Infection Total Security
SYBE
-
XaTon Messages postés 2160 Statut Membre -
XaTon Messages postés 2160 Statut Membre -
Bonjour,
Comme beaucoup en ce moment j'ai choppé ce mauvais rogue. (Total security)
Ci-dessous se trouve le rapport de mon scan. J'ai grandement besoin de mon pc en ce moment mais là tout devient compliquer
y a t'il un helper qui puisse me donner un coup de main.
http://www.cijoint.fr/cjlink.php?file=cj200908/cijE1cwvzx.txt
Merci d'avance
Comme beaucoup en ce moment j'ai choppé ce mauvais rogue. (Total security)
Ci-dessous se trouve le rapport de mon scan. J'ai grandement besoin de mon pc en ce moment mais là tout devient compliquer
y a t'il un helper qui puisse me donner un coup de main.
http://www.cijoint.fr/cjlink.php?file=cj200908/cijE1cwvzx.txt
Merci d'avance
A voir également:
- Infection Total Security
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Total uninstall - Télécharger - Divers Utilitaires
- 360 total security - Télécharger - Antivirus & Antimalwares
- Total video converter - Télécharger - Conversion & Codecs
- Formule total excel - Guide
8 réponses
Hello ,
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
• Double-clique sur RSIT.exe afin de lancer RSIT.
• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
• Poste le contenu de log.txt .
• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Salut !
Fait ceci
~~~~~~~~~~~~~~> Malwarebytes <~~~~~~~~~~~~~~~~~~~
- Télécharger Malwarebytes
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller
Fait ceci
~~~~~~~~~~~~~~> Malwarebytes <~~~~~~~~~~~~~~~~~~~
- Télécharger Malwarebytes
- Enregistre le sur le bureau
- Double clique sur le fichier téléchargé pour lancer le processus d’installation
- Lorsqu’il te le sera demandé, mets à jour Malwarebytes anti malware
- Si le pare-feu demande l’autorisation de se connecter pour malwarebytes, acceptes
- Une fois la mise à jour terminée, ferme Malwarebytes
- Double-clique sur l’icône de malwarebytes pour le relancer
- Dans l’onglet, Recherche, probablement ouvert par défaut,
- Sélectionne Exécuter un examen complet
- Clique sur Rechercher
- Le scan démarre
- A la fin de l’analyse, un message s’affiche : L’examen s’est terminé normalement. Cliquez sur ‘Afficher les résultats’ pour afficher tous les objets trouvés.
- Clique sur Ok pour poursuivre.
- Si des malwares ont été détectés, cliques sur Afficher les résultats
- Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
- Malwarebytes va ouvrir le bloc-notes et y copier le rapport d’analyse.
- Rends toi dans l’onglet rapport/log
- Tu clique dessus pour l’afficher.
- Une fois affiché, cliques sur édition en haut du bloc notes, et puis sur sélectionner tout
- Tu recliques sur édition et puis sur copier et tu reviens sur le forum et dans ta réponse
- Tu clique droit dans le cadre de la réponse et coller
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Tu est sur Chiquitine29 .
Je peut te le laisser , moi no problemo
;-)
Je peut te le laisser , moi no problemo
;-)
Le Scan est enfin terminé, voici ci-dessous le rapport
J'attends de tes news
Merci
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2688
Windows 5.1.2600 Service Pack 2 (Safe Mode)
24/08/2009 18:40:33
mbam-log-2009-08-24 (18-40-33).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 185834
Temps écoulé: 22 minute(s), 46 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 87
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2373055-f4fa-46a6-aa34-6f24a28247e9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f2373055-f4fa-46a6-aa34-6f24a28247e9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3794345d-c731-4fbb-8471-73ddc8dffdd2} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{96edcf67-4637-4288-9a0d-4282ebf26d62} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13e3ff74-b861-4e69-b223-43d711686832} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de85a67a-3f04-4aba-a10b-a37b220afb70} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemsecurity2009 (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.bapg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10595934.bak (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowshive (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pdoskegl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rqbmvpso (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (https://laptopadviser.com/malware-removal/ Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://laptopadviser.com/malware-removal/{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
D:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\Program Files\LuckyTender\1.3.0 (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\912525 (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Menu Démarrer\Programmes\Total Security (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
D:\WINDOWS\system32\diteriga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\agiretid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jolefayu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uyafeloj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kesekepe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\epekesek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nusoyeta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ateyosun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\popujubi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ibujupop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wehebopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\apobehew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yetevato.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\otavetey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\Program Files\LuckyTender\1.3.0\LuckyTender.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Local Settings\Temp\RarSFX2\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\G12ZOP2Z\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\biyjvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\buzalevu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\cmsgxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\davagadu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dezubebo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\fapavifa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gomuzidi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gorumiba.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\goyukuyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hejapive.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jalakemo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jegulufo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jijawomu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kamujibi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kufoluru.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lasefoye.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mfcmckif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\niretetu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nvauabpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pavogare.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pimimoso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pinapuwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pohuzowo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\popafivo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\popinoje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\poyiyele.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ramuzovi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rehotiza.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\remowoka.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\retegefu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\roveyala.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rvypbods.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\skcubspu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sugemeha.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tebudati.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uvqexufx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wdkrms.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wigenupa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wimesabi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xmnsvmws.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yejedotu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yodedafi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yojonaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yonugese.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Menu Démarrer\Programmes\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\10595934.bak (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\10595934.bak.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\pc10595934.bakins (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\pc10595934ins (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Mes documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rpcc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\zewewegi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\wpv101251053173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\wpv421250826839.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\wpv671251033318.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
J'attends de tes news
Merci
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2688
Windows 5.1.2600 Service Pack 2 (Safe Mode)
24/08/2009 18:40:33
mbam-log-2009-08-24 (18-40-33).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 185834
Temps écoulé: 22 minute(s), 46 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 30
Valeur(s) du Registre infectée(s): 8
Elément(s) de données du Registre infecté(s): 7
Dossier(s) infecté(s): 5
Fichier(s) infecté(s): 87
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2373055-f4fa-46a6-aa34-6f24a28247e9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f2373055-f4fa-46a6-aa34-6f24a28247e9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\slidershow.slidershowctrl.1 (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3794345d-c731-4fbb-8471-73ddc8dffdd2} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{96edcf67-4637-4288-9a0d-4282ebf26d62} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{13e3ff74-b861-4e69-b223-43d711686832} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de85a67a-3f04-4aba-a10b-a37b220afb70} (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\systemsecurity2009 (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.bapg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\qalkfxor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinOpts (Trojan.Downloader) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10595934.bak (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windowshive (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\pdoskegl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rqbmvpso (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (https://laptopadviser.com/malware-removal/ Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://laptopadviser.com/malware-removal/{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\(default) (Hijack.Search) -> Bad: (http://windiwsfsearch.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://windiwsfsearch.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
D:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\Program Files\LuckyTender\1.3.0 (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\912525 (Trojan.BHO) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Menu Démarrer\Programmes\Total Security (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934 (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
D:\WINDOWS\system32\diteriga.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\agiretid.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jolefayu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uyafeloj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kesekepe.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\epekesek.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nusoyeta.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ateyosun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\popujubi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ibujupop.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wehebopa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\apobehew.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yetevato.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\otavetey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
D:\Program Files\LuckyTender\1.3.0\LuckyTender.dll (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Local Settings\Temp\RarSFX2\install.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Local Settings\Temporary Internet Files\Content.IE5\G12ZOP2Z\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\biyjvc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\buzalevu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\cmsgxr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\davagadu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\dezubebo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\fapavifa.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gomuzidi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\gorumiba.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\goyukuyu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\hejapive.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jalakemo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jegulufo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\jijawomu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kamujibi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\kufoluru.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lasefoye.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\mfcmckif.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\niretetu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nvauabpe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pavogare.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pimimoso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pinapuwe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\pohuzowo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\popafivo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\popinoje.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\poyiyele.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\ramuzovi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rehotiza.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\remowoka.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\retegefu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\roveyala.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rvypbods.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\skcubspu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\sugemeha.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\tebudati.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\uvqexufx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wdkrms.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wigenupa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\wimesabi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\xmnsvmws.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yejedotu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yodedafi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yojonaso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\yonugese.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Menu Démarrer\Programmes\Total Security\Total Security 2009.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\10595934.bak (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\10595934.bak.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\pc10595934.bakins (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Application Data\10595934\pc10595934ins (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Mes documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\rpcc.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\zewewegi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\wpv101251053173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\wpv421250826839.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Temp\wpv671251033318.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\Documents and Settings\Sylvain\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:08, on 24/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre1.5.0\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.5.0\bin\jucheck.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
D:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Documents and Settings\Sylvain\Bureau\utorrent.exe
D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_watchop.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Sylvain\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://laptopadviser.com/malware-removal/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://laptopadviser.com/malware-removal/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {41D1739E-CFC7-4D2C-BA3B-D83EFC93229F} - (no file)
O2 - BHO: (no name) - {6072E03F-71A9-46BB-91D6-8FBB03B819DB} - (no file)
O2 - BHO: (no name) - {AA07AB89-C261-463E-B847-A09A99310F17} - D:\WINDOWS\system32\tuvWMfcy.dll (file missing)
O2 - BHO: (no name) - {BA49CC9F-9CDE-4C01-BB29-B1BEF2A4EAC6} - (no file)
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - D:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: (no name) - {D22D0123-B38D-4A47-A8F3-83CFA0E8AD84} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - D:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "D:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusKeeper] D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater] "D:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [gabofelesi] Rundll32.exe "D:\WINDOWS\system32\tusihivi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = D:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: d:\windows\system32\yayutoto.dll d:\windows\system32\yemopego.dll D:\WINDOWS\system32\pawehuhe.dll d:\windows\system32\hulahake.dll
O20 - Winlogon Notify: fccdEuvw - D:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - D:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - D:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:08, on 24/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Java\jre1.5.0\bin\jusched.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Java\jre1.5.0\bin\jucheck.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\CTSvcCDA.EXE
D:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
D:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
D:\PROGRA~1\MICROS~3\rapimgr.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Spyware Terminator\sp_rsser.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Documents and Settings\Sylvain\Bureau\utorrent.exe
D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_watchop.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Sylvain\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://laptopadviser.com/malware-removal/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://laptopadviser.com/malware-removal/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://laptopadviser.com/malware-removal/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {41D1739E-CFC7-4D2C-BA3B-D83EFC93229F} - (no file)
O2 - BHO: (no name) - {6072E03F-71A9-46BB-91D6-8FBB03B819DB} - (no file)
O2 - BHO: (no name) - {AA07AB89-C261-463E-B847-A09A99310F17} - D:\WINDOWS\system32\tuvWMfcy.dll (file missing)
O2 - BHO: (no name) - {BA49CC9F-9CDE-4C01-BB29-B1BEF2A4EAC6} - (no file)
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - D:\Program Files\Applications\iebt.dll (file missing)
O2 - BHO: (no name) - {D22D0123-B38D-4A47-A8F3-83CFA0E8AD84} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: qalkfxor - {47B4B5E7-18D6-47EB-AF00-DFF901A8EFF1} - D:\WINDOWS\qalkfxor.dll (file missing)
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "D:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirusKeeper] D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "D:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [AdobeUpdater] "D:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [gabofelesi] Rundll32.exe "D:\WINDOWS\system32\tusihivi.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = D:\Program Files\Realtek\USB Wireless LAN Utility\RtWLan.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: d:\windows\system32\yayutoto.dll d:\windows\system32\yemopego.dll D:\WINDOWS\system32\pawehuhe.dll d:\windows\system32\hulahake.dll
O20 - Winlogon Notify: fccdEuvw - D:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - D:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - D:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - D:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - D:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - D:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe
O24 - Desktop Component 0: Privacy Protection - file:///D:\WINDOWS\privacy_danger\index.htm
Maintenant , fait ceci
~~~~~~~~~~~~~~~> Ad-Remover <~~~~~~~~~~~~~~~~~~~
/!\ Désactive temporairement ton antivirus /!\
Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
> http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
* Lance l'installation avec les paramètres par défaut.
* Double-clique sur le raccourci Ad-Remover sur ton Bureau.
* Choisit ta langue F pour française.
* Au menu principal, choisis l'option S.
/!\ Laisse travailler l'outil /!\
* Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
~~~~~~~~~~~~~~~> Ad-Remover <~~~~~~~~~~~~~~~~~~~
/!\ Désactive temporairement ton antivirus /!\
Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.
> http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
/!\ Déconnecte-toi et ferme toutes applications en cours /!\
* Lance l'installation avec les paramètres par défaut.
* Double-clique sur le raccourci Ad-Remover sur ton Bureau.
* Choisit ta langue F pour française.
* Au menu principal, choisis l'option S.
/!\ Laisse travailler l'outil /!\
* Poste le rapport qui apparaît à la fin.
(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)
(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)
Note :
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
