Sujet Précédent Sujet Suivant

Mirar encore...

nicola-eusèbe -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

Je m'en remest à vous pour me débarrasser de Mirar et StopZilla. Voici mon rapport généré par Toolbar SD
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
BIOS : Ver 1.00PARTTBLP
USER : Sylvain ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 24-08-09|19:01 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Windows\System32\f3PSSavr.scr

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://ici.radio-canada.ca/"
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.ca.acer.yahoo.com"
"Default_Page_URL"="http://fr.ca.acer.yahoo.com"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Recent\Crack_The_Code_B_SCD_0769_01701.lnk
C:\Users\Sylvain\Documents\LACASSE COMMUNICATIONS\S2B COMMUNICATIONS\CONSIGNACTION-2\Campagne Boissons ‚nerg‚tiques\Pub 2 - ‚tudiant\musique\Crack_The_Code_B_SCD_0769_01701.mp3

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 24-08-09|19:01 - Option : [1]

-----------\\ Fin du rapport a 19:01:41,16
Configuration: Windows Vista Internet Explorer 7.0

66 réponses

  • 1
  • 2
  • 3
  • 4
Résumé de la discussion

La suppression de Mirar et StopZilla est examinée via des rapports techniques et des protocoles de nettoyage, avec des outils spécialisés et des scans approfondis du système.
Les échanges listent des composants indésirables tels que MyWebSearch et FunWebProducts, et décrivent des mesures comme la désinstallation des barres d’outils et la suppression des entrées système.
Pour répondre aux infections, la priorité est donnée à la désinstallation d’Ad-Remover, puis à une analyse avec MBAM et enfin à OTM pour éliminer les éléments tenaces.
Une nuance utile est la nécessité éventuelle d’un redémarrage et de la suppression des fichiers temporaires et des entrées de cache dans les profils utilisateur et Program Files.

Généré automatiquement par IA
sur la base des meilleures réponses
Réponse 1 / 66
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
La procédure d'OTM ne sert donc à rien puisque Lop S&D va s'en occuper.
1
Réponse 2 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Bonsoir ,

Fait plutôt ceci :

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

- Telecharger Hijack
>http://www.infos-du-net.com/telecharger/HijackThis.html

Une fois Hijack installer, exécuter le :
- Cliquer sur "Do a system scan and save a logfile"

- Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
- Faire édition / sélectionner tout
- Clic droit / copier

- Poste moi le rapport entier

0
Réponse 3 / 66
nicola-eusèbe
 
Voici mon rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:18, on 24-08-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Sylvain\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Sylvain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M506FAIM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Mirar - {A7AFE4D9-E79B-471C-8664-30695E37CF5B} - C:\Windows\system32\wind078.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Mirar - {A7AFE4D8-E79B-471C-8664-30695E37CF5B} - C:\Windows\system32\wind078.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mpeg Kind] "C:\ProgramData\win multi multi.86dn9t1"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Sylvain\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Infections présente

Fait ceci

~~~~~~~~~~~~~~~> Ad-Remover <~~~~~~~~~~~~~~~~~~~

Relance AD-Remover avec l'option L, poste le rapport.

~~~~~~~~~~~~~~~> OTM <~~~~~~~~~~~~~~~~~~

- Télécharge OTM (de Old_Timer) sur ton Bureau

> http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

- Double-clique sur OTM.exe pour le lancer.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

- Copie la liste qui se trouve dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste instructions for item to be moved. 


:Processes

:files
C:\ProgramData\dvd dead show.b83mmas

:Commands
[purity]
[emptytemp]
[Reboot]


- Clique sur MoveIt! pour lancer la suppression.

- Le résultat apparaitra dans le cadre Results.

- Clique sur Exit pour fermer.

- Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

? Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 66
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
Bonjour,

Il y a une infection Lop/Swizzor. L'utilisation de Lop S&D serait une bonne idée.
0
Réponse 6 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Salut Destrio5

Ok

Il va faire déjà cela

0
Réponse 7 / 66
XaTon Messages postés 2160 Statut Membre 208
 
D'accord , merci du conseil

= )

Donc a la place de OTM , fait ceci :

~~~~~~~~~~~~~~~> Lop S&D <~~~~~~~~~~~~~~~~~~

Téléchargez Lop S&D d'Eric 71 & Angeldark à partir de ce lien

> https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

- Cliquez sur Enregistrer et placez le sur le Bureau

- Une fois le Téléchargement terminé, cliquez sur Fermer
- Double-cliquez sur l'icône pour lancer l'installation

- Acceptez les termes d'utilisation et cliquez sur Suivant
- Cliquez sur Oui pour créer un répertoire

- Double-cliquez sur le nouvel icône placé sur votre bureau pour lancer l'outil

- Choisissez votre langue : dans notre cas, ce sera Français, tapez F et pressez la touche Entrée de votre clavier
- Ensuite , choisir l'option 1
- Un rapport apparait automatiquement, Poste le dans ton prochain message

0
Réponse 8 / 66
nicola-eusèbe
 
Merci pour votre aide, voici mon rapport à la suite de votre dernière recommandation : (et svp, n'oubliez pas aussi de me dire comment me défaire de StopZilla - la fonction Uninstall ne fonctionne pas!)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
BIOS : Ver 1.00PARTTBLP
USER : Sylvain ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25-08-09|10:34 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[13-11-07|03:58] C:\Users\Sylvain\AppData\Local\acer eNM
[06-05-09|12:38] C:\Users\Sylvain\AppData\Local\Adobe
[27-03-08|21:19] C:\Users\Sylvain\AppData\Local\Apple
[12-10-08|13:02] C:\Users\Sylvain\AppData\Local\Apple Computer
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Application Data
[12-10-08|22:47] C:\Users\Sylvain\AppData\Local\d3d9caps.dat
[16-06-09|17:54] C:\Users\Sylvain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06-05-09|16:52] C:\Users\Sylvain\AppData\Local\GDIPFONTCACHEV1.DAT
[07-07-09|20:39] C:\Users\Sylvain\AppData\Local\Google
[21-07-09|21:42] C:\Users\Sylvain\AppData\Local\Graboid
[21-07-09|21:36] C:\Users\Sylvain\AppData\Local\Graboid_Inc
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\History
[24-08-09|18:47] C:\Users\Sylvain\AppData\Local\IconCache.db
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\MCE Deluxe Suite
[25-08-08|16:09] C:\Users\Sylvain\AppData\Local\Microsoft
[12-01-08|00:51] C:\Users\Sylvain\AppData\Local\Microsoft Games
[18-02-09|23:09] C:\Users\Sylvain\AppData\Local\Microsoft Help
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\PowerCinema
[12-01-08|21:43] C:\Users\Sylvain\AppData\Local\PowerDV
[15-01-09|14:58] C:\Users\Sylvain\AppData\Local\Sony
[25-08-09|10:33] C:\Users\Sylvain\AppData\Local\Temp
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Temporary Internet Files
[30-11-07|12:31] C:\Users\Sylvain\AppData\Local\Thunderbird
[19-11-07|21:21] C:\Users\Sylvain\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[24-08-09 12:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D10FB898-F793-4DEF-9EB2-0EB52D35AC1D}.job
[25-08-09 10:29][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E6EA9C94-B29C-4D6C-B4C3-7019AE499AB8}.job
[01-12-07 17:24][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[24-08-09 18:49][--ah-----] C:\Windows\tasks\SA.DAT
[24-08-09 18:48][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16-03-09|17:15] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[12-04-09|21:11] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[03-05-09|12:31] C:\ProgramData\Admin Inter 1 Mags
[22-06-09|16:29] C:\ProgramData\Adobe
[27-03-08|21:18] C:\ProgramData\Apple
[24-11-08|11:24] C:\ProgramData\Apple Computer
[02-11-06|09:02] C:\ProgramData\Application Data
[23-06-09|08:13] C:\ProgramData\AVG Security Toolbar
[22-03-09|18:36] C:\ProgramData\avg8
[19-11-07|21:23] C:\ProgramData\CyberLink
[02-11-06|09:02] C:\ProgramData\Desktop
[02-11-06|09:02] C:\ProgramData\Documents
[21-02-09|17:11] C:\ProgramData\ezsidmv.dat
[02-11-06|09:02] C:\ProgramData\Favorites
[07-05-09|19:18] C:\ProgramData\Google
[13-11-07|03:56] C:\ProgramData\InstallShield
[03-12-07|18:29] C:\ProgramData\Messenger Plus!
[02-04-08|13:10] C:\ProgramData\Microsoft
[18-08-09|12:23] C:\ProgramData\Microsoft Help
[11-12-08|10:15] C:\ProgramData\NOS
[31-12-07|20:04] C:\ProgramData\NtiDvdCopy
[24-08-09|16:52] C:\ProgramData\SITEguard
[21-02-09|17:08] C:\ProgramData\Skype
[29-12-08|13:31] C:\ProgramData\SOAP BEEP BLUE.zuzed3
[03-05-09|12:36] C:\ProgramData\Software Platform View
[15-01-09|15:00] C:\ProgramData\Sony
[02-11-06|09:02] C:\ProgramData\Start Menu
[25-08-09|10:28] C:\ProgramData\STOPzilla!
[11-10-08|14:23] C:\ProgramData\Symantec
[02-11-06|09:02] C:\ProgramData\Templates
[15-09-08|21:59] C:\ProgramData\win multi multi.460517
[29-12-08|13:30] C:\ProgramData\win multi multi.4lvai7
[28-07-08|20:53] C:\ProgramData\win multi multi.5ebkb
[29-10-08|12:57] C:\ProgramData\win multi multi.83n5m6
[14-08-08|19:33] C:\ProgramData\win multi multi.8f6nl6
[30-09-08|09:50] C:\ProgramData\win multi multi.isyo5xu
[08-12-08|18:40] C:\ProgramData\win multi multi.kiqdj65
[29-12-08|13:30] C:\ProgramData\win multi multi.prg7i7a
[25-11-08|09:21] C:\ProgramData\win multi multi.w89t89
[23-02-09|10:50] C:\ProgramData\WindowsSearch
[08-03-08|16:29] C:\ProgramData\WLInstaller
[18-11-07|05:54] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[10-04-07|05:52] C:\Program Files\Acer Arcade Deluxe
[13-11-07|03:56] C:\Program Files\Acer Assist
[13-11-07|03:56] C:\Program Files\Acer Inc
[13-11-07|03:56] C:\Program Files\Acer Registration
[25-03-08|18:38] C:\Program Files\activePDF
[10-12-08|13:47] C:\Program Files\Adobe
[22-05-08|15:47] C:\Program Files\Adobe Media Player
[03-12-07|13:11] C:\Program Files\Adverts
[26-06-08|20:02] C:\Program Files\Animation-ish HomeTrial
[03-09-08|15:03] C:\Program Files\Apple Software Update
[22-03-09|18:36] C:\Program Files\AVG
[22-12-08|15:40] C:\Program Files\Bonjour
[24-08-09|18:27] C:\Program Files\CCleaner
[23-03-09|12:11] C:\Program Files\Circle Developement
[24-08-09|16:09] C:\Program Files\Common Files
[10-04-07|05:14] C:\Program Files\CONEXANT
[10-04-07|05:30] C:\Program Files\CyberLink
[31-12-07|19:38] C:\Program Files\EA Games
[25-07-09|12:10] C:\Program Files\FunWebProducts
[07-05-09|20:17] C:\Program Files\Google
[21-07-09|21:35] C:\Program Files\Graboid
[19-11-07|13:46] C:\Program Files\Grisoft
[21-08-08|11:53] C:\Program Files\IKEA HomePlanner
[26-06-08|20:02] C:\Program Files\InstallShield Installation Information
[10-04-07|04:53] C:\Program Files\Intel
[29-07-09|22:54] C:\Program Files\Internet Explorer
[20-07-09|14:09] C:\Program Files\iPod
[20-07-09|14:09] C:\Program Files\iTunes
[04-04-09|22:55] C:\Program Files\Java
[18-05-07|03:18] C:\Program Files\Launch Manager
[19-06-09|13:50] C:\Program Files\LimeWire
[18-11-07|06:11] C:\Program Files\Maxis
[31-03-08|19:22] C:\Program Files\MFInstall
[02-11-06|08:37] C:\Program Files\Microsoft Games
[18-03-08|21:38] C:\Program Files\Microsoft Office
[18-08-09|12:56] C:\Program Files\Microsoft Silverlight
[18-03-08|21:38] C:\Program Files\Microsoft Visual Studio
[18-03-08|21:34] C:\Program Files\Microsoft Visual Studio 8
[18-03-08|21:39] C:\Program Files\Microsoft Works
[18-03-08|21:37] C:\Program Files\Microsoft.NET
[07-10-08|08:10] C:\Program Files\Movie Maker
[21-07-09|21:35] C:\Program Files\Mozilla ActiveX Control v1.7.12
[03-08-08|17:17] C:\Program Files\Mozilla Thunderbird
[18-03-08|21:38] C:\Program Files\MSBuild
[18-11-07|04:01] C:\Program Files\MSXML 4.0
[24-07-09|12:53] C:\Program Files\MyWebSearch
[10-04-07|05:28] C:\Program Files\NewTech Infosystems
[11-12-08|10:15] C:\Program Files\NOS
[19-11-07|14:47] C:\Program Files\OpenOffice.org 2.3
[18-11-07|06:49] C:\Program Files\OpenOffice.org 2.3 Language Pack (Fran‡ais) Installation Files
[02-04-08|13:23] C:\Program Files\Oxy-Gen
[07-05-09|17:14] C:\Program Files\PAV
[07-06-09|21:37] C:\Program Files\QuickTime
[22-06-09|16:29] C:\Program Files\Radio-Canada
[10-04-07|05:04] C:\Program Files\Realtek
[02-11-06|08:37] C:\Program Files\Reference Assemblies
[24-08-09|10:25] C:\Program Files\Safari
[21-02-09|17:08] C:\Program Files\Skype
[10-04-07|05:26] C:\Program Files\SMSC
[15-01-09|14:57] C:\Program Files\Sony
[15-01-09|14:57] C:\Program Files\Sony Ericsson
[24-08-09|19:14] C:\Program Files\STOPzilla!
[10-04-07|05:09] C:\Program Files\Synaptics
[02-04-08|13:10] C:\Program Files\Uniblue
[02-11-06|09:01] C:\Program Files\Uninstall Information
[21-07-09|21:35] C:\Program Files\VideoLAN
[07-10-08|08:10] C:\Program Files\Windows Calendar
[07-10-08|08:10] C:\Program Files\Windows Collaboration
[07-10-08|08:09] C:\Program Files\Windows Defender
[07-10-08|08:10] C:\Program Files\Windows Journal
[01-12-07|17:27] C:\Program Files\Windows Live
[01-12-07|17:24] C:\Program Files\Windows Live Favorites
[01-12-07|17:24] C:\Program Files\Windows Live Toolbar
[18-08-09|12:04] C:\Program Files\Windows Mail
[18-08-09|12:54] C:\Program Files\Windows Media Player
[02-11-06|08:37] C:\Program Files\Windows NT
[07-10-08|08:10] C:\Program Files\Windows Photo Gallery
[07-10-08|08:10] C:\Program Files\Windows Sidebar
[13-11-07|03:56] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18-03-09|16:45] C:\Program Files\Common Files\Adobe
[22-05-08|15:47] C:\Program Files\Common Files\Adobe AIR
[20-07-09|14:09] C:\Program Files\Common Files\Apple
[18-03-08|21:38] C:\Program Files\Common Files\DESIGNER
[13-11-07|03:56] C:\Program Files\Common Files\InstallShield
[24-08-09|16:09] C:\Program Files\Common Files\iS3
[18-11-07|09:19] C:\Program Files\Common Files\Java
[10-04-07|05:27] C:\Program Files\Common Files\LightScribe
[06-03-09|00:14] C:\Program Files\Common Files\microsoft shared
[10-04-07|05:27] C:\Program Files\Common Files\muvee Technologies
[10-04-07|05:28] C:\Program Files\Common Files\NewTech Infosystems
[02-11-06|07:18] C:\Program Files\Common Files\Services
[21-02-09|17:08] C:\Program Files\Common Files\Skype
[02-11-06|07:18] C:\Program Files\Common Files\SpeechEngines
[11-10-08|14:23] C:\Program Files\Common Files\Symantec Shared
[07-10-08|08:09] C:\Program Files\Common Files\System
[01-12-07|17:22] C:\Program Files\Common Files\WindowsLiveInstaller
[21-08-08|11:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 90 Processes )

iexplore.exe ~ [PID:7380]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\win multi multi.5ebkb
C:\ProgramData\SOAP BEEP BLUE.zuzed3
C:\ProgramData\win multi multi.460517
C:\ProgramData\win multi multi.4lvai7
C:\ProgramData\win multi multi.83n5m6
C:\ProgramData\win multi multi.8f6nl6
C:\ProgramData\win multi multi.w89t89
C:\ProgramData\win multi multi.isyo5xu
C:\ProgramData\win multi multi.kiqdj65
C:\ProgramData\win multi multi.prg7i7a

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Admin Inter 1 Mags\play info.dat
C:\Program Files\Adverts
C:\Program Files\Circle Developement

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mpeg Kind"="\"C:\\ProgramData\\win multi multi.86dn9t1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 10:34:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 53

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Recent\Crack_The_Code_B_SCD_0769_01701.lnk
C:\Users\Sylvain\Documents\LACASSE COMMUNICATIONS\S2B COMMUNICATIONS\CONSIGNACTION-2\Campagne Boissons ‚nerg‚tiques\Pub 2 - ‚tudiant\musique\Crack_The_Code_B_SCD_0769_01701.mp3

[F:32][D:11]-> C:\Users\Sylvain\AppData\Local\Temp
[F:51][D:1]-> C:\Users\Sylvain\AppData\Roaming\MICROS~1\Windows\Cookies
[F:65][D:4]-> C:\Users\Sylvain\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:36][D:32]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 25-08-09|10:36 - Option : [1]

--------------------\\ Fin du rapport a 10:36:20
[ UAC => 1 ]
0
Réponse 9 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Bien maintenant fait ceci

~~~~~~~~~~~~~~~> Lop S&D <~~~~~~~~~~~~~~~~~~

- Relancer Lop S&D
- Dans le menu principal, tapez 2 puis validez par entrée.

- Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.
- Le nettoyage va prendre quelques minutes...
- Une fois l'opération terminée, le rapport de nettoyage s'ouvre.

- Poste ce rapport dans ton prochain message

0
Réponse 10 / 66
nicola-eusèbe
 
La dernière ôpération qu evous me suggérer est peut-être inutile: Mirar et StopZilla n'apparaissent plus ! Peut-être est-ce parce que j'avais mis plus tôt CC cleaner dans le coup? Merci en tout cas!
0
Réponse 11 / 66
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
Tu as d'autres infections.
0
Réponse 12 / 66
nicola-eusèbe
 
Voici non rapport une fois l'opération faite :

-------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
BIOS : Ver 1.00PARTTBLP
USER : Sylvain ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 25-08-09|15:52 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Admin Inter 1 Mags\play info.dat
Supprime! - C:\ProgramData\win multi multi.5ebkb
Supprime! - C:\ProgramData\SOAP BEEP BLUE.zuzed3
Supprime! - C:\ProgramData\win multi multi.460517
Supprime! - C:\ProgramData\win multi multi.4lvai7
Supprime! - C:\ProgramData\win multi multi.83n5m6
Supprime! - C:\ProgramData\win multi multi.8f6nl6
Supprime! - C:\ProgramData\win multi multi.w89t89
Supprime! - C:\ProgramData\win multi multi.isyo5xu
Supprime! - C:\ProgramData\win multi multi.kiqdj65
Supprime! - C:\ProgramData\win multi multi.prg7i7a
Supprime! - C:\ProgramData\Admin Inter 1 Mags
Supprime! - C:\Program Files\Adverts
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[13-11-07|03:58] C:\Users\Sylvain\AppData\Local\acer eNM
[06-05-09|12:38] C:\Users\Sylvain\AppData\Local\Adobe
[27-03-08|21:19] C:\Users\Sylvain\AppData\Local\Apple
[12-10-08|13:02] C:\Users\Sylvain\AppData\Local\Apple Computer
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Application Data
[12-10-08|22:47] C:\Users\Sylvain\AppData\Local\d3d9caps.dat
[16-06-09|17:54] C:\Users\Sylvain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06-05-09|16:52] C:\Users\Sylvain\AppData\Local\GDIPFONTCACHEV1.DAT
[07-07-09|20:39] C:\Users\Sylvain\AppData\Local\Google
[21-07-09|21:42] C:\Users\Sylvain\AppData\Local\Graboid
[21-07-09|21:36] C:\Users\Sylvain\AppData\Local\Graboid_Inc
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\History
[24-08-09|18:47] C:\Users\Sylvain\AppData\Local\IconCache.db
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\MCE Deluxe Suite
[25-08-08|16:09] C:\Users\Sylvain\AppData\Local\Microsoft
[12-01-08|00:51] C:\Users\Sylvain\AppData\Local\Microsoft Games
[18-02-09|23:09] C:\Users\Sylvain\AppData\Local\Microsoft Help
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\PowerCinema
[12-01-08|21:43] C:\Users\Sylvain\AppData\Local\PowerDV
[15-01-09|14:58] C:\Users\Sylvain\AppData\Local\Sony
[25-08-09|15:52] C:\Users\Sylvain\AppData\Local\Temp
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Temporary Internet Files
[30-11-07|12:31] C:\Users\Sylvain\AppData\Local\Thunderbird
[19-11-07|21:21] C:\Users\Sylvain\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[25-08-09 15:02][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D10FB898-F793-4DEF-9EB2-0EB52D35AC1D}.job
[25-08-09 15:50][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E6EA9C94-B29C-4D6C-B4C3-7019AE499AB8}.job
[01-12-07 17:24][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[24-08-09 18:49][--ah-----] C:\Windows\tasks\SA.DAT
[24-08-09 18:48][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16-03-09|17:15] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[12-04-09|21:11] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[22-06-09|16:29] C:\ProgramData\Adobe
[27-03-08|21:18] C:\ProgramData\Apple
[24-11-08|11:24] C:\ProgramData\Apple Computer
[02-11-06|09:02] C:\ProgramData\Application Data
[23-06-09|08:13] C:\ProgramData\AVG Security Toolbar
[22-03-09|18:36] C:\ProgramData\avg8
[19-11-07|21:23] C:\ProgramData\CyberLink
[02-11-06|09:02] C:\ProgramData\Desktop
[02-11-06|09:02] C:\ProgramData\Documents
[21-02-09|17:11] C:\ProgramData\ezsidmv.dat
[02-11-06|09:02] C:\ProgramData\Favorites
[07-05-09|19:18] C:\ProgramData\Google
[13-11-07|03:56] C:\ProgramData\InstallShield
[03-12-07|18:29] C:\ProgramData\Messenger Plus!
[02-04-08|13:10] C:\ProgramData\Microsoft
[18-08-09|12:23] C:\ProgramData\Microsoft Help
[11-12-08|10:15] C:\ProgramData\NOS
[31-12-07|20:04] C:\ProgramData\NtiDvdCopy
[24-08-09|16:52] C:\ProgramData\SITEguard
[21-02-09|17:08] C:\ProgramData\Skype
[03-05-09|12:36] C:\ProgramData\Software Platform View
[15-01-09|15:00] C:\ProgramData\Sony
[02-11-06|09:02] C:\ProgramData\Start Menu
[25-08-09|15:45] C:\ProgramData\STOPzilla!
[11-10-08|14:23] C:\ProgramData\Symantec
[02-11-06|09:02] C:\ProgramData\Templates
[23-02-09|10:50] C:\ProgramData\WindowsSearch
[08-03-08|16:29] C:\ProgramData\WLInstaller
[18-11-07|05:54] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[10-04-07|05:52] C:\Program Files\Acer Arcade Deluxe
[13-11-07|03:56] C:\Program Files\Acer Assist
[13-11-07|03:56] C:\Program Files\Acer Inc
[13-11-07|03:56] C:\Program Files\Acer Registration
[25-03-08|18:38] C:\Program Files\activePDF
[10-12-08|13:47] C:\Program Files\Adobe
[22-05-08|15:47] C:\Program Files\Adobe Media Player
[26-06-08|20:02] C:\Program Files\Animation-ish HomeTrial
[03-09-08|15:03] C:\Program Files\Apple Software Update
[22-03-09|18:36] C:\Program Files\AVG
[22-12-08|15:40] C:\Program Files\Bonjour
[24-08-09|18:27] C:\Program Files\CCleaner
[24-08-09|16:09] C:\Program Files\Common Files
[10-04-07|05:14] C:\Program Files\CONEXANT
[10-04-07|05:30] C:\Program Files\CyberLink
[31-12-07|19:38] C:\Program Files\EA Games
[25-07-09|12:10] C:\Program Files\FunWebProducts
[07-05-09|20:17] C:\Program Files\Google
[21-07-09|21:35] C:\Program Files\Graboid
[19-11-07|13:46] C:\Program Files\Grisoft
[21-08-08|11:53] C:\Program Files\IKEA HomePlanner
[26-06-08|20:02] C:\Program Files\InstallShield Installation Information
[10-04-07|04:53] C:\Program Files\Intel
[29-07-09|22:54] C:\Program Files\Internet Explorer
[20-07-09|14:09] C:\Program Files\iPod
[20-07-09|14:09] C:\Program Files\iTunes
[04-04-09|22:55] C:\Program Files\Java
[18-05-07|03:18] C:\Program Files\Launch Manager
[19-06-09|13:50] C:\Program Files\LimeWire
[18-11-07|06:11] C:\Program Files\Maxis
[31-03-08|19:22] C:\Program Files\MFInstall
[02-11-06|08:37] C:\Program Files\Microsoft Games
[18-03-08|21:38] C:\Program Files\Microsoft Office
[18-08-09|12:56] C:\Program Files\Microsoft Silverlight
[18-03-08|21:38] C:\Program Files\Microsoft Visual Studio
[18-03-08|21:34] C:\Program Files\Microsoft Visual Studio 8
[18-03-08|21:39] C:\Program Files\Microsoft Works
[18-03-08|21:37] C:\Program Files\Microsoft.NET
[07-10-08|08:10] C:\Program Files\Movie Maker
[21-07-09|21:35] C:\Program Files\Mozilla ActiveX Control v1.7.12
[03-08-08|17:17] C:\Program Files\Mozilla Thunderbird
[18-03-08|21:38] C:\Program Files\MSBuild
[18-11-07|04:01] C:\Program Files\MSXML 4.0
[24-07-09|12:53] C:\Program Files\MyWebSearch
[10-04-07|05:28] C:\Program Files\NewTech Infosystems
[11-12-08|10:15] C:\Program Files\NOS
[19-11-07|14:47] C:\Program Files\OpenOffice.org 2.3
[18-11-07|06:49] C:\Program Files\OpenOffice.org 2.3 Language Pack (Fran‡ais) Installation Files
[02-04-08|13:23] C:\Program Files\Oxy-Gen
[07-05-09|17:14] C:\Program Files\PAV
[07-06-09|21:37] C:\Program Files\QuickTime
[22-06-09|16:29] C:\Program Files\Radio-Canada
[10-04-07|05:04] C:\Program Files\Realtek
[02-11-06|08:37] C:\Program Files\Reference Assemblies
[24-08-09|10:25] C:\Program Files\Safari
[21-02-09|17:08] C:\Program Files\Skype
[10-04-07|05:26] C:\Program Files\SMSC
[15-01-09|14:57] C:\Program Files\Sony
[15-01-09|14:57] C:\Program Files\Sony Ericsson
[24-08-09|19:14] C:\Program Files\STOPzilla!
[10-04-07|05:09] C:\Program Files\Synaptics
[02-04-08|13:10] C:\Program Files\Uniblue
[02-11-06|09:01] C:\Program Files\Uninstall Information
[21-07-09|21:35] C:\Program Files\VideoLAN
[07-10-08|08:10] C:\Program Files\Windows Calendar
[07-10-08|08:10] C:\Program Files\Windows Collaboration
[07-10-08|08:09] C:\Program Files\Windows Defender
[07-10-08|08:10] C:\Program Files\Windows Journal
[01-12-07|17:27] C:\Program Files\Windows Live
[01-12-07|17:24] C:\Program Files\Windows Live Favorites
[01-12-07|17:24] C:\Program Files\Windows Live Toolbar
[18-08-09|12:04] C:\Program Files\Windows Mail
[18-08-09|12:54] C:\Program Files\Windows Media Player
[02-11-06|08:37] C:\Program Files\Windows NT
[07-10-08|08:10] C:\Program Files\Windows Photo Gallery
[07-10-08|08:10] C:\Program Files\Windows Sidebar
[13-11-07|03:56] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18-03-09|16:45] C:\Program Files\Common Files\Adobe
[22-05-08|15:47] C:\Program Files\Common Files\Adobe AIR
[20-07-09|14:09] C:\Program Files\Common Files\Apple
[18-03-08|21:38] C:\Program Files\Common Files\DESIGNER
[13-11-07|03:56] C:\Program Files\Common Files\InstallShield
[24-08-09|16:09] C:\Program Files\Common Files\iS3
[18-11-07|09:19] C:\Program Files\Common Files\Java
[10-04-07|05:27] C:\Program Files\Common Files\LightScribe
[06-03-09|00:14] C:\Program Files\Common Files\microsoft shared
[10-04-07|05:27] C:\Program Files\Common Files\muvee Technologies
[10-04-07|05:28] C:\Program Files\Common Files\NewTech Infosystems
[02-11-06|07:18] C:\Program Files\Common Files\Services
[21-02-09|17:08] C:\Program Files\Common Files\Skype
[02-11-06|07:18] C:\Program Files\Common Files\SpeechEngines
[11-10-08|14:23] C:\Program Files\Common Files\Symantec Shared
[07-10-08|08:09] C:\Program Files\Common Files\System
[01-12-07|17:22] C:\Program Files\Common Files\WindowsLiveInstaller
[21-08-08|11:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 89 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 15:52:42
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 53

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Recent\Crack_The_Code_B_SCD_0769_01701.lnk
C:\Users\Sylvain\Documents\LACASSE COMMUNICATIONS\S2B COMMUNICATIONS\CONSIGNACTION-2\Campagne Boissons ‚nerg‚tiques\Pub 2 - ‚tudiant\musique\Crack_The_Code_B_SCD_0769_01701.mp3

[F:31][D:11]-> C:\Users\Sylvain\AppData\Local\Temp
[F:61][D:1]-> C:\Users\Sylvain\AppData\Roaming\MICROS~1\Windows\Cookies
[F:66][D:4]-> C:\Users\Sylvain\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:36][D:32]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 25-08-09|10:36 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 25-08-09|15:54 - Option : [2]

--------------------\\ Fin du rapport a 15:54:47
[ UAC => 1 ]
0
Réponse 13 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Refait un log Hijack
0
Réponse 14 / 66
nicola-eusèbe
 
je n'arrive pas à le télécharger : zongPay m'a même facturé 3$ mais quand je clique sur l'icône de téléchargement, il se passe rien du tout. ;-(
0
Réponse 15 / 66
nicola-eusèbe
 
enfin, voici ce que j'ai obtenu :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:39, on 25-08-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Sylvain\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sylvain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DQT8ZIG\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - {A7AFE4D8-E79B-471C-8664-30695E37CF5B} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Sylvain\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 16 / 66
XaTon Messages postés 2160 Statut Membre 208
 
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"

La bébête est toujours présente

Est ce que je passe a OTM Destrio5 ?
0
Réponse 17 / 66
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
 
"La bébête est toujours présente"
--> Il y a juste la trace dans le registre donc fais fixer la ligne. Le fichier est déjà supprimé.

"C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch "
--> A virer avec Ad-Remover par exemple.
0
Réponse 18 / 66
XaTon Messages postés 2160 Statut Membre 208
  
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"


Coche cette ligne et clic ensuite sur Fixcheked

Ensuite , tu vas faire ceci

~~~~~~~~~~~~~~~> Ad-Remover <~~~~~~~~~~~~~~~~~~~

/!\ Désactive temporairement ton antivirus /!\

Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

> http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

* Lance l'installation avec les paramètres par défaut.
* Double-clique sur le raccourci Ad-Remover sur ton Bureau.
* Choisit ta langue F pour française.
* Au menu principal, choisis l'option S.

/!\ Laisse travailler l'outil /!\

* Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

0
Réponse 19 / 66
nicola-eusèbe
 
Comment je fais pour désactiver temporairement mon anti-virus?
0
Réponse 20 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Clic droit sur l'icone a coté de l'horloge et faire désactiver
0
  • 1
  • 2
  • 3
  • 4