*:Disabled:Akamai NetSession Interface
"4301:TCP"= 4301:TCP:*:Disabled:Akamai NetSession Interface
"1526:TCP"= 1526:TCP:*:Disabled:Akamai NetSession Interface
"3964:TCP"= 3964:TCP:*:Disabled:Akamai NetSession Interface
"3330:TCP"= 3330:TCP:*:Disabled:Akamai NetSession Interface
"2016:TCP"= 2016:TCP:*:Disabled:Akamai NetSession Interface
"2757:TCP"= 2757:TCP:*:Disabled:Akamai NetSession Interface
"4327:TCP"= 4327:TCP:*:Disabled:Akamai NetSession Interface
"3798:TCP"= 3798:TCP:*:Disabled:Akamai NetSession Interface
"2311:TCP"= 2311:TCP:*:Disabled:Akamai NetSession Interface
"3208:TCP"= 3208:TCP:*:Disabled:Akamai NetSession Interface
"1205:TCP"= 1205:TCP:*:Disabled:Akamai NetSession Interface
"1597:TCP"= 1597:TCP:*:Disabled:Akamai NetSession Interface
"1676:TCP"= 1676:TCP:*:Disabled:Akamai NetSession Interface
"2962:TCP"= 2962:TCP:*:Disabled:Akamai NetSession Interface
"1709:TCP"= 1709:TCP:*:Disabled:Akamai NetSession Interface
"1158:TCP"= 1158:TCP:*:Disabled:Akamai NetSession Interface
"1660:TCP"= 1660:TCP:*:Disabled:Akamai NetSession Interface
"4158:TCP"= 4158:TCP:*:Disabled:Akamai NetSession Interface
"4209:TCP"= 4209:TCP:*:Disabled:Akamai NetSession Interface
"4219:TCP"= 4219:TCP:*:Disabled:Akamai NetSession Interface
"3146:TCP"= 3146:TCP:*:Disabled:Akamai NetSession Interface

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-10-13 35328]
S2 Akamai;Akamai;c:\windows\System32\svchost.exe -k Akamai [2004-08-04 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)


.
------- Supplementary Scan -------
.
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbaresources\en-US\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{D5AD327A-A089-4F04-89FD-4EA9812B3913} - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - c:\deposi~1\DEPOSI~1\DEPOSI~1.DLL
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\docume~1\Francois\APPLIC~1\Mozilla\Firefox\Profiles\k554qdgo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\depositfiles\Depositfiles Filemanager\Firefox\components\IDfXpCom.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pmozax.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 18:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-08-13 18:14
ComboFix-quarantined-files.txt  2009-08-13 22:14

Pre-Run: 3 549 712 384 octets libres
Post-Run: 3 637 379 072 octets libres

574	--- E O F ---	2009-08-13 03:15

gen-hackman · Answer

maintenant tu peux installer Malwarebytes

Fran · Answer

Voila le rapport de malwarebytes, j'espère que tout est parti en tout cas ca semble être le cas  à première vue.

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2617
Windows 5.1.2600 Service Pack 2

2009-08-13 19:48:39
mbam-log-2009-08-13 (19-48-39).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 247141
Temps écoulé: 54 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 14

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\Trend Micro\HijackThis\backups\backup-20090807-143753-432.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0770FF59-1575-4406-8DCD-D6B77B2682DC}\RP713\A0444435.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0770FF59-1575-4406-8DCD-D6B77B2682DC}\RP713\A0444438.sys (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0770FF59-1575-4406-8DCD-D6B77B2682DC}\RP713\A0444439.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0770FF59-1575-4406-8DCD-D6B77B2682DC}\RP713\A0444440.dll (Rogue.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0770FF59-1575-4406-8DCD-D6B77B2682DC}\RP713\A0444442.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08092009_135615\WINDOWS\msa.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08092009_135615\WINDOWS\msb.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08092009_135615\WINDOWS\System32\msxml71.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UAClxjguxivkf.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACoocukpooca.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtaiqmnjbfk.dll.vir (Rogue.Agent) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\SKYNETologiqix.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACjgjrvtlrru.sys.vir (Trojan.TDSS) -> Quarantined and deleted successfully.

gen-hackman · Answer

encore des soucis ?

Fran · Answer

Non ca m'a l'air ok ^^ merci pour tout t'es mon héro!

gen-hackman · Answer

ok on va quand meme passer ca par securité :

&#9654 Télécharge Superantispyware (SAS) 

&#9654 Choisis "enregistrer" et enregistre-le sur ton bureau. 

&#9654 Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions. 

&#9654 Créé une icône sur le bureau. 

&#9654 Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer. 

&#9654- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes. 
&#9654- Sous Configuration and Preferences, clique sur le bouton "Preferences" 
&#9654- Clique sur l'onglet "Scanning Control " 
&#9654- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée : 

&#9654Close browsers before scanning 
&#9654Scan for tracking cookies 
&#9654Terminate memory threats before quarantining 

&#9654 Laisse les autres lignes décochées. 

&#9654 Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle. 

&#9654 Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer". 

&#9654 Dans la colonne de gauche, coche C:\Fixed Drive. 

&#9654 Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan" 

&#9654 Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan. 

&#9654 A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK. 

&#9654 Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next". 

&#9654 Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes. 

Pour recopier les informations sur le forum, fais ceci : 

&#9654 - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS. 
&#9654 - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ". 
&#9654- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log. 

&#9654 - Le rapport va s'ouvrir dans ton éditeur de texte par défaut. 

&#9654 - Copie son contenu dans ta réponse. 


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

Virus inconnu

25 réponses

Votre réponse

Discussions similaires

Newsletters