Home antivirus 2010 Fermé

Question

Bonjour,

quelqu'un pourrait-il m'aider à me débarrasser de Home antivirus 2010 ?

Cela fait plusieurs semaines qu'il est présent dans mon système j'espère trouver une solution...

Voici mon rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:49, on 19/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\Benoit\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Maxime\Mes documents\Téléchargements\HiJackThis(3).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Benoit\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32egedit.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [13337694] C:\Documents and Settings\All Users\Application Data\13337694\13337694.exe
O4 - HKLM\..\Run: [10882344] C:\Documents and Settings\All Users\Application Data\10882344\10882344.exe
O4 - HKLM\..\Run: [Home Antivirus 2010] "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Maxime\LOCALS~1\Temp\E_S119.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [agent.exe] C:\Program Files\PCenter\agent.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [Google Update] "C:\Documents and Settings\Benoit\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [Mon Widget RMC] "C:\Program Files\Nosibay\Mon Widget RMC\launcher.exe" (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [EPSON Stylus D92 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Benoit\LOCALS~1\Temp\E_S33.tmp" /EF "HKCU" (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Benoit\LOCALS~1\Temp\E_S86.tmp" /EF "HKCU" (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [mssadv.exe]  (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe (User 'Benoit')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1008\..\Run: [nudccjqx] "c:\documents and settings\benoit\local settings\application data
udccjqx.exe" nudccjqx (User 'Benoit')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: play2p.lnk = C:\Program Files\play2p\play2p.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSman000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD79A15B-8498-4A9B-8B4E-9A94223DECE7}: NameServer = 85.255.112.97,85.255.112.64
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.97,85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.97,85.255.112.64
O20 - AppInit_DLLs: cru629.dat
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f33d686aa190) (gupdate1c9f33d686aa190) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Unknown owner - C:\Program Files\Winsudate\gibsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

Destrio5 · Answer

Bonjour,

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

maxdunord92 · Answer

Merci de ta réponse très rapide. :)

Malheureusement, à la fin de la recherche l'ordinateur redémarre systématiquement (j'ai essayé plusieurs fois)
et donc impossible de t'indiquer le rapport....

Destrio5 · Answer

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

--> Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)

--> Clique sur Continue à l'écran Disclaimer.

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

maxdunord92 · Answer

Merci une nouvelle fois de ta réponse des plus brèves.

Voila ce que ça donne:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Maxime at 2009-08-19 19:00:21
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 111 GB (73%) free of 153 GB
Total RAM: 1791 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:00:24, on 19/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Documents and Settings\Benoit\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Maxime\Bureau\RSIT.exe
C:\Documents and Settings\Maxime\Mes documents\Téléchargements\Maxime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Benoit\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32egedit.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [msctrl.exe] C:\Program Files\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Program Files\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Program Files\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Program Files\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Program Files\Microsoft Security Adviser\msfw.exe
O4 - HKLM\..\Run: [13337694] C:\Documents and Settings\All Users\Application Data\13337694\13337694.exe
O4 - HKLM\..\Run: [10882344] C:\Documents and Settings\All Users\Application Data\10882344\10882344.exe
O4 - HKLM\..\Run: [Home Antivirus 2010] "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [braviax] braviax.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Maxime\LOCALS~1\Temp\E_S119.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: play2p.lnk = C:\Program Files\play2p\play2p.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSman000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD79A15B-8498-4A9B-8B4E-9A94223DECE7}: NameServer = 85.255.112.97,85.255.112.64
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.97,85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.97,85.255.112.64
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f33d686aa190) (gupdate1c9f33d686aa190) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Unknown owner - C:\Program Files\Winsudate\gibsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

Destrio5 · Answer

Le PC est très infecté.

Glisse le fichier suivant sur ComboFix :
http://www.microsoft.com/downloads/details.aspx?FamilyId=15491F07-99F7-4A2D-983D-81C2137FF464&displaylang=fr

maxdunord92 · Answer

Pardon mais que dois-je faire en clair ??

Télécharger l'utilitaire ? 
Que dois-je en faire ?
Peut-tu être plus précis pour "glisser"?

Merci d'avance

Destrio5 · Answer

Oui, télécharge le fichier et glisse-le comme ceci :
http://img.bleepingcomputer.com/combofix/usage/rc.gif

maxdunord92 · Answer

Malheureusement je n'arrive pas télécharger à l'utilitaire :

Mozilla m'affiche que la connexion a échoué et
Internet Explorer que le lien semble corrompu....

Destrio5 · Answer

Ce sont les infections qui te bloquent certains sites.

Lien provisoire :
http://destrio5.free.fr/Telechargement_CCM/WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

maxdunord92 · Answer

J'ai essayé plusieurs fois mais l'ordinateur redémarre toujours à la fin de la recherche
Donc toujours pas de rapport...

Destrio5 · Answer

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

maxdunord92 · Answer

Merci beaucoup.

Voila le rapport :


Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 5.1.2600 Service Pack 2

19/08/2009 21:42:56
mbam-log-2009-08-19 (21-42-56).txt

Type de recherche: Examen rapide
Eléments examinés: 128416
Temps écoulé: 8 minute(s), 31 second(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 71
Valeur(s) du Registre infectée(s): 18
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 38
Fichier(s) infecté(s): 209

Processus mémoire infecté(s):
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Unloaded process successfully.
C:\Program Files\EoRezo\EoEngine.exe (Adware.EoRezo) -> Unloaded process successfully.
C:\Documents and Settings\Benoit\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Unloaded process successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Privacy center (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemSecurity2009 (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sfxdrv (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alfampeg (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\eoengine (Adware.EoRezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Adware.EoRezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msctrl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msavsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msscan.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msiemon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msfw.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssadv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\13337694 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10882344 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\sfx (Rootkit.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.97,85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fd79a15b-8498-4a9b-8b4e-9a94223dece7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.97,85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.97,85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fd79a15b-8498-4a9b-8b4e-9a94223dece7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.97,85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.97,85.255.112.64 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{fd79a15b-8498-4a9b-8b4e-9a94223dece7}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.97,85.255.112.64 -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Program Files\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\sounds (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\tools (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\tools\sc (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\tools\sp (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\keys (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\temp (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\Alfampeg (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Alfampeg (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\HomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\HomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010 (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\data (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Benoit\Local Settings\Application Data\nudccjqx_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Application Data\nudccjqx_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Application Data\nudccjqx.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Application Data\nudccjqx.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoEngine.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\braviax.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00018B7D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001C992 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001F7A7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001F879 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0001FF7A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00025883 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0002C40C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00032181 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00050996 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0005491E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0007B4F4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00115B25 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0014531B (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0020636A (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00224DA6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0025984E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\002722DC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00284C1F.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00284D41.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00284E5A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00284F9A.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0029199D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\002D2AB8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0030A325 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0035AE56 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003C64BF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\003CEA74 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0054898C (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00573815 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\005A3855 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0063AEE1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\006CB008 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00762914 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008915E6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008A5E39 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008B93CF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008BF8E4 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\008C98A7 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\009FEC28 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00A2F64E (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00BAF461 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00BB63E8 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00BBEDA5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00BC542D (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00D22501 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00D9DD98 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\00F121EF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0100EB91 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0102F5F5 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0116C821 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0120AE01.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\0120AFEC.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\012F15ED (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\012FCBB6 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01A67AEE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01AE8231 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01B06AC9 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01B0F377 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\01F9C91B (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\021F3676 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\026BC8A1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\03E8D1BC (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\allowed (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\PopSwatr\History\notallow (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\System Security\System Security (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\guide.html (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg1.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg10.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg2.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg3.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg4.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg5.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg6.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg7.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg8.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\faq\images\gimg9.jpg (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\sounds\1.mp3 (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Program Files\PCenter\sounds\3.mp3 (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases\cg.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases\mw.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases\rd.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases\sc.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases\sm.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\dbases\sp.dat (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\keys\cg.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\keys\rd.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\keys\sc.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\keys\sp.key (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\PCenter\temp\settings.ini (Rogue.PCenter) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\Alfampeg\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\Alfampeg\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\HomeAntivirus2010\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Menu Démarrer\Programmes\HomeAntivirus2010\Uninstall.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\HomeAntivirus2010\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\HomeAntivirus2010\Uninstall.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\AVEngn.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.cfg (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\htmlayout.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\pthreadVC2.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\wscui.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\data\daily.cvd (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT\msvcm80.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT\msvcp80.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\HomeAntivirus2010\Microsoft.VC80.CRT\msvcr80.dll (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Bureau\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maxime\Bureau\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\Microsoft\Internet Explorer\Quick Launch\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Maxime\Application Data\Microsoft\Internet Explorer\Quick Launch\HomeAntivirus2010.lnk (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Bureau\System Security 2009.lnk (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\awuqy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temporary Internet Files\kyputa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Bureau\PCenter.lnk (Rogue.PrivacyCenter) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\Program Files\sFX\sfX.sYs (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\sFX\SfX.DlL (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ESQULzcounter (Trojan.Agent) -> Quarantined and deleted successfully.

Destrio5 · Answer

Réessaie ComboFix maintenant.

maxdunord92 · Answer

Combofix redémarre toujours à la fin de la recherche...

Destrio5 · Answer

As-tu essayé en mode sans échec ?

maxdunord92 · Answer

Non je n'ai encore jamais utilisé le mode sans échec.

Donc Combofix en sans échec ?

Destrio5 · Answer

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

maxdunord92 · Answer

OK.

Je ferai ça demain. Merci pour tout.
En espérant que ce sera la bonne.

Bonne soirée

Destrio5 · Answer

Bonne soirée ;)

maxdunord92 · Answer

Bonjour,

je ne peux pas mettre mon ordinateur en mode sans echec.

Je tape bien F8, je choisis ensuite le mode sans échec mais l'ordinateur redémarre à chaque fois...

Destrio5 · Answer

--> Relance MBAM, va dans Quarantaine et supprime tout.

--> Refais un scan RSIT et poste le rapport log.

maxdunord92 · Answer

voila le rapport log de RSIT :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Maxime at 2009-08-20 17:59:41
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 114 GB (75%) free of 153 GB
Total RAM: 1791 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:46, on 20/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Maxime\Bureau\RSIT.exe
C:\Documents and Settings\Maxime\Mes documents\Téléchargements\Maxime.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32egedit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Home Antivirus 2010] "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Maxime\LOCALS~1\Temp\E_S119.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: play2p.lnk = C:\Program Files\play2p\play2p.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f33d686aa190) (gupdate1c9f33d686aa190) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Unknown owner - C:\Program Files\Winsudate\gibsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

Destrio5 · Answer

Ton PC est un nid à virus.

Mets à jour MBAM et refais un scan rapide.

maxdunord92 · Answer

J'ai effectué la mise à jour et fait un scan.

Voila le rapport :

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2665
Windows 5.1.2600 Service Pack 2

20/08/2009 18:25:21
mbam-log-2009-08-20 (18-25-21).txt

Type de recherche: Examen rapide
Eléments examinés: 139636
Temps écoulé: 15 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e24211b3-a78a-c6a9-d317-70979ace5058} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinBlueSoft (Rogue.WinBlue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\All Users\Application Data\10882344 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\13337694 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\16464004 (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Bureau\flash-plugin[1].40016.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\40.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\40.tmp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Benoit\Local Settings\Temp\c.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\autorun.inf (SuspectAutorun.Rootdrive.H) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Destrio5 · Answer

&#9679; Télécharge Ad-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

/!\ Déconnecte-toi d'Internet et ferme toutes applications en cours. /!\

&#9679; Double-clique sur le programme d'installation, installe-le dans son emplacement par défaut (C:\Program Files).
&#9679; Double-clique sur le raccourci d'Ad-Remover située sur ton Bureau.
(Sous Vista, il faut cliquer droit sur le raccourci d'Ad-Remover et choisir Exécuter en tant qu'administrateur)
&#9679; Au menu principal, choisis l'option L.
&#9679; Poste le rapport généré (C:\Ad-Report-CLEAN.log).

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note : "Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

maxdunord92 · Answer

copie colle le à partir de "voilà le rapport"

Destrio5 · Answer

Comment ça ?

maxdunord92 · Answer

Bonjour, 

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\ 

--> Télécharge ComboFix (de sUBs) sur ton Bureau. 
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer. 
--> Il va te demander d'installer la console de récupération : accepte. 
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse. 

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix

maxdunord92 · Answer

--> Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau. 

--> Double-clique sur RSIT.exe afin de lancer le programme. 
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur) 

--> Clique sur Continue à l'écran Disclaimer. 

--> Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence. 

--> Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches). 

Note : les rapports sont sauvegardés dans le dossier C:\rsit.

Destrio5 · Answer

Pourquoi tu me donnes les procédures ?

maxdunord92 · Answer

voila le rapport de Ad-Remover

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_O | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/06/2009 à 7:10 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 11:55:51, 20/09/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 2 v5.1.2600
Nom du PC: D15561E2A92943A | Utilisateur actuel: Maxime
.
Administrateur: Administrateur 
N'est pas administrateur: ASPNET 
Administrateur: Benoit 
Administrateur: Charlotte 
Administrateur: Guillaume 
N'est pas administrateur: HelpAssistant *Desactive* 
N'est pas administrateur: Invité *Desactive* 
Administrateur: Maxime 
N'est pas administrateur: SUPPORT_388945a0 *Desactive* 
Administrateur: Véronique 
. 
============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== 
.
.
.
C:\Documents and Settings\Benoit\Cookies\benoit@partypoker[1].txt 

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.

* Mozilla FireFox Version 3.5.3 *

 Nom du profil: vu9rujf4.default (Maxime)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google"); 
(Prefs.js) user_pref("browser.search.selectedEngine", "WikipÃ©dia (fr)"); 
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="); 
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/"); 
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.1.3"); 
.
. 

* Internet Explorer Version 6.0.2900.2180 *

[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/

[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

   Tabs: res://ieframe.dll/tabswelcome.htm

.
============== Processus Caches/Bloque ==============
.
PID: 644	[LOCKED] xcommsvr.exe
PID: 1460	[LOCKED] livesrv.exe
PID: 1572	[LOCKED] vsserv.exe
PID: 3480	[LOCKED] svchost.exe
.

============== Suspect (Cracks, Serials ... ) ==============

. 
.
===================================
.
2764 Octet(s) - C:\Ad-Report-CLEAN.log 
.
19 Fichier(s) - C:\DOCUME~1\Maxime\LOCALS~1\Temp 
6 Fichier(s) - C:\WINDOWS\Temp 
.
70 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
162 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 12:12:22 | 20/09/2009
.
============== E.O.F ==============
.

Destrio5 · Answer

Peux-tu faire un scan RSIT avec l'option 3 months puis poster le rapport log ?

maxdunord92 · Answer

voila le rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Maxime at 2009-09-21 17:55:06
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 100 GB (65%) free of 153 GB
Total RAM: 1791 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:55:11, on 21/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Documents and Settings\Maxime\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Maxime\Bureau\autres icones\RSIT.exe
C:\Documents and Settings\Maxime\Mes documents\Téléchargements\Maxime.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Home Antivirus 2010] "C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe" /hide
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Maxime\LOCALS~1\Temp\E_S119.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1011\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (User 'Guillaume')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1011\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Guillaume')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1011\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Guillaume')
O4 - HKUS\S-1-5-21-385160944-3990610132-1039464959-1011\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\GUILLA~1\LOCALS~1\Temp\E_SC.tmp" /EF "HKCU" (User 'Guillaume')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-385160944-3990610132-1039464959-1011 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Guillaume')
O4 - S-1-5-21-385160944-3990610132-1039464959-1011 User Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Guillaume')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Maxime\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: play2p.lnk = C:\Program Files\play2p\play2p.exe
O4 - Global Startup: TrayMin220.lnk = ?
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f33d686aa190) (gupdate1c9f33d686aa190) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Unknown owner - C:\Program Files\Winsudate\gibsvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

Destrio5 · Answer

---> Télécharge OTM (OldTimer) sur ton Bureau.

---> Double-clique sur OTM.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:services
WinSvc

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]  
"Home Antivirus 2010"=-

:files 
C:\Program Files\HomeAntivirus2010
C:\Program Files\Winsudate
C:\Program Files\Winletmin 
C:\WINDOWS\system32\17c7de00.dll     
C:\WINDOWS\system32\138b1af2.dll     
C:\WINDOWS\79zsteal1577.exe     
C:\WINDOWS\2457notza-v5rus7889.exe     
C:\WINDOWS\system32\353vir1z9.exe     
C:\WINDOWS\z681t5ief6819.exe     
C:\WINDOWS\57z9down5oader3053.exe     
C:\WINDOWS\6a95downl5ader228z.exe     
C:\WINDOWS\system32\1cbe5ac9door9z5.dll     
C:\WINDOWS\z54spy790.exe     
C:\WINDOWS\43fcvi956z3.dll     
C:\WINDOWS\system32\465athizf5529.exe         
C:\WINDOWS\75b6bac9do5r186z.dll   
C:\Program Files\QUAD Utilities 
C:\WINDOWS\system32\ML.DLL 
C:\WINDOWS\6f1bvirz2955.dll     
C:\WINDOWS\13d8a95zare1044.dll     
C:\WINDOWS\975zvirus499.exe     
C:\WINDOWS\yfep.bat     
C:\WINDOWS\system32\vavyqop.com     
C:\WINDOWS\system32\anizaso.vbs     
C:\WINDOWS\japizomoz.dll     
C:\Program Files\Fichiers communs\ifinosymum.com     
C:\WINDOWS\powoza.bat     
C:\WINDOWS\fojubujo.vbs     
C:\Program Files\Fichiers communs	esyraz.bat     
C:\WINDOWS\system32\oduripaqen.bat     
C:\WINDOWS\qazuhilido.dll     
C:\Documents and Settings\All Users\Application Data\ifihe.com     
C:\Documents and Settings\All Users\Application Data\hadi.com     
C:\WINDOWS\1a0bth9e54z.exe     
C:\WINDOWS\system32\kavosatah.bat     
C:\WINDOWS\imali.dll     
C:\Program Files\Fichiers communs\yjiqy.bat     
C:\Documents and Settings\All Users\Application Data\vurokecoh.dll 
C:\Documents and Settings\All Users\Application Data\myrac.exe     
C:\WINDOWS\8793hacktzol4d35.dll     
C:\WINDOWS\891threaz15809.exe     
C:\WINDOWS\system32\4443t9zeat275535.exe     
C:\WINDOWS\94a5vir2z02.exe     
C:\WINDOWS\system32\4e9z9ir2754.exe     
C:\Qoobox     
C:\WINDOWS\system32\CF14943.exe     
C:\WINDOWS\system32\CF14848.exe     
C:\WINDOWS\system32\CF14551.exe     
C:\WINDOWS\system32\CF14486.exe     
C:\WINDOWS\system32\CF14179.exe     
C:\WINDOWS\system32\CF13454.exe     
C:\WINDOWS\system32\CF13176.exe     
C:\WINDOWS\system32\CF13085.exe     
C:\WINDOWS\system32\CF13003.exe     
C:\WINDOWS\system32\CF12912.exe     
C:\WINDOWS\system32\CF15792.exe     
C:\WINDOWS\system32\CF25158.exe     
C:\WINDOWS\system32\CF22581.exe     
C:\WINDOWS\system32\CF20740.exe     
C:\WINDOWS\system32\CF7026.exe     
C:\WINDOWS\system32\CF6954.exe     
C:\WINDOWS\system32\CF6840.exe     
C:\WINDOWS\system32\CF18064.exe     
C:\WINDOWS\system32\CF17930.exe     
C:\WINDOWS\system32\CF13250.exe     
C:\WINDOWS\system32\CF8809.exe     
C:\WINDOWS\system32\CF8711.exe     
C:\WINDOWS\system32\CF29849.exe     
C:\WINDOWS\system32\CF29755.exe     
C:\WINDOWS\system32\CF28158.exe     
C:\WINDOWS\system32\CF28070.exe     
C:\Bibitte     
C:\WINDOWS\system32\CF553.exe     
C:\WINDOWS\system32\CF438.exe     
C:\WINDOWS\system32\CF308.exe     
C:\WINDOWS\system32\CF31547.exe     
C:\WINDOWS\system32\CF31449.exe     
C:\WINDOWS\5535worz915.dll     
C:\WINDOWS\system32\6f96spy5aze2689.exe     
C:\WINDOWS\system32\z9c5sparse1423.exe     
C:\WINDOWS\3486v9z5162.dll     
C:\WINDOWS\3c719ozn5oader969.exe     
C:\WINDOWS\system32\25623worm297z.dll     
C:\WINDOWS\system32\60edbac9zo5r1517.exe     
C:\WINDOWS\system32\15902vi5zs449.dll     
C:\WINDOWS\system32\103785roj59z.exe     
C:\WINDOWS\system32\17999zr5j7c3.dll     
C:\WINDOWS\76d0addwa9e1305z.dll     
C:\WINDOWS\system32\23f3stezl9657.exe     
C:\WINDOWS\system32\e89threat59508z.dll     
C:\WINDOWS\23z04not-5-vi9usbc.exe     
C:\WINDOWS\518bzownl9ader1115.dll     
C:\WINDOWS\system32\15z23not9a-virus495.exe     
C:\WINDOWS\19955hazktool46f.dll     
C:\WINDOWS\27493vizu535.exe     
C:\WINDOWS\system32\46345parse278z9.exe     
C:\WINDOWS\5617zs9ambot165.exe     
C:\WINDOWS\system32\80z9sp56aa.dll     
C:\WINDOWS\system32\13250worm39z.dll     
C:\WINDOWS\system32\690bsz5al2144.dll     
C:\WINDOWS\5b90v5rz014.dll     
C:\WINDOWS\za1ct59ef772.exe     
C:\WINDOWS\system32\1caddownl59derz356.exe     
C:\WINDOWS\29949szy785.dll     
C:\WINDOWS\system32\305z5vir593a5.exe     
C:\WINDOWS\system32\609b5irz55.dll     
C:\WINDOWS\system32\26595vizu92.exe     
C:\WINDOWS\system32\b535pzwa9e361.dll     
C:\WINDOWS\22427noz-a-v5r9sf5.exe     
C:\WINDOWS\system32\789d5hreat20079z.dll     
C:\WINDOWS\5z58backdo9r5599.dll     

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

maxdunord92 · Answer

voila


All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver WinSvc deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Home Antivirus 2010 deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\HomeAntivirus2010 not found.
C:\Program Files\Winsudate moved successfully.
C:\Program Files\Winletmin moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\17c7de00.dll
C:\WINDOWS\system32\17c7de00.dll NOT unregistered.
C:\WINDOWS\system32\17c7de00.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\138b1af2.dll
C:\WINDOWS\system32\138b1af2.dll NOT unregistered.
C:\WINDOWS\system32\138b1af2.dll moved successfully.
C:\WINDOWS\79zsteal1577.exe moved successfully.
C:\WINDOWS\2457notza-v5rus7889.exe moved successfully.
C:\WINDOWS\system32\353vir1z9.exe moved successfully.
C:\WINDOWS\z681t5ief6819.exe moved successfully.
C:\WINDOWS\57z9down5oader3053.exe moved successfully.
C:\WINDOWS\6a95downl5ader228z.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\1cbe5ac9door9z5.dll
C:\WINDOWS\system32\1cbe5ac9door9z5.dll NOT unregistered.
C:\WINDOWS\system32\1cbe5ac9door9z5.dll moved successfully.
C:\WINDOWS\z54spy790.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\43fcvi956z3.dll
C:\WINDOWS\43fcvi956z3.dll NOT unregistered.
C:\WINDOWS\43fcvi956z3.dll moved successfully.
C:\WINDOWS\system32\465athizf5529.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\75b6bac9do5r186z.dll
C:\WINDOWS\75b6bac9do5r186z.dll NOT unregistered.
C:\WINDOWS\75b6bac9do5r186z.dll moved successfully.
C:\Program Files\QUAD Utilities\QUAD Registry Cleaner moved successfully.
C:\Program Files\QUAD Utilities moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\ML.DLL
C:\WINDOWS\system32\ML.DLL NOT unregistered.
C:\WINDOWS\system32\ML.DLL moved successfully.
LoadLibrary failed for C:\WINDOWS\6f1bvirz2955.dll
C:\WINDOWS\6f1bvirz2955.dll NOT unregistered.
C:\WINDOWS\6f1bvirz2955.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\13d8a95zare1044.dll
C:\WINDOWS\13d8a95zare1044.dll NOT unregistered.
C:\WINDOWS\13d8a95zare1044.dll moved successfully.
C:\WINDOWS\975zvirus499.exe moved successfully.
C:\WINDOWS\yfep.bat moved successfully.
C:\WINDOWS\system32\vavyqop.com moved successfully.
C:\WINDOWS\system32\anizaso.vbs moved successfully.
LoadLibrary failed for C:\WINDOWS\japizomoz.dll
C:\WINDOWS\japizomoz.dll NOT unregistered.
C:\WINDOWS\japizomoz.dll moved successfully.
C:\Program Files\Fichiers communs\ifinosymum.com moved successfully.
C:\WINDOWS\powoza.bat moved successfully.
C:\WINDOWS\fojubujo.vbs moved successfully.
C:\Program Files\Fichiers communs	esyraz.bat moved successfully.
C:\WINDOWS\system32\oduripaqen.bat moved successfully.
LoadLibrary failed for C:\WINDOWS\qazuhilido.dll
C:\WINDOWS\qazuhilido.dll NOT unregistered.
C:\WINDOWS\qazuhilido.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\ifihe.com moved successfully.
C:\Documents and Settings\All Users\Application Data\hadi.com moved successfully.
C:\WINDOWS\1a0bth9e54z.exe moved successfully.
C:\WINDOWS\system32\kavosatah.bat moved successfully.
LoadLibrary failed for C:\WINDOWS\imali.dll
C:\WINDOWS\imali.dll NOT unregistered.
C:\WINDOWS\imali.dll moved successfully.
C:\Program Files\Fichiers communs\yjiqy.bat moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\vurokecoh.dll
C:\Documents and Settings\All Users\Application Data\vurokecoh.dll NOT unregistered.
C:\Documents and Settings\All Users\Application Data\vurokecoh.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\myrac.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\8793hacktzol4d35.dll
C:\WINDOWS\8793hacktzol4d35.dll NOT unregistered.
C:\WINDOWS\8793hacktzol4d35.dll moved successfully.
C:\WINDOWS\891threaz15809.exe moved successfully.
C:\WINDOWS\system32\4443t9zeat275535.exe moved successfully.
C:\WINDOWS\94a5vir2z02.exe moved successfully.
C:\WINDOWS\system32\4e9z9ir2754.exe moved successfully.
C:\Qoobox\TestC moved successfully.
C:\Qoobox\Test moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers moved successfully.
Folder move failed. C:\Qoobox\Quarantine\C\WINDOWS\system32 scheduled to be moved on reboot.
Folder move failed. C:\Qoobox\Quarantine\C\WINDOWS scheduled to be moved on reboot.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\LastRun moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
C:\WINDOWS\system32\CF14943.exe moved successfully.
C:\WINDOWS\system32\CF14848.exe moved successfully.
C:\WINDOWS\system32\CF14551.exe moved successfully.
C:\WINDOWS\system32\CF14486.exe moved successfully.
C:\WINDOWS\system32\CF14179.exe moved successfully.
C:\WINDOWS\system32\CF13454.exe moved successfully.
C:\WINDOWS\system32\CF13176.exe moved successfully.
C:\WINDOWS\system32\CF13085.exe moved successfully.
C:\WINDOWS\system32\CF13003.exe moved successfully.
C:\WINDOWS\system32\CF12912.exe moved successfully.
C:\WINDOWS\system32\CF15792.exe moved successfully.
C:\WINDOWS\system32\CF25158.exe moved successfully.
C:\WINDOWS\system32\CF22581.exe moved successfully.
C:\WINDOWS\system32\CF20740.exe moved successfully.
C:\WINDOWS\system32\CF7026.exe moved successfully.
C:\WINDOWS\system32\CF6954.exe moved successfully.
C:\WINDOWS\system32\CF6840.exe moved successfully.
C:\WINDOWS\system32\CF18064.exe moved successfully.
C:\WINDOWS\system32\CF17930.exe moved successfully.
C:\WINDOWS\system32\CF13250.exe moved successfully.
C:\WINDOWS\system32\CF8809.exe moved successfully.
C:\WINDOWS\system32\CF8711.exe moved successfully.
C:\WINDOWS\system32\CF29849.exe moved successfully.
C:\WINDOWS\system32\CF29755.exe moved successfully.
C:\WINDOWS\system32\CF28158.exe moved successfully.
C:\WINDOWS\system32\CF28070.exe moved successfully.
C:\Bibitte\N_ moved successfully.
C:\Bibitte moved successfully.
C:\WINDOWS\system32\CF553.exe moved successfully.
C:\WINDOWS\system32\CF438.exe moved successfully.
C:\WINDOWS\system32\CF308.exe moved successfully.
C:\WINDOWS\system32\CF31547.exe moved successfully.
C:\WINDOWS\system32\CF31449.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\5535worz915.dll
C:\WINDOWS\5535worz915.dll NOT unregistered.
C:\WINDOWS\5535worz915.dll moved successfully.
C:\WINDOWS\system32\6f96spy5aze2689.exe moved successfully.
C:\WINDOWS\system32\z9c5sparse1423.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\3486v9z5162.dll
C:\WINDOWS\3486v9z5162.dll NOT unregistered.
C:\WINDOWS\3486v9z5162.dll moved successfully.
C:\WINDOWS\3c719ozn5oader969.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\25623worm297z.dll
C:\WINDOWS\system32\25623worm297z.dll NOT unregistered.
C:\WINDOWS\system32\25623worm297z.dll moved successfully.
C:\WINDOWS\system32\60edbac9zo5r1517.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\15902vi5zs449.dll
C:\WINDOWS\system32\15902vi5zs449.dll NOT unregistered.
C:\WINDOWS\system32\15902vi5zs449.dll moved successfully.
C:\WINDOWS\system32\103785roj59z.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\17999zr5j7c3.dll
C:\WINDOWS\system32\17999zr5j7c3.dll NOT unregistered.
C:\WINDOWS\system32\17999zr5j7c3.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\76d0addwa9e1305z.dll
C:\WINDOWS\76d0addwa9e1305z.dll NOT unregistered.
C:\WINDOWS\76d0addwa9e1305z.dll moved successfully.
C:\WINDOWS\system32\23f3stezl9657.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\e89threat59508z.dll
C:\WINDOWS\system32\e89threat59508z.dll NOT unregistered.
C:\WINDOWS\system32\e89threat59508z.dll moved successfully.
C:\WINDOWS\23z04not-5-vi9usbc.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\518bzownl9ader1115.dll
C:\WINDOWS\518bzownl9ader1115.dll NOT unregistered.
C:\WINDOWS\518bzownl9ader1115.dll moved successfully.
C:\WINDOWS\system32\15z23not9a-virus495.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\19955hazktool46f.dll
C:\WINDOWS\19955hazktool46f.dll NOT unregistered.
C:\WINDOWS\19955hazktool46f.dll moved successfully.
C:\WINDOWS\27493vizu535.exe moved successfully.
C:\WINDOWS\system32\46345parse278z9.exe moved successfully.
C:\WINDOWS\5617zs9ambot165.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\80z9sp56aa.dll
C:\WINDOWS\system32\80z9sp56aa.dll NOT unregistered.
C:\WINDOWS\system32\80z9sp56aa.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\13250worm39z.dll
C:\WINDOWS\system32\13250worm39z.dll NOT unregistered.
C:\WINDOWS\system32\13250worm39z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\690bsz5al2144.dll
C:\WINDOWS\system32\690bsz5al2144.dll NOT unregistered.
C:\WINDOWS\system32\690bsz5al2144.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\5b90v5rz014.dll
C:\WINDOWS\5b90v5rz014.dll NOT unregistered.
C:\WINDOWS\5b90v5rz014.dll moved successfully.
C:\WINDOWS\za1ct59ef772.exe moved successfully.
C:\WINDOWS\system32\1caddownl59derz356.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\29949szy785.dll
C:\WINDOWS\29949szy785.dll NOT unregistered.
C:\WINDOWS\29949szy785.dll moved successfully.
C:\WINDOWS\system32\305z5vir593a5.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\609b5irz55.dll
C:\WINDOWS\system32\609b5irz55.dll NOT unregistered.
C:\WINDOWS\system32\609b5irz55.dll moved successfully.
C:\WINDOWS\system32\26595vizu92.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\b535pzwa9e361.dll
C:\WINDOWS\system32\b535pzwa9e361.dll NOT unregistered.
C:\WINDOWS\system32\b535pzwa9e361.dll moved successfully.
C:\WINDOWS\22427noz-a-v5r9sf5.exe moved successfully.
LoadLibrary failed for C:\WINDOWS\system32\789d5hreat20079z.dll
C:\WINDOWS\system32\789d5hreat20079z.dll NOT unregistered.
C:\WINDOWS\system32\789d5hreat20079z.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\5z58backdo9r5599.dll
C:\WINDOWS\5z58backdo9r5599.dll NOT unregistered.
C:\WINDOWS\5z58backdo9r5599.dll moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Benoit
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;bp=KO;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=9721392389970124[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=9334179644890616[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=1091597053765422[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2417858158701857[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3303568732486069[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3648088069310690[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=4722658570681154[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6006363322042493[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6404505873805291[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6789632804375755[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=7907743544286736[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8009526694446377[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8250554776575361[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9390270181895648[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9925533243234794[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=1411533366124885[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=4024555687819131[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=5292798506930964[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=5444752974021076[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6753868725922656[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9713275816673706[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=5259104821044612[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=9232539020389334[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=;var22=;var23=;var24=;var25=;var26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=5843969350915059[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=;var22=;var23=;var24=;var25=;var26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=8689371997960267[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2506004386782113[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2564542267481515[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2810979398001474[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2923958919255144[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3469155289605451[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3769784539666309[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6051261568106273[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8820842306143908[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=4308326385338276[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=7456315264875601[2] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=1793306031441906[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=349085046702618[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=4859487484680844[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6015909388799070[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6115314673194251[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6604956894810270[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=7076576080325310[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=798925196994098[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8202889881868094[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8711110431161262[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9251098087589820[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9895738230974682[1].htm scheduled to be deleted on reboot.
->Temp folder emptied: 1448166509 bytes
->Temporary Internet Files folder emptied: 289142893 bytes
->Java cache emptied: 24 bytes
->FireFox cache emptied: 73160419 bytes
->Google Chrome cache emptied: 12835235 bytes
->Apple Safari cache emptied: 27786428 bytes
 
User: Charlotte
->Temp folder emptied: 425897629 bytes
->Temporary Internet Files folder emptied: 205288010 bytes
->Java cache emptied: 20708 bytes
->FireFox cache emptied: 48807341 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
 
User: Guillaume
->Temp folder emptied: 409280000 bytes
->Temporary Internet Files folder emptied: 24568660 bytes
->FireFox cache emptied: 66576665 bytes
 
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Historique\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 65716 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 6123860 bytes
 
User: Maxime
->Temp folder emptied: 2760360 bytes
->Temporary Internet Files folder emptied: 3088367 bytes
->Java cache emptied: 550201 bytes
->FireFox cache emptied: 86301012 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Véronique
->Temp folder emptied: 655118 bytes
->Temporary Internet Files folder emptied: 15678631 bytes
->FireFox cache emptied: 20721010 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134465 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 53653 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = -1073,11 mb
 
 
OTM by OldTimer - Version 3.0.0.6 log created on 09212009_181056

Files moved on Reboot...
File C:\Qoobox\Quarantine\C\WINDOWS\system32 not found!
File C:\Qoobox\Quarantine\C\WINDOWS not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;bp=KO;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=9721392389970124[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=9334179644890616[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=1091597053765422[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2417858158701857[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3303568732486069[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3648088069310690[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=4722658570681154[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6006363322042493[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6404505873805291[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6789632804375755[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=7907743544286736[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8009526694446377[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8250554776575361[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9390270181895648[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q9GNMDCP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9925533243234794[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=1411533366124885[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=4024555687819131[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=5292798506930964[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=5444752974021076[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6753868725922656[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\AV8PW9WP\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9713275816673706[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=5259104821044612[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=9232539020389334[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=;var22=;var23=;var24=;var25=;var26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=5843969350915059[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=;var22=;var23=;var24=;var25=;var26=;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=8689371997960267[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2506004386782113[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2564542267481515[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2810979398001474[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=2923958919255144[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3469155289605451[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=3769784539666309[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6051261568106273[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\6VEHMTSV\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8820842306143908[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=4308326385338276[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;bp=OK;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=7456315264875601[2] not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=1793306031441906[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=349085046702618[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=4859487484680844[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6015909388799070[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6115314673194251[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=6604956894810270[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=7076576080325310[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=798925196994098[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8202889881868094[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=8711110431161262[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9251098087589820[1].htm not found!
File C:\Documents and Settings\Benoit\Local Settings\Temp\Temporary Internet Files\Content.IE5\418V636N\;var1=4;var2=1;var3=92210;var4=;var21=3;var22=1;var23=2;var24=3;var25=1;var26=92064;var7=;var8=0;var9=0;var10=0;var11=;var14=;sz=728x90,468x60;ord=9895738230974682[1].htm not found!

Registry entries deleted on Reboot...

Destrio5 · Answer

Essaie de lancer ce fichier :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

maxdunord92 · Answer

J'ai lancé le fichier, un scan s'est lancé mais l'ordinateur a redémarré et windows me met qu'il a récupéré d'une erreur sérieuse.

Destrio5 · Answer

---> Télécharge Gmer sur ton Bureau.

---> Extrais le contenu de l'archive puis renomme gmer.exe en CCM.exe (Le .exe n'est pas forcément visible).

---> Double-clique sur CCM.exe.

---> Onglet "Rootkit/Malware", clique sur "Scan" puis patiente.

---> En fin de traitement, clique sur "Save..." et enregistre sur ton Bureau "gmer.txt".

---> Double-clique sur "gmer.txt", le rapport apparaît, poste-le.

maxdunord92 · Answer

Dès que je double-clique  sur CCM.exe,l'ordinateur redémarre...

Destrio5 · Answer

D'accord...

--> Télécharge Dr.Web CureIt! sur ton Bureau.
--> Double-clique sur drweb-cureit.exe et clique sur Commencer le scan.
--> Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique sur le bouton Oui pour Tout à l'invite.
--> Lorsque le scan rapide est terminé, clique sur Options > Changer la configuration.
--> Choisis l'onglet Scanner, et décoche Analyse heuristique.
--> De retour à la fenêtre principale : choisis Analyse complète.
--> Clique la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, ferme-la.
--> Clique Oui pour Tout si un fichier est détecté.
--> A la fin du scan, si des infections sont trouvées, clique sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, clique sur Quarantaine.
--> Au menu principal de l'outil, en haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport.
--> Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv.
--> Ferme Dr.Web CureIt!
--> Redémarre ton ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
--> Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

NB : Dr.Web en version gratuite est un scanner à la demande et n'entre pas en conflit avec ton antivirus résident. Tu pourras finalement supprimer Dr.Web à la fin des manipulations.

maxdunord92 · Answer

Voila le rapport de DrWeb


Process.com;C:\Program Files\Ad-remover;Tool.Prockill;;
AD-R.exe\data026;C:\Program Files\Ad-remover\BACKUP\AD-R.exe;Tool.Prockill;;
AD-R.exe;C:\Program Files\Ad-remover\BACKUP;Conteneur comporte des objets infectés;Quarantaine.;
msimg32.dll.vir;C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINDOW~4\MESSEN~1;Adware.MyWebSearch.6;;
riched20.dll.vir;C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\WINDOW~4\MESSEN~1;Adware.MyWebSearch.8;;
A0000118.dll;C:\System Volume Information\_restore{B86DAC31-1CDE-412E-9DD0-902FA2599F83}\RP1;Adware.MyWebSearch.8;;
A0000119.dll;C:\System Volume Information\_restore{B86DAC31-1CDE-412E-9DD0-902FA2599F83}\RP1;Adware.MyWebSearch.6;;
A0015023.exe\data026;C:\System Volume Information\_restore{B86DAC31-1CDE-412E-9DD0-902FA2599F83}\RP43\A0015023.exe;Tool.Prockill;;
A0015023.exe;C:\System Volume Information\_restore{B86DAC31-1CDE-412E-9DD0-902FA2599F83}\RP43;Conteneur comporte des objets infectés;Quarantaine.;
gibidl.dll;C:\_OTM\MovedFiles\09212009_181056\Program Files\Winsudate;Adware.Gibmedia;;

Destrio5 · Answer

--> Refais un scan RSIT et poste le rapport log.

maxdunord92 · Answer

voila le rapport RSIT


Logfile of random's system information tool 1.06 (written by random/random)
Run by Maxime at 2009-09-24 18:36:46
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 102 GB (66%) free of 153 GB
Total RAM: 1791 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:36:52, on 24/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32
vsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\InterVideo\DVD5R\SchSvr.exe
C:\Program Files\Philips\Philips SPC220NC Webcam\TrayMin220.exe
C:\Documents and Settings\Maxime\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Maxime\Bureau\autres icones\RSIT.exe
C:\Documents and Settings\Maxime\Mes documents\Téléchargements\Maxime.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LiveMonitor] C:\Program Files\MSI\Live Update 3\LMonitor.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe"  /autorun
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\DOCUME~1\Maxime\LOCALS~1\Temp\E_S119.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Maxime\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: InterVideo Scheduler server.lnk = C:\Program Files\InterVideo\DVD5R\SchSvr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: play2p.lnk = C:\Program Files\play2p\play2p.exe
O4 - Global Startup: TrayMin220.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate1c9f33d686aa190) (gupdate1c9f33d686aa190) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

Destrio5 · Answer

Tu as toujours deux antivirus, il faut en retirer un.

Le PC va comment ?

Home antivirus 2010

44 réponses

Discussions similaires