Total security virus!

stylet26 Messages postés 58 Statut Membre -  
 Albator -
Bonjour,
Depuis ce matin il y a total security qui s'est glisser dans la barre des taches. Maintenant à chaque démarrage il me fait un scan en me disant qu'il y a des virus sur mon ordinateur et qu'il faut acheter total security pour les supprimer. De plus toute les 5 minutes il m'ouvre une fenêtre en me disant: vous avez des virus, voulez vous les supprimer et quand je clic dessus il m'envoie sur un site pour télécharger la version complète et payante de total security.
Comment faire pour s'en débarasser?

Merci d'avance.
A voir également:

24 réponses

  • 1
  • 2
Réponse 1 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Refait un log Hijack
1
Réponse 2 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Bonjour ,

Et encore un

Fait ceci

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

- Telecharger Hijack
>http://www.infos-du-net.com/telecharger/HijackThis.html

Une fois Hijack installer, exécuter le :
- Cliquer sur "Do a system scan and save a logfile"

- Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
- Faire édition / sélectionner tout
- Clic droit / copier

- Poste moi le rapport entier

0
Réponse 3 / 24
stylet26 Messages postés 58 Statut Membre
 
Merci de m'avoir répondu alors voilà le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:28, on 22/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
C:\WINDOWS\system32\ducoovyve.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\LocalService\Application Data\Microsoft\muquassouvoog.exe
C:\Documents and Settings\Emilien\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKLM\..\Run: [15237504] C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
O4 - HKLM\..\Run: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKLM\..\RunServices: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: C-DillaSrv (iuety7o54y02ma) - Unknown owner - C:\Documents and Settings\LocalService\Application Data\Microsoft\kunen.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 4 / 24
stylet26 Messages postés 58 Statut Membre
 
Voilà c'est fait.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 24
stylet26 Messages postés 58 Statut Membre
 
Aidez moi svp!!!

Merci d'avance.
0
Réponse 6 / 24
heatloaf Messages postés 7 Statut Membre
 
je sais ocmment virer ce virus mais a mon avis tu dois le faire a chaque fois que tu allume l'ordinateur jviens de trouver en quelque minute tu fai ctrl Alt Supr / processus et ensuite ya un truc du genre 1545154.exe (jai mis les nombre au hasard) jme suis dit , j'ai pas un exe comme ca j'ai fait terminer le processus le truc s'est enlevé
0
Réponse 7 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Désoler , j'ai du m'absenter

Fait ceci :

~~~~~~~~~~~~~~> Malwarebytes <~~~~~~~~~~~~~~~~~~~


- Télécharger Malwarebytes
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes

- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre

- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller

0
Réponse 8 / 24
stylet26 Messages postés 58 Statut Membre
 
Bon alors j'ai essayé de suivre la réponse de heatloaf et ça marche. Je n'ai pas encore vu si le virus se relançait au démarrage. Le virus disparait. Pour Malwarebytes, je l'avais déjà j'ai fait un scan complet hier et j'ai ensuite supprimer les virus qui m'avaient trouver. Voilà le rapport:

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1749
Windows 5.1.2600 Service Pack 3

22/08/2009 13:47:03
mbam-log-2009-08-22 (13-47-03).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 246261
Temps écoulé: 1 hour(s), 31 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ggxxqq (Adware.Navipromo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Emilien\Local Settings\Application Data\ggxxqq.exe (Adware.Navipromo.H) -> Delete on reboot.
C:\Program Files\BPS\AudioConverterPro\AC.exe (Rogue.BulletProofSpyware) -> Quarantined and deleted successfully.
0
Réponse 9 / 24
stylet26 Messages postés 58 Statut Membre
 
Oui apparemment le virus se relance après le redémarrage du pc.
0
Réponse 10 / 24
stylet26 Messages postés 58 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:27, on 23/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ducoovyve.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilien\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Shareware.Pro-FR Toolbar - {b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - C:\Program Files\Peer2Peer-FR\tbPee1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\Temp\_ex-68.exe
O4 - HKLM\..\Run: [15237504] C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
O4 - HKLM\..\Run: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKLM\..\RunServices: [tiho] C:\WINDOWS\system32\ducoovyve.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Liens de téléchargement avec Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: C-DillaSrv (iuety7o54y02ma) - Unknown owner - C:\WINDOWS\system32\kunen.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
0
Réponse 11 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Ouai , toujours la

Fait ceci

~~~~~~~~~~~~~~> SmitFraudfix <~~~~~~~~~~~~~~~~~~~

Telecharger SmitFraudfix sur ce lien :

> http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

* Place le sur le bureau tu obtiens alors une icône SmitFraudfix avec un triangle jaune.
* Double-cliquez sur l'icone, un nouveau dossier est alors créé.

* Clic sur l'icône SmitFraudfix
* Effectuer l'option 1 ( Recherche )

Note
Une fois, l'option 1 lancée.
Une fenêtre sur fond bleu s'ouvre alors... un message d'informations s'ouvre, appuyez sur une touche pour passer à l'étape suivante.

/!\ Laisse l'analyse ce terminer /!\

_ Une fois le scan terminé, un rapport va s'ouvrir sur le Bloc-Note.
* Clique sur le menu Édition puis Sélectionner tout.
* Puis poste moi le rapport

0
Réponse 12 / 24
stylet26 Messages postés 58 Statut Membre
 
SmitFraudFix v2.423

Rapport fait à 11:15:13.67, 23/08/2009
Executé à partir de C:\Documents and Settings\Emilien\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Temp\_ex-68.exe
C:\Documents and Settings\All Users\Application Data\15237504\15237504.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\ducoovyve.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Emilien\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Emilien


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Emilien\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Emilien\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Emilien\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Google\googletoolbar1.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Thomson ST Remote NDIS Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 10.0.0.138

HKLM\SYSTEM\CCS\Services\Tcpip\..\{07F4178D-87C3-421F-B309-A618862E2CE3}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS1\Services\Tcpip\..\{07F4178D-87C3-421F-B309-A618862E2CE3}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0E2B9D06-2CD6-4E49-B05B-DB2341048280}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\..\{07F4178D-87C3-421F-B309-A618862E2CE3}: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=10.0.0.138


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 13 / 24
XaTon Messages postés 2160 Statut Membre 208
 
Fait ceci :

~~~~~~~~~~~~~~~~> Combofix <~~~~~~~~~~~~~~~~~~~

- Télécharge Combofix

>http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Renomme le pour l’enregistrer sur ton bureau en asdehi
- Double clique combofix.exe qui est devenu asdehi.exe

/!\ Déconnecte toi d'Internet et referme les fenêtres de tous les programmes en cours avant de lancer le scan /!\
/!\ Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares /!\

- Tape sur la touche 1 (Yes) pour démarrer le scan
- Lorsque ComboFix a fini son examen, il annoncera qu'il est en train de préparer le compte rendu

Note :
Ceci peut durer un certain temps, donc surtout sois patient. Si si le Bureau Windows disparaît, ne pas s'inquiéter pas

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un log s'ouvrira, celui ci sera sauvegarder dans C:/ Combofix

/!\ Réactiver la protection en temps réel /!\

- Copie / Colle moi le rapport present dans C:/ Combofix

0
Réponse 14 / 24
stylet26 Messages postés 58 Statut Membre
 
ComboFix 09-08-22.06 - Emilien 23/08/2009 12:13.1.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3070.2546 [GMT 2:00]
Running from: c:\documents and settings\Emilien\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090822-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\15237504
c:\documents and settings\All Users\Application Data\15237504\15237504
c:\documents and settings\All Users\Application Data\15237504\15237504.exe
c:\documents and settings\All Users\Application Data\15237504\pc15237504ins
c:\documents and settings\Emilien\Application Data\BITS
c:\documents and settings\Emilien\Application Data\BITS\BITS.ini
c:\documents and settings\Emilien\Application Data\BITS\DHTTable.dat
c:\documents and settings\Emilien\Application Data\BITS\ProxyList.ini
c:\documents and settings\Emilien\Application Data\BITS\UPnP.ini
c:\documents and settings\Emilien\Application Data\wiaserva.log
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{2B9ED78F-5417-4E26-8956-9D54A6D94469}\install.rdf
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\recycler\S-1-5-21-3605873742-1097865343-2296637568-1003
c:\windows\Installer\7a6ad.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_gaopdxserv.sys
-------\Legacy_NPF
-------\Service_gaopdxserv.sys
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 08:28 . 2009-08-22 10:03 282624 ----a-w- c:\windows\system32\nafa.exe
2009-08-22 17:10 . 2009-08-22 10:03 282624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe
2009-08-22 10:03 . 2009-08-22 10:03 282624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe
2009-08-22 10:03 . 2009-08-22 10:03 282624 ----a-w- c:\windows\system32\ducoovyve.exe
2009-08-21 09:53 . 2009-08-21 09:53 -------- d-----w- c:\documents and settings\Emilien\Application Data\Games
2009-08-21 09:45 . 2009-08-23 09:07 -------- d-----w- c:\program files\Dracula Origin
2009-08-20 09:29 . 2009-08-20 09:37 -------- d-----w- c:\program files\BF2142 Editor
2009-08-20 09:29 . 2009-08-23 09:37 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-20 09:29 . 2009-08-23 09:37 286720 ------w- c:\windows\Setup1.exe
2009-08-19 16:02 . 2009-08-19 16:26 -------- d-----w- C:\Casino
2009-08-17 09:08 . 2009-08-17 09:08 -------- d-----w- c:\program files\Ashampoo
2009-08-15 13:05 . 2009-08-15 13:07 911 ----a-w- c:\windows\eReg.dat
2009-08-15 13:00 . 2009-08-15 13:00 737280 ----a-w- c:\windows\iun6002.exe
2009-08-15 12:31 . 2009-04-23 08:38 982016 ----a-w- c:\windows\system32\Earth_3D_Screensaver.scr
2009-08-15 12:30 . 2009-08-15 12:30 -------- d-----w- c:\documents and settings\Emilien\Application Data\Boost Windows
2009-08-15 12:29 . 2009-08-15 12:30 -------- d-----w- c:\program files\Boost Windows
2009-08-15 12:28 . 2009-04-08 12:39 906752 ----a-w- c:\windows\system32\Haunted_House_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04 894976 ----a-w- c:\windows\system32\Lagoon_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04 10907136 ----a-w- c:\windows\system32\Lagoon 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-21 14:39 32698880 ----a-w- c:\windows\system32\Dutch Windmills 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:10 911872 ----a-w- c:\windows\system32\Dutch_Windmills_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-21 14:40 35133952 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:13 912896 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-08-15 12:26 . 2009-01-22 16:29 19387392 ----a-w- c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2009-08-15 12:26 . 2009-01-20 01:10 902144 ----a-w- c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-20 00:48 448000 ----a-w- c:\windows\system32\The_One_Ring_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-19 23:43 3099648 ----a-w- c:\windows\system32\The One Ring 3D Screensaver.exe
2009-08-15 12:20 . 2009-04-07 14:28 914432 ----a-w- c:\windows\system32\Deep_Space_3D_Screensaver.scr
2009-08-15 12:17 . 2009-08-15 12:21 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2009-08-15 12:17 . 2009-08-15 12:17 -------- d-----w- c:\windows\system32\3Planesoft
2009-08-15 12:17 . 2008-01-09 12:55 454656 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-08-15 12:17 . 2008-01-22 10:22 31378432 ----a-w- c:\windows\system32\Western Railway 3D Screensaver.exe
2009-08-15 12:17 . 2009-08-18 11:43 -------- d-----w- c:\program files\Western Railway 3D Screensaver
2009-08-15 12:17 . 2008-01-23 12:28 847872 ----a-w- c:\windows\system32\Western_Railway_3D_Screensaver.scr
2009-08-13 12:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-13 12:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-13 12:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-13 12:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-13 12:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-13 12:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 12:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-13 12:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-13 12:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-13 11:41 . 2009-08-13 11:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-08-13 11:40 . 2009-08-13 11:40 152576 ----a-w- c:\documents and settings\Emilien\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 11:35 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-07-26 09:01 . 2009-07-26 09:01 -------- d-sh--w- c:\documents and settings\Emilien\UserData
2009-07-25 14:28 . 2009-07-31 13:26 -------- d-----w- c:\program files\Steam

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 17:40 . 2004-08-05 19:00 85114 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-22 17:40 . 2004-08-05 19:00 511074 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-22 17:22 . 2009-05-08 18:33 -------- d-----w- c:\documents and settings\Emilien\Application Data\Skype
2009-08-22 17:22 . 2009-05-08 17:07 -------- d-----w- c:\documents and settings\Emilien\Application Data\skypePM
2009-08-22 11:32 . 2009-01-28 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-22 10:03 . 2009-08-23 10:21 282624 ----a-w- c:\windows\system32\takettuc.exe
2009-08-22 08:53 . 2009-02-10 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 08:38 . 2009-01-11 10:44 -------- d-----w- c:\program files\Electronic Arts
2009-08-20 10:57 . 2009-07-22 13:36 -------- d-----w- c:\program files\EA Games
2009-08-20 10:57 . 2008-12-11 13:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 10:31 . 2009-02-08 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-08-14 15:54 . 2009-02-06 19:51 -------- d-----w- c:\program files\Dream Aquarium
2009-08-13 11:41 . 2008-12-21 13:40 -------- d-----w- c:\program files\Java
2009-08-05 09:00 . 2004-08-05 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 12:08 . 2008-12-21 13:42 1 ----a-w- c:\documents and settings\Emilien\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-31 12:06 . 2009-03-26 16:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 05:35 . 2008-12-20 14:44 -------- d-----w- c:\program files\Ubisoft
2009-07-31 05:29 . 2009-02-07 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-30 18:14 . 2009-05-02 15:30 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-30 18:14 . 2009-05-02 15:30 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 15:03 . 2009-05-08 16:40 -------- d-----w- c:\documents and settings\Emilien\Application Data\Hamachi
2009-07-27 15:03 . 2009-01-31 10:24 -------- d-----w- c:\documents and settings\Emilien\Application Data\DMCache
2009-07-25 15:36 . 2009-01-03 17:46 -------- d-----w- c:\program files\SEGA
2009-07-25 03:23 . 2009-05-07 18:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 15:22 . 2005-07-20 13:05 -------- d-----w- c:\program files\Pyro Studios
2009-07-22 14:27 . 2009-01-31 18:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-22 14:12 . 2009-07-22 13:08 -------- d-----w- c:\program files\GameShadow
2009-07-21 15:13 . 2009-07-21 15:13 8854 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\Uninstall_Imperial_G_C86E3E3F2A7B4E25BB823CBB9C799FA0.exe
2009-07-21 15:13 . 2009-07-21 15:13 10134 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\ARPPRODUCTICON.exe
2009-07-20 17:34 . 2009-07-20 17:34 -------- d-----w- c:\program files\Live-Player
2009-07-20 17:34 . 2009-02-22 19:32 -------- d-----w- c:\documents and settings\Emilien\Application Data\live-player
2009-07-17 19:03 . 2004-08-05 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 07:51 . 2009-07-16 07:51 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Logitech
2009-07-16 05:13 . 2009-02-17 15:50 -------- d-----w- c:\program files\Codemasters
2009-07-15 13:46 . 2009-07-15 13:46 -------- d-----w- c:\documents and settings\Emilien\Application Data\Logitech
2009-07-15 13:38 . 2009-07-15 13:38 -------- d-----w- c:\documents and settings\Emilien\Application Data\Musicmatch
2009-07-15 13:38 . 2009-07-15 13:38 -------- d-----w- c:\program files\MUSICMATCH
2009-07-15 13:37 . 2009-07-15 13:37 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-07-15 13:37 . 2009-07-15 13:37 -------- d-----w- c:\program files\Logitech
2009-07-14 12:18 . 2009-07-14 12:08 -------- d-----w- c:\documents and settings\Emilien\Application Data\Pro Cycling Manager 2009
2009-07-14 11:52 . 2009-06-22 15:43 -------- d-----w- c:\program files\Carnivores 2
2009-07-13 21:43 . 2004-08-05 19:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 18:36 . 2009-01-23 15:04 744 ----a-w- c:\documents and settings\Emilien\Application Data\filterclsid.dat
2009-07-11 15:58 . 2008-12-20 17:37 -------- d-----w- c:\documents and settings\Emilien\Application Data\vlc
2009-07-11 15:57 . 2008-12-22 19:48 -------- d-----w- c:\documents and settings\Emilien\Application Data\dvdcss
2009-07-10 17:41 . 2009-07-10 15:22 -------- d-----w- c:\program files\adslTV
2009-07-10 13:11 . 2009-05-05 18:48 -------- d-----w- c:\program files\Atari
2009-07-10 10:53 . 2008-12-21 07:02 20128 ----a-w- c:\documents and settings\Emilien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:24 . 2008-12-24 09:43 20128 ----a-w- c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 17:03 . 2009-04-26 07:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-07-07 17:02 . 2009-07-07 17:02 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLck.DAT
2009-07-07 17:02 . 2009-07-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Filters
2009-07-07 17:02 . 2009-04-26 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-07-07 17:02 . 2009-04-26 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-07-07 17:02 . 2009-07-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Font Book
2009-07-07 17:00 . 2009-04-26 07:43 -------- d-----w- c:\program files\Fichiers communs\Nikon
2009-07-07 17:00 . 2009-07-07 17:00 -------- d-----w- c:\program files\Nikon
2009-07-07 16:28 . 2009-07-07 16:28 -------- d-----w- c:\program files\DDS Converter 2
2009-07-06 13:04 . 2008-12-22 17:43 -------- d-----w- c:\program files\THQ
2009-07-06 11:13 . 2009-07-06 11:13 49152 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-07-04 15:18 . 2009-07-04 15:18 -------- d-----w- c:\program files\SpicyTools
2009-07-04 15:18 . 2009-07-04 15:18 -------- d-----w- c:\program files\SpicyTools Video Converter 1.0
2009-07-03 17:03 . 2009-02-15 18:42 -------- d-----w- c:\program files\Activision
2009-07-03 17:00 . 2009-07-03 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-03 16:57 . 2004-08-05 19:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-03 16:48 . 2009-04-15 08:16 -------- d-----w- c:\program files\ATI Technologies
2009-07-03 06:51 . 2009-02-16 18:27 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-03 06:42 . 2009-07-03 06:42 -------- d-----w- c:\program files\Alcohol Soft
2009-07-02 08:28 . 2009-05-01 07:28 -------- d-----w- c:\program files\Mount&Blade
2009-06-28 08:06 . 2009-04-19 09:12 -------- d-----w- c:\program files\Free Audio Pack
2009-06-28 07:47 . 2009-06-28 07:47 -------- d-----w- c:\documents and settings\Emilien\Application Data\AccurateRip
2009-06-28 07:47 . 2009-06-28 07:47 -------- d-----w- c:\program files\Illustrate
2009-06-28 07:47 . 2009-06-28 07:47 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-06-28 07:39 . 2009-06-28 07:39 -------- d-----w- c:\program files\BPS
2009-06-28 07:35 . 2009-06-27 13:10 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\program files\NCH Software
2009-06-26 18:06 . 2009-06-21 09:53 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-25 12:44 . 2009-06-25 12:44 -------- d-----w- c:\program files\CCleaner
2009-06-25 08:26 . 2004-08-05 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 19:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 19:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 19:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-05 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 17:18 . 2009-06-21 17:14 78336 ----a-w- c:\windows\pysoft_uninstaller.exe
2009-06-21 17:03 . 2009-06-21 17:03 5917662 ----a-w- c:\windows\system32\combat_tyrannosaures.dat
2009-06-21 17:03 . 2009-06-21 17:03 1880064 ----a-w- c:\windows\system32\combat_tyrannosaures.scr
2009-06-21 10:03 . 2009-06-21 10:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-16 14:40 . 2004-08-05 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-05 19:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-08-05 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-07-04 19:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-07 11:50 . 2009-06-07 11:50 10134 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2008-12-24 15:48 . 2008-12-24 15:48 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-07-08 2215960]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
2009-07-08 14:51 2215960 ----a-w- c:\program files\Peer2Peer-FR\tbPee1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-07-08 2215960]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-07-08 2215960]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2009-03-21 1649600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"tiho"="c:\windows\system32\ducoovyve.exe" [2009-08-22 282624]
"couced"="c:\windows\system32\nafa.exe" [2009-08-22 282624]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"couced"="c:\windows\system32\nafa.exe" [2009-08-22 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" [2007-06-01 16944]

c:\documents and settings\Jonathan\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 23552]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-15 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Atari\\Test drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Documents and Settings\\Emilien\\Mes documents\\no limit megaupload\\RouterClient.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranTranslationProjectManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranFilterEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranDictionaryManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"c:\\Program Files\\Activision\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\kingdoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10210:TCP"= 10210:TCP:BitComet 10210 TCP
"10210:UDP"= 10210:UDP:BitComet 10210 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"53:UDP"= 53:UDP:Promo

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/08/2009 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/08/2009 14:02 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/03/2009 18:52 55152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/12/2008 00:50 38176]
S2 i0iyas9gm;SigmaTel Audio Service;c:\windows\system32\takettuc.exe [23/08/2009 12:21 282624]
S2 iuety7o54y02ma;C-DillaSrv;c:\windows\system32\kunen.exe --> c:\windows\system32\kunen.exe [?]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [15/07/2009 15:37 22497]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PowerBar - (no file)
HKLM-Run-15237504 - c:\documents and settings\All Users\Application Data\15237504\15237504.exe


.
------- Supplementary Scan -------
.
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Emilien\Application Data\Mozilla\Firefox\Profiles\hanfmlgr.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Emilien\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 12:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,c9,71,61,79,7b,bc,eb,6c,c6,b5,29,e0,ab,94,4b,8c,c5,43,b6,f9,dc,17,
3e,f5,28,89,57,99,44,f2,8b,cd,b3,b3,1d,f6,9d,4d,66,0e,fa,29,5d,2c,29,a0,56,\
"??"=hex:84,10,64,32,5a,5a,63,dc,a4,e3,cd,cb,90,35,d7,ef

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\License information*]
"datasecu"=hex:24,31,20,be,24,8a,c1,f8,ea,9c,8d,4f,dd,23,82,72,42,aa,ea,7f,16,
bf,b6,da,44,16,d9,17,32,a6,5f,8a,7b,02,6e,11,af,d5,45,11,fd,36,a6,69,81,34,\
"rkeysecu"=hex:53,b2,60,61,ee,89,20,91,52,c8,67,f6,b9,0e,65,cd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{395529a4-df69-4a83-b062-3eee76affbb3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009c
"Therad"=dword:00000016
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,15,81,e0,2c,90,21,0e,51,28,35,81,46,94,89,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):42,bd,01,f9,8c,19,e6,a6,ab,48,aa,e4,ac,2c,02,71,c4,dd,14,cc,48,
61,c0,f3,6e,a6,56,99,56,61,6c,e1,55,df,18,90,21,8d,e5,3f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,e1,7e,2c,b2,97,eb,a2,e8,58,55,ba,43,64,fe,a0,a9,14,47,e8,ab,
9b,b1,3e,39,d1,6b,6b,e6,a7,57,13,62,9c,e2,ba,4b,2f,47,23,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2eb5bf5-7124-4cee-ba80-d4cd949c2680}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(2484)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\idmmbc.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\nafa.exee
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\system32\nafa.exee
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-08-23 12:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 10:26

Pre-Run: 247 222 980 608 octets libres
Post-Run: 247 399 927 808 octets libres

455 --- E O F --- 2009-08-18 15:58

A un moment quand j'ai redémarrer, le logiciel total security avait disparu mais dès que je suis arrivé sur internet avast à trouvé un virus qu'il n'a pas pu supprimer ni mettre en quarantaine et total security est revenu.
0
Réponse 15 / 24
stylet26
 
???
0
blocnote
 
Après de longues heures,j'ai réussi à éliminé ce virus TOTAL SECURITY de la façon suivante :
démarrer - Tous les programmes - Accessoires - Bloc-notes
copier - coller les 3 lignes suivantes :

del /F /S /Q "C:\Documents and Settings\All Users\Application Data\10729684\10729684.exe"
Rmdir /S /Q "C:\Documents and Settings\All Users\Application Data\10729684"
del /F /S /Q "C:\WINDOWS\system32\drivers\DnsFilter.sys"

Fichier - Enregistrer sous - Bureau
Avec Nom de fichier : DelTotalSecurity

Redémarrer l'ordinateur et avant que toutes les applications démarrent c'est à dire dès que le bureau apparaît cliquer plusieurs fois sur l'icône DelTotalSecurity (il est très important d'agir vite avant que le

10729684.exe démarre son exécution.

Vérifier sous C:\Documents and Settings\All Users\Application Data que le répertoire 10729684 a disparu ainsi que C:\WINDOWS\system32\drivers\DnsFilter.sys

Puis passer MALWAREBYTES avec redémarrage en fin
Ne pas oublier de remettre à jour son anti-virus
Faire une analyse complète avec son anti-virus
un petit coup de CCLEANER

La galère est terminée .... bon courage
0
Réponse 16 / 24
Albator
 
blocnote le répertoire/fichier à numéro est généré aléatoirement, il est donc différent sur chaque Pc infecté.
Vous proposé : .......\Application Data\10729684
Pour stylet26 c'est ce répertoire/fichier : ......\Application Data\15237504
0
blocnote
 
OK j'affine la procédure
0
Réponse 17 / 24
Albator
 
stylet26 faites ces procédures..

• Sélectionnez le contenu de ce qu'ils y a entre les lignes pointillés =
========================================================= 
File::
c:\windows\system32\nafa.exe 
c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe 
c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe 
c:\windows\system32\ducoovyve.exe 
c:\windows\iun6002.exe 
c:\windows\system32\takettuc.exe 
c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\ikowin32.exe

registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-

=========================================================

• Copiez le texte sélectionné (CTRL+C).
• Ouvrez le Bloc-notes (Menu Démarrer -> Tout les programmes -> Accessoires ..).
• Collez le texte copié dans ce Bloc-notes (CTRL+V).
• Sauvegarder sur votre Bureau ce fichier sous le nom de CFScript.txt

Désactiver votre antivirus et tout logiciels de protection.

• Par un clic glisser/déposer le fichier CFScript.txt sur l’icône ComboFix sur votre Bureau.
Telque sur cette image --> http://img530.imageshack.us/img530/204/cfscriptdd4.gif

>> Un "pop-up" va apparaître qui dit que "la version ComboFix est utilisé à vos risques et avec aucune garantie..".
• Acceptez en cliquant sur "Oui"

>> Une fenêtre bleue va apparaître avec le message : Type 1 to continue, or 2 to abort ,
• Entrez 1 et validez.
>>> Patientez le temps du scan. <<<
Le Bureau va disparaître à plusieurs reprises : c'est normal!

>> Après le scan, il est possible que ComboFix ait besoin de redémarrer le PC,
• Laissez-le aller.

>> Une fois complèté, un rapport va s'afficher.
Postez le contenu de ce rapport (C:\ComboFix.txt ).

Réactiver votre antivirus et autre protection. <gras>
_________________________________________________________________________

<gras>Téléchargezsur votre bureau Ad-Remover ( C_XX) : http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/|\ Désactiver votre antivirus.

• Installez Ad-remover (un raccourci sera créé sur le bureau),
• Lancer le raccourci de Ad-remover,
• Sélectionner la langue, F --> Entrée,
• Déconnectez-vous, quittez les applications ouvertes..
• Sélectionner [L. Lancer le nettoyage],
>> Laisser le aller,
• Lorsque le scan sera complété appuyez sur une touche pour ouvrir le rapport
Postez le rapport (C:\Ad-Report-SCAN.log).

/|\ Réactivez votre antivirus.

_________________________________________________________________________

Téléchargez Malwarebytes : http://www.malwarebytes.org/mbam.php
• Lancez l'installation,
• Dans [Settings] vous pouvez mettre en Français.
• Faites la mise à jours de Malwarebytes.
• Dans [Recherche] sélectionnez [Exécuter un examen Complet],
• Après le scan, appuyer sur >>>>> [Supprimer la sélection].
>> Redémarrer si nécessaire..
Postez le rapport de Malwarebytes.
_________________________________________________________________________

Téléchargez sur votre bureau RSIT (de random/random) : http://images.malwareremoval.com/random/RSIT.exe
• Double cliquez sur RSIT.exe,
• Appuyez sur [Continue] à l'écran « Disclaimer »,
• RSIT téléchargera HijackThis (s’il n’est pas installé) -> acceptez la licence,
>> le rapport Log.txt va s'ouvrir à l'écran..
>> Postez ce rapport Log.txt (C:\RSIT\log.txt)
0
Réponse 18 / 24
Albator
 
re,

Si vous pouvez rajoutez ceci >> c:\windows\system32\kunen.exe << de suite après File::

comme cela :

File::
c:\windows\system32\kunen.exe
c:\windows\system32\nafa.exe <-- et laisser les aute lignes tels quelles
..
0
Réponse 19 / 24
stylet26 Messages postés 58 Statut Membre
 
Voilà celui de combofix:


ComboFix 09-08-24.05 - Emilien 25/08/2009 7:28.2.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.3070.2518 [GMT 2:00]
Running from: c:\documents and settings\Emilien\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Emilien\Bureau\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090824-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\ikowin32.exe"
"c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe"
"c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe"
"c:\windows\iun6002.exe"
"c:\windows\system32\ducoovyve.exe"
"c:\windows\system32\kunen.exe"
"c:\windows\system32\nafa.exe"
"c:\windows\system32\takettuc.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\14465154
c:\documents and settings\All Users\Application Data\14465154\14465154
c:\documents and settings\All Users\Application Data\14465154\14465154.exe
c:\documents and settings\All Users\Application Data\14465154\pc14465154ins
c:\documents and settings\Emilien\Application Data\wiaserva.log
c:\documents and settings\LocalService\Application Data\Microsoft\ducoovyve.exe
c:\documents and settings\LocalService\Application Data\Microsoft\kunen.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\iun6002.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\ducoovyve.exe
c:\windows\system32\kunen.exe
c:\windows\system32\nafa.exe
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\takettuc.exe
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf
-------\Legacy_i0iyas9gm
-------\Legacy_iuety7o54y02ma
-------\Service_i0iyas9gm
-------\Service_iuety7o54y02ma


((((((((((((((((((((((((( Files Created from 2009-07-25 to 2009-08-25 )))))))))))))))))))))))))))))))
.

2009-08-24 04:59 . 2009-08-22 10:03 282624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\takettuc.exe
2009-08-23 12:31 . 2009-08-23 12:31 -------- d-----w- c:\program files\System Requirements Lab BETA
2009-08-23 12:30 . 2009-08-23 12:30 137728 ----a-w- c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_d.dll
2009-08-23 12:30 . 2009-08-23 12:30 137728 ----a-w- c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_c.dll
2009-08-23 12:30 . 2009-08-23 12:30 137728 ----a-w- c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_b.dll
2009-08-23 12:30 . 2009-08-23 12:30 137728 ----a-w- c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA\SRLProxy_srl_4_1_1_0_a.dll
2009-08-23 12:30 . 2009-08-23 12:30 -------- d-----w- c:\documents and settings\Emilien\Application Data\System Requirements Lab BETA
2009-08-23 11:42 . 2009-08-22 10:03 282624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\nafa.exe
2009-08-23 10:21 . 2009-08-22 10:03 282624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\muquassouvoog.exe
2009-08-21 09:53 . 2009-08-21 09:53 -------- d-----w- c:\documents and settings\Emilien\Application Data\Games
2009-08-21 09:45 . 2009-08-23 09:07 -------- d-----w- c:\program files\Dracula Origin
2009-08-20 09:29 . 2009-08-20 09:37 -------- d-----w- c:\program files\BF2142 Editor
2009-08-20 09:29 . 2009-08-23 09:37 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-08-20 09:29 . 2009-08-23 09:37 286720 ------w- c:\windows\Setup1.exe
2009-08-19 16:02 . 2009-08-19 16:26 -------- d-----w- C:\Casino
2009-08-17 09:08 . 2009-08-17 09:08 -------- d-----w- c:\program files\Ashampoo
2009-08-15 13:05 . 2009-08-15 13:07 911 ----a-w- c:\windows\eReg.dat
2009-08-15 12:31 . 2009-04-23 08:38 982016 ----a-w- c:\windows\system32\Earth_3D_Screensaver.scr
2009-08-15 12:30 . 2009-08-15 12:30 -------- d-----w- c:\documents and settings\Emilien\Application Data\Boost Windows
2009-08-15 12:29 . 2009-08-15 12:30 -------- d-----w- c:\program files\Boost Windows
2009-08-15 12:28 . 2009-04-08 12:39 906752 ----a-w- c:\windows\system32\Haunted_House_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04 894976 ----a-w- c:\windows\system32\Lagoon_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-20 01:04 10907136 ----a-w- c:\windows\system32\Lagoon 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-21 14:39 32698880 ----a-w- c:\windows\system32\Dutch Windmills 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:10 911872 ----a-w- c:\windows\system32\Dutch_Windmills_3D_Screensaver.scr
2009-08-15 12:27 . 2009-01-21 14:40 35133952 ----a-w- c:\windows\system32\Snow Village 3D Screensaver.exe
2009-08-15 12:27 . 2009-01-20 01:13 912896 ----a-w- c:\windows\system32\Snow_Village_3D_Screensaver.scr
2009-08-15 12:26 . 2009-01-22 16:29 19387392 ----a-w- c:\windows\system32\Lighthouse Point 3D Screensaver.exe
2009-08-15 12:26 . 2009-01-20 01:10 902144 ----a-w- c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-20 00:48 448000 ----a-w- c:\windows\system32\The_One_Ring_3D_Screensaver.scr
2009-08-15 12:22 . 2009-01-19 23:43 3099648 ----a-w- c:\windows\system32\The One Ring 3D Screensaver.exe
2009-08-15 12:20 . 2009-04-07 14:28 914432 ----a-w- c:\windows\system32\Deep_Space_3D_Screensaver.scr
2009-08-15 12:17 . 2009-08-15 12:21 -------- d-----w- c:\program files\3Planesoft Screensaver Manager
2009-08-15 12:17 . 2009-08-15 12:17 -------- d-----w- c:\windows\system32\3Planesoft
2009-08-15 12:17 . 2008-01-09 12:55 454656 ----a-w- c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2009-08-15 12:17 . 2008-01-22 10:22 31378432 ----a-w- c:\windows\system32\Western Railway 3D Screensaver.exe
2009-08-15 12:17 . 2009-08-18 11:43 -------- d-----w- c:\program files\Western Railway 3D Screensaver
2009-08-15 12:17 . 2008-01-23 12:28 847872 ----a-w- c:\windows\system32\Western_Railway_3D_Screensaver.scr
2009-08-13 12:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-13 12:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-13 12:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-13 12:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-13 12:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-13 12:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-13 12:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-13 12:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-13 12:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-13 11:41 . 2009-08-13 11:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
2009-08-13 11:40 . 2009-08-13 11:40 152576 ----a-w- c:\documents and settings\Emilien\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-13 11:35 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-07-26 09:01 . 2009-07-26 09:01 -------- d-sh--w- c:\documents and settings\Emilien\UserData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-25 05:36 . 2009-08-25 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\11266564
2009-08-25 05:36 . 2009-08-25 05:36 823840 ----a-w- c:\documents and settings\All Users\Application Data\11266564\11266564.exe
2009-08-23 12:23 . 2009-02-10 16:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 17:40 . 2004-08-05 19:00 85114 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-22 17:40 . 2004-08-05 19:00 511074 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-22 17:22 . 2009-05-08 18:33 -------- d-----w- c:\documents and settings\Emilien\Application Data\Skype
2009-08-22 17:22 . 2009-05-08 17:07 -------- d-----w- c:\documents and settings\Emilien\Application Data\skypePM
2009-08-22 11:32 . 2009-01-28 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-08-22 08:38 . 2009-01-11 10:44 -------- d-----w- c:\program files\Electronic Arts
2009-08-20 10:57 . 2009-07-22 13:36 -------- d-----w- c:\program files\EA Games
2009-08-20 10:57 . 2008-12-11 13:53 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 10:31 . 2009-02-08 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Test Drive Unlimited
2009-08-14 15:54 . 2009-02-06 19:51 -------- d-----w- c:\program files\Dream Aquarium
2009-08-13 11:41 . 2008-12-21 13:40 -------- d-----w- c:\program files\Java
2009-08-05 09:00 . 2004-08-05 19:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 13:26 . 2009-07-25 14:28 -------- d-----w- c:\program files\Steam
2009-07-31 12:08 . 2008-12-21 13:42 1 ----a-w- c:\documents and settings\Emilien\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-07-31 12:06 . 2009-03-26 16:52 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-31 05:35 . 2008-12-20 14:44 -------- d-----w- c:\program files\Ubisoft
2009-07-31 05:29 . 2009-02-07 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-30 18:14 . 2009-05-02 15:30 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-30 18:14 . 2009-05-02 15:30 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-27 15:03 . 2009-05-08 16:40 -------- d-----w- c:\documents and settings\Emilien\Application Data\Hamachi
2009-07-27 15:03 . 2009-01-31 10:24 -------- d-----w- c:\documents and settings\Emilien\Application Data\DMCache
2009-07-25 15:36 . 2009-01-03 17:46 -------- d-----w- c:\program files\SEGA
2009-07-25 03:23 . 2009-05-07 18:51 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-23 15:22 . 2005-07-20 13:05 -------- d-----w- c:\program files\Pyro Studios
2009-07-22 14:27 . 2009-01-31 18:42 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-22 14:12 . 2009-07-22 13:08 -------- d-----w- c:\program files\GameShadow
2009-07-21 15:13 . 2009-07-21 15:13 8854 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\Uninstall_Imperial_G_C86E3E3F2A7B4E25BB823CBB9C799FA0.exe
2009-07-21 15:13 . 2009-07-21 15:13 10134 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C86E3E3F-2A7B-4E25-BB82-3CBB9C799FA0}\ARPPRODUCTICON.exe
2009-07-20 17:34 . 2009-07-20 17:34 -------- d-----w- c:\program files\Live-Player
2009-07-20 17:34 . 2009-02-22 19:32 -------- d-----w- c:\documents and settings\Emilien\Application Data\live-player
2009-07-17 19:03 . 2004-08-05 19:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 07:51 . 2009-07-16 07:51 -------- d-----w- c:\documents and settings\Jonathan\Application Data\Logitech
2009-07-16 05:13 . 2009-02-17 15:50 -------- d-----w- c:\program files\Codemasters
2009-07-15 13:46 . 2009-07-15 13:46 -------- d-----w- c:\documents and settings\Emilien\Application Data\Logitech
2009-07-15 13:38 . 2009-07-15 13:38 -------- d-----w- c:\documents and settings\Emilien\Application Data\Musicmatch
2009-07-15 13:38 . 2009-07-15 13:38 -------- d-----w- c:\program files\MUSICMATCH
2009-07-15 13:37 . 2009-07-15 13:37 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-07-15 13:37 . 2009-07-15 13:37 -------- d-----w- c:\program files\Logitech
2009-07-14 12:18 . 2009-07-14 12:08 -------- d-----w- c:\documents and settings\Emilien\Application Data\Pro Cycling Manager 2009
2009-07-14 11:52 . 2009-06-22 15:43 -------- d-----w- c:\program files\Carnivores 2
2009-07-13 21:43 . 2004-08-05 19:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-12 18:36 . 2009-01-23 15:04 744 ----a-w- c:\documents and settings\Emilien\Application Data\filterclsid.dat
2009-07-11 15:58 . 2008-12-20 17:37 -------- d-----w- c:\documents and settings\Emilien\Application Data\vlc
2009-07-11 15:57 . 2008-12-22 19:48 -------- d-----w- c:\documents and settings\Emilien\Application Data\dvdcss
2009-07-10 17:41 . 2009-07-10 15:22 -------- d-----w- c:\program files\adslTV
2009-07-10 13:11 . 2009-05-05 18:48 -------- d-----w- c:\program files\Atari
2009-07-10 10:53 . 2008-12-21 07:02 20128 ----a-w- c:\documents and settings\Emilien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 07:24 . 2008-12-24 09:43 20128 ----a-w- c:\documents and settings\Jonathan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 17:03 . 2009-04-26 07:42 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-07-07 17:02 . 2009-07-07 17:02 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLck.DAT
2009-07-07 17:02 . 2009-07-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Filters
2009-07-07 17:02 . 2009-04-26 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2009-07-07 17:02 . 2009-04-26 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2009-07-07 17:02 . 2009-07-07 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Font Book
2009-07-07 17:00 . 2009-04-26 07:43 -------- d-----w- c:\program files\Fichiers communs\Nikon
2009-07-07 17:00 . 2009-07-07 17:00 -------- d-----w- c:\program files\Nikon
2009-07-07 16:28 . 2009-07-07 16:28 -------- d-----w- c:\program files\DDS Converter 2
2009-07-06 13:04 . 2008-12-22 17:43 -------- d-----w- c:\program files\THQ
2009-07-06 11:13 . 2009-07-06 11:13 49152 ----a-r- c:\documents and settings\Emilien\Application Data\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe
2009-07-04 15:18 . 2009-07-04 15:18 -------- d-----w- c:\program files\SpicyTools
2009-07-04 15:18 . 2009-07-04 15:18 -------- d-----w- c:\program files\SpicyTools Video Converter 1.0
2009-07-03 17:03 . 2009-02-15 18:42 -------- d-----w- c:\program files\Activision
2009-07-03 17:00 . 2009-07-03 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-07-03 16:57 . 2004-08-05 19:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-03 16:48 . 2009-04-15 08:16 -------- d-----w- c:\program files\ATI Technologies
2009-07-03 06:51 . 2009-02-16 18:27 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-03 06:42 . 2009-07-03 06:42 -------- d-----w- c:\program files\Alcohol Soft
2009-07-02 08:28 . 2009-05-01 07:28 -------- d-----w- c:\program files\Mount&Blade
2009-06-28 08:06 . 2009-04-19 09:12 -------- d-----w- c:\program files\Free Audio Pack
2009-06-28 07:47 . 2009-06-28 07:47 -------- d-----w- c:\documents and settings\Emilien\Application Data\AccurateRip
2009-06-28 07:47 . 2009-06-28 07:47 -------- d-----w- c:\program files\Illustrate
2009-06-28 07:47 . 2009-06-28 07:47 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-06-28 07:39 . 2009-06-28 07:39 -------- d-----w- c:\program files\BPS
2009-06-28 07:35 . 2009-06-27 13:10 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-27 13:11 . 2009-06-27 13:11 -------- d-----w- c:\program files\NCH Software
2009-06-26 18:06 . 2009-06-21 09:53 -------- d-----w- c:\program files\GameSpy Arcade
2009-06-25 08:26 . 2004-08-05 19:00 736768 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2004-08-05 19:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2004-08-05 19:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2004-08-05 19:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2004-08-05 19:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2004-08-05 19:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-05 19:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-21 17:18 . 2009-06-21 17:14 78336 ----a-w- c:\windows\pysoft_uninstaller.exe
2009-06-21 17:03 . 2009-06-21 17:03 5917662 ----a-w- c:\windows\system32\combat_tyrannosaures.dat
2009-06-21 17:03 . 2009-06-21 17:03 1880064 ----a-w- c:\windows\system32\combat_tyrannosaures.scr
2009-06-21 10:03 . 2009-06-21 10:03 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-16 14:40 . 2004-08-05 19:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 19:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-05 19:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-08-05 19:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2005-07-04 19:01 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 19:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-06-07 17:00 . 2009-06-07 17:00 207872 ----a-w- c:\documents and settings\Emilien\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2008-12-24 15:48 . 2008-12-24 15:48 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-23_10.21.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-25 05:36 . 2009-08-25 05:36 19456 c:\windows\Temp\wpv461250826839.exe
+ 2009-08-25 05:34 . 2009-08-25 05:34 16384 c:\windows\Temp\Perflib_Perfdata_640.dat
+ 2009-08-25 05:08 . 2009-08-25 05:08 16384 c:\windows\Temp\Perflib_Perfdata_524.dat
+ 2009-08-25 05:34 . 2009-08-25 05:34 16384 c:\windows\Temp\Perflib_Perfdata_1e0.dat
+ 2009-08-23 12:31 . 2009-08-23 12:31 19456 c:\windows\Installer\2df277.msi
+ 2009-08-25 05:36 . 2009-08-25 05:36 154790 c:\windows\Temp\wpv061251033318.exe
+ 2009-08-25 05:36 . 2009-08-25 05:36 401920 c:\windows\Temp\_ex-08.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-07-08 2215960]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-05-20 177464]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
2009-07-08 14:51 2215960 ----a-w- c:\program files\Peer2Peer-FR\tbPee1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-05-20 12:36 1258808 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B00F3D7D-ECAD-4A3B-BCF7-BA5FC1FD0F8D}"= "c:\program files\Peer2Peer-FR\tbPee1.dll" [2009-07-08 2215960]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-05-20 1258808]

[HKEY_CLASSES_ROOT\clsid\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2009-03-21 1649600]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-05 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-05-20 111928]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-05-20 98304]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"11266564"="c:\documents and settings\All Users\Application Data\11266564\11266564.exe" [2009-08-25 823840]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-12-20 16860672]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-05-20 28160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"NeroHomeFirstStart"="c:\program files\Fichiers communs\Ahead\Lib\NMFirstStart.exe" [2007-06-01 16944]

c:\documents and settings\Jonathan\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\Emilien\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2008-4-13 23552]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-15 450560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=
"c:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Atari\\Test drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Documents and Settings\\Emilien\\Mes documents\\no limit megaupload\\RouterClient.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranTranslationProjectManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranFilterEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=
"c:\\Program Files\\SYSTRAN\\6\\SystranDictionaryManager.exe"=
"c:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"c:\\Program Files\\Activision\\X-Men Origins - Wolverine(TM)\\Binaries\\Wolverine.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\kingdoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe"=
"c:\\Program Files\\Activision\\Prototype\\prototypef.exe"=
"c:\\Program Files\\Pyro Studios\\Imperial Glory\\ImperialGlory.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\empire total war demo\\Empire.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\Temp\\_ex-08.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10210:TCP"= 10210:TCP:BitComet 10210 TCP
"10210:UDP"= 10210:UDP:BitComet 10210 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"53:UDP"= 53:UDP:Promo

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [06/12/2005 17:11 35328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/08/2009 14:02 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/08/2009 14:02 20560]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26/03/2009 18:52 55152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/12/2008 00:50 38176]
S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 LHidPPKE;Logitech SetPoint HID Function Driver;c:\windows\system32\drivers\LHidPPKE.Sys [15/07/2009 15:37 22497]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-tiho - c:\windows\system32\ducoovyve.exe
HKLM-Run-couced - c:\windows\system32\nafa.exe
HKLM-Run-14465154 - c:\documents and settings\All Users\Application Data\14465154\14465154.exe


.
------- Supplementary Scan -------
.
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Liens de téléchargement avec Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
LSP: c:\windows\system32\idmmbc.dll
FF - ProfilePath - c:\documents and settings\Emilien\Application Data\Mozilla\Firefox\Profiles\hanfmlgr.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\Emilien\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - plugin: c:\program files\Opera\program\plugins\NPMetaStream3.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 07:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:08,c9,71,61,79,7b,bc,eb,6c,c6,b5,29,e0,ab,94,4b,8c,c5,43,b6,f9,dc,17,
3e,f5,28,89,57,99,44,f2,8b,cd,b3,b3,1d,f6,9d,4d,66,0e,fa,29,5d,2c,29,a0,56,\
"??"=hex:84,10,64,32,5a,5a,63,dc,a4,e3,cd,cb,90,35,d7,ef

[HKEY_USERS\S-1-5-21-2183762552-1457200377-2593566968-1007\Software\SecuROM\License information*]
"datasecu"=hex:24,31,20,be,24,8a,c1,f8,ea,9c,8d,4f,dd,23,82,72,42,aa,ea,7f,16,
bf,b6,da,44,16,d9,17,32,a6,5f,8a,7b,02,6e,11,af,d5,45,11,fd,36,a6,69,81,34,\
"rkeysecu"=hex:53,b2,60,61,ee,89,20,91,52,c8,67,f6,b9,0e,65,cd

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{395529a4-df69-4a83-b062-3eee76affbb3}]
@Denied: (Full) (Everyone)
"Model"=dword:0000009c
"Therad"=dword:00000016
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,15,81,e0,2c,90,21,0e,51,28,35,81,46,94,89,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):42,bd,01,f9,8c,19,e6,a6,ab,48,aa,e4,ac,2c,02,71,c4,dd,14,cc,48,
61,c0,f3,6e,a6,56,99,56,61,6c,e1,55,df,18,90,21,8d,e5,3f,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bf,e1,7e,2c,b2,97,eb,a2,e8,58,55,ba,43,64,fe,a0,a9,14,47,e8,ab,
9b,b1,3e,39,d1,6b,6b,e6,a7,57,13,62,9c,e2,ba,4b,2f,47,23,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f2eb5bf5-7124-4cee-ba80-d4cd949c2680}]
@Denied: (Full) (Everyone)
"Model"=dword:0000003b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'Explorer.EXE'(1284)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\idmmbc.dll
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\MSVCP71.dll
c:\program files\Internet Download Manager\IDMIECC.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Internet Download Manager\idmmkb.dll
c:\program files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\windows\Temp\wpv461250826839.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2009-08-25 7:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-25 05:40
ComboFix2.txt 2009-08-23 10:26

Pre-Run: 247 392 120 832 octets libres
Post-Run: 247 288 602 624 octets libres

456 --- E O F --- 2009-08-18 15:58
0
Réponse 20 / 24
stylet26 Messages postés 58 Statut Membre
 
Voici celui de ad Remover:



.
======= RAPPORT D'AD-REMOVER 1.1.4.5_P | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 24/08/2009 à 1:30 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 7:50:16, 25/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
Nom du PC: LOCAL-AA075FB0E | Utilisateur actuel: Emilien
.
Administrateur: Administrateur
N'est pas administrateur: ASPNET
Administrateur: Emilien
N'est pas administrateur: HelpAssistant *Desactive*
N'est pas administrateur: Invité
Administrateur: Jonathan
N'est pas administrateur: SUPPORT_388945a0 *Desactive*
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
HKCR\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
HKCR\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCR\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
HKCR\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
HKCR\MediaPlayer.GraphicsUtils
HKCR\MediaPlayer.GraphicsUtils.1
HKCR\MgMediaPlayer.GifAnimator
HKCR\MgMediaPlayer.GifAnimator.1
HKCR\SWEETIE.IEToolbar
HKCR\SWEETIE.IEToolbar.1
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook
HKCR\SweetIM_URLSearchHook.ToolbarURLSearchHook.1
HKCR\Toolbar3.SWEETIE
HKCR\Toolbar3.SWEETIE.1
HKCR\Typelib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
HKCR\Typelib\{EEE6C35E-6118-11DC-9C72-001320C79847}
HKCR\Typelib\{EEE6C35F-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKCU\Software\SweetIM
HKLM\Software\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
HKLM\Software\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
HKLM\Software\SweetIM
HKLM\Software\Trymedia Systems
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetim
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847}
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\1AC67655DD68F8240B2860F2D511EBD8
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\351716A953E21214898904032EAE2E81
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D19F074C042AD34BAB463D4175A062E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A189D17A469616C4688D23E192996267
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E337925F629CF4C4FB08F3D9674DD839
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Userdata\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\logs
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\update
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\adapter.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\autoupdate.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\logger.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\messages.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\sweetim.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\sweetimapp.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\main_user_config.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\content_update_notification.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\emoticons_shortcut.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_Audibles.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_DisplayPictures.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_SpecialFX.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\lastuse_Winks.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\conf\users\stylet2009@hotmail.fr\user_config.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000100AD.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000100B5.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010814.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010859.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001085D.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001085F.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001086C.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010892.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010893.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0001089A.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108A5.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108A9.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108C2.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108C4.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108E0.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000108F4.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010914.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010926.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010933.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010941.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010947.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010948.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010949.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010952.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010968.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010970.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010972.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010980.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00010996.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000200C9.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0002031F.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00020344.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0002039F.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000203DB.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000203E4.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300A1.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300A5.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300B2.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300CD.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300D7.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000300D8.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0004002B.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000400C3.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00050004.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00050005.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000600DE.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00060137.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00060191.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0006019D.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00060272.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000602C2.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000602D2.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000602FE.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008000B.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008000D.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080011.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080014.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080016.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008001A.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080020.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080023.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080026.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080029.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008003D.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008003F.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080040.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080041.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080042.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080050.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080051.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080052.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080053.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080054.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080056.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008005C.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080061.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080063.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080065.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080071.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080076.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080077.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080084.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080086.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080087.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\0008008F.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080090.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\00080091.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800A3.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800D4.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800DB.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800DC.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800DE.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800E3.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800E5.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800E6.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EA.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EB.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800EC.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800ED.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F1.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F2.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\000800F3.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\01050007.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\02050001.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\02050002.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Messenger\data\contentdb\cache_indx.dat
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM\Toolbars\Internet Explorer\cache\79364243b9dac7ae8d7a0ecd142b9032.toolbar34.xml
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SweetIM
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\SweetIMToolbarData\logs
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\SweetIMToolbarData
/!\ NON SUPPRIMÉ: C:\Program Files\SweetIM\Messenger
C:\Program Files\SweetIM\Toolbars
C:\Program Files\SweetIM\Messenger\default.xml
/!\ NON SUPPRIMÉ: C:\Program Files\SweetIM\Messenger\mgAdaptersProxy.dll
C:\Program Files\SweetIM\Messenger\mgAIMAuto.dll
C:\Program Files\SweetIM\Messenger\mgAIMMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgArchive.dll
C:\Program Files\SweetIM\Messenger\mgcommon.dll
C:\Program Files\SweetIM\Messenger\mgcommunication.dll
C:\Program Files\SweetIM\Messenger\mgconfig.dll
C:\Program Files\SweetIM\Messenger\mgFlashPlayer.dll
C:\Program Files\SweetIM\Messenger\mghooking.dll
C:\Program Files\SweetIM\Messenger\mgICQAuto.dll
C:\Program Files\SweetIM\Messenger\mgICQMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgIEPlayer.dll
C:\Program Files\SweetIM\Messenger\mglogger.dll
C:\Program Files\SweetIM\Messenger\mgMediaPlayer.dll
C:\Program Files\SweetIM\Messenger\mgMsnAuto.dll
C:\Program Files\SweetIM\Messenger\mgMsnMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\mgsimcommon.dll
C:\Program Files\SweetIM\Messenger\mgSweetIM.dll
C:\Program Files\SweetIM\Messenger\mgUpdateSupport.dll
C:\Program Files\SweetIM\Messenger\mgxml_wrapper.dll
C:\Program Files\SweetIM\Messenger\mgYahooAuto.dll
C:\Program Files\SweetIM\Messenger\mgYahooMessengerAdapter.dll
C:\Program Files\SweetIM\Messenger\msvcp71.dll
/!\ NON SUPPRIMÉ: C:\Program Files\SweetIM\Messenger\msvcr71.dll
C:\Program Files\SweetIM\Messenger\resources
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Messenger\resources\images
C:\Program Files\SweetIM\Messenger\resources\images\AudibleButton.png
C:\Program Files\SweetIM\Messenger\resources\images\DisplayPicturesButton.png
C:\Program Files\SweetIM\Messenger\resources\images\EmoticonButton.png
C:\Program Files\SweetIM\Messenger\resources\images\NudgeButton.png
C:\Program Files\SweetIM\Messenger\resources\images\SoundFxButton.png
C:\Program Files\SweetIM\Messenger\resources\images\WinksButton.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer
C:\Program Files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf
C:\Program Files\SweetIM\Toolbars\Internet Explorer\default.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcp71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\msvcr71.dll
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources
C:\Program Files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\about.html
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\find.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\games.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\google.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\help.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\live.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\music.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\news.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\video.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png
/!\ NON SUPPRIMÉ: C:\Program Files\SweetIM
C:\DOCUME~1\Emilien\APPLIC~1\Mozilla\Firefox\Profiles\hanfmlgr.default\searchplugins\sweetim.xml
C:\WINDOWS\Installer\16266c.msi
C:\WINDOWS\Installer\162671.msi
C:\WINDOWS\Prefetch\SWEETIM.EXE-114201E6.pf

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.13 *
.
Nom du profil: hanfmlgr.default (Emilien)
.
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.13");
.
(prefs.js) EFFACÉ: user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q=");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.mode.debug", "false");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"p=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.sweetim.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.live.*/*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://*youtube.com/\" param=\"search_query=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.ebay.*/search/*\" param=\"satitle=\" /><EXTERNAL_SEARCH engine=\"hxxp://*.amazon.com/s/*\" param=\"field-keywords=\" /></TOOLBAR>");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.search.history.capacity", "10");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.simapp_id", "{4C89D670-552B-11DE-9A62-00235465FE47}");
(prefs.js) EFFACÉ: user_pref("sweetim.toolbar.version", "1.0.0.8");
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs : res://ieframe.dll/tabswelcome.htm
.
===================================
.
29257 Octet(s) - C:\Ad-Report-CLEAN.log
.
1 Fichier(s) - C:\DOCUME~1\Emilien\LOCALS~1\Temp
2 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
39 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 7:55:21 | 25/08/2009
.
============== E.O.F ==============
.
0

Discussions similaires

SecurityHealth est a désactiver ou pas au démarrage de W10 Pro 64 ?
Walti55 -
Walti55 -

2 réponses
désinstaller 360 antivirus
xituxo -
bazfile -

9 réponses
Security boot fail lors du démarrage
Steu -
NBK -

4 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse