Mirar encore...

nicola-eusèbe -  
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,

Je m'en remest à vous pour me débarrasser de Mirar et StopZilla. Voici mon rapport généré par Toolbar SD
-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
BIOS : Ver 1.00PARTTBLP
USER : Sylvain ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:22 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 24-08-09|19:01 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

[Service] MyWebSearchService
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver
C:\Program Files\FunWebProducts\ScreenSaver\Images
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch\bar\1.bin
C:\Program Files\MyWebSearch\bar\Avatar
C:\Program Files\MyWebSearch\bar\Game
C:\Program Files\MyWebSearch\bar\History
C:\Program Files\MyWebSearch\bar\icons
C:\Program Files\MyWebSearch\bar\Message
C:\Program Files\MyWebSearch\bar\Notifier
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Windows\System32\f3PSSavr.scr

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://ici.radio-canada.ca/"
"SEARCH PAGE"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\Windows\\system32\\blank.htm"
"SearchMigratedDefaultURL"="https://search.yahoo.com/web{searchTerms}&ei=utf-8&fr=b1ie7"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.ca.acer.yahoo.com"
"Default_Page_URL"="http://fr.ca.acer.yahoo.com"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Recent\Crack_The_Code_B_SCD_0769_01701.lnk
C:\Users\Sylvain\Documents\LACASSE COMMUNICATIONS\S2B COMMUNICATIONS\CONSIGNACTION-2\Campagne Boissons ‚nerg‚tiques\Pub 2 - ‚tudiant\musique\Crack_The_Code_B_SCD_0769_01701.mp3


[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 24-08-09|19:01 - Option : [1]

-----------\\ Fin du rapport a 19:01:41,16

66 réponses

Réponse 1 / 66
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
La procédure d'OTM ne sert donc à rien puisque Lop S&D va s'en occuper.
1
Réponse 2 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Bonsoir ,

Fait plutôt ceci :

~~~~~~~~~~~~~~~> Hijack This <~~~~~~~~~~~~~~~~~~~

- Telecharger Hijack
>http://www.infos-du-net.com/telecharger/HijackThis.html

Une fois Hijack installer, exécuter le :
- Cliquer sur "Do a system scan and save a logfile"

- Un fichier texte s'ouvre, si ce n'est pas le cas celui-ci se trouve dans le même dossier que hijackthis.exe .
- Faire édition / sélectionner tout
- Clic droit / copier

- Poste moi le rapport entier

0
Réponse 3 / 66
nicola-eusèbe
 
Voici mon rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:18, on 24-08-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Sylvain\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Users\Sylvain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M506FAIM\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Mirar - {A7AFE4D9-E79B-471C-8664-30695E37CF5B} - C:\Windows\system32\wind078.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: Mirar - {A7AFE4D8-E79B-471C-8664-30695E37CF5B} - C:\Windows\system32\wind078.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Mpeg Kind] "C:\ProgramData\win multi multi.86dn9t1"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Sylvain\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 4 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Infections présente

Fait ceci

~~~~~~~~~~~~~~~> Ad-Remover <~~~~~~~~~~~~~~~~~~~

Relance AD-Remover avec l'option L, poste le rapport.

~~~~~~~~~~~~~~~> OTM <~~~~~~~~~~~~~~~~~~

- Télécharge OTM (de Old_Timer) sur ton Bureau

> http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/

- Double-clique sur OTM.exe pour le lancer.

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

- Copie la liste qui se trouve dans la citation ci-dessous et colle-la dans le cadre de gauche de OTM sous Paste instructions for item to be moved. 


:Processes

:files
C:\ProgramData\dvd dead show.b83mmas

:Commands
[purity]
[emptytemp]
[Reboot]



- Clique sur MoveIt! pour lancer la suppression.

- Le résultat apparaitra dans le cadre Results.

- Clique sur Exit pour fermer.

- Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

? Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 66
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Bonjour,

Il y a une infection Lop/Swizzor. L'utilisation de Lop S&D serait une bonne idée.
0
Réponse 6 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Salut Destrio5

Ok

Il va faire déjà cela

0
Réponse 7 / 66
XaTon Messages postés 2160 Statut Membre 208
 
D'accord , merci du conseil

= )

Donc a la place de OTM , fait ceci :

~~~~~~~~~~~~~~~> Lop S&D <~~~~~~~~~~~~~~~~~~

Téléchargez Lop S&D d'Eric 71 & Angeldark à partir de ce lien

> https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

- Cliquez sur Enregistrer et placez le sur le Bureau

- Une fois le Téléchargement terminé, cliquez sur Fermer
- Double-cliquez sur l'icône pour lancer l'installation

- Acceptez les termes d'utilisation et cliquez sur Suivant
- Cliquez sur Oui pour créer un répertoire

- Double-cliquez sur le nouvel icône placé sur votre bureau pour lancer l'outil

- Choisissez votre langue : dans notre cas, ce sera Français, tapez F et pressez la touche Entrée de votre clavier
- Ensuite , choisir l'option 1
- Un rapport apparait automatiquement, Poste le dans ton prochain message

0
Réponse 8 / 66
nicola-eusèbe
 
Merci pour votre aide, voici mon rapport à la suite de votre dernière recommandation : (et svp, n'oubliez pas aussi de me dire comment me défaire de StopZilla - la fonction Uninstall ne fonctionne pas!)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
BIOS : Ver 1.00PARTTBLP
USER : Sylvain ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 25-08-09|10:34 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[13-11-07|03:58] C:\Users\Sylvain\AppData\Local\acer eNM
[06-05-09|12:38] C:\Users\Sylvain\AppData\Local\Adobe
[27-03-08|21:19] C:\Users\Sylvain\AppData\Local\Apple
[12-10-08|13:02] C:\Users\Sylvain\AppData\Local\Apple Computer
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Application Data
[12-10-08|22:47] C:\Users\Sylvain\AppData\Local\d3d9caps.dat
[16-06-09|17:54] C:\Users\Sylvain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06-05-09|16:52] C:\Users\Sylvain\AppData\Local\GDIPFONTCACHEV1.DAT
[07-07-09|20:39] C:\Users\Sylvain\AppData\Local\Google
[21-07-09|21:42] C:\Users\Sylvain\AppData\Local\Graboid
[21-07-09|21:36] C:\Users\Sylvain\AppData\Local\Graboid_Inc
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\History
[24-08-09|18:47] C:\Users\Sylvain\AppData\Local\IconCache.db
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\MCE Deluxe Suite
[25-08-08|16:09] C:\Users\Sylvain\AppData\Local\Microsoft
[12-01-08|00:51] C:\Users\Sylvain\AppData\Local\Microsoft Games
[18-02-09|23:09] C:\Users\Sylvain\AppData\Local\Microsoft Help
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\PowerCinema
[12-01-08|21:43] C:\Users\Sylvain\AppData\Local\PowerDV
[15-01-09|14:58] C:\Users\Sylvain\AppData\Local\Sony
[25-08-09|10:33] C:\Users\Sylvain\AppData\Local\Temp
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Temporary Internet Files
[30-11-07|12:31] C:\Users\Sylvain\AppData\Local\Thunderbird
[19-11-07|21:21] C:\Users\Sylvain\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[24-08-09 12:06][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D10FB898-F793-4DEF-9EB2-0EB52D35AC1D}.job
[25-08-09 10:29][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E6EA9C94-B29C-4D6C-B4C3-7019AE499AB8}.job
[01-12-07 17:24][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[24-08-09 18:49][--ah-----] C:\Windows\tasks\SA.DAT
[24-08-09 18:48][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16-03-09|17:15] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[12-04-09|21:11] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[03-05-09|12:31] C:\ProgramData\Admin Inter 1 Mags
[22-06-09|16:29] C:\ProgramData\Adobe
[27-03-08|21:18] C:\ProgramData\Apple
[24-11-08|11:24] C:\ProgramData\Apple Computer
[02-11-06|09:02] C:\ProgramData\Application Data
[23-06-09|08:13] C:\ProgramData\AVG Security Toolbar
[22-03-09|18:36] C:\ProgramData\avg8
[19-11-07|21:23] C:\ProgramData\CyberLink
[02-11-06|09:02] C:\ProgramData\Desktop
[02-11-06|09:02] C:\ProgramData\Documents
[21-02-09|17:11] C:\ProgramData\ezsidmv.dat
[02-11-06|09:02] C:\ProgramData\Favorites
[07-05-09|19:18] C:\ProgramData\Google
[13-11-07|03:56] C:\ProgramData\InstallShield
[03-12-07|18:29] C:\ProgramData\Messenger Plus!
[02-04-08|13:10] C:\ProgramData\Microsoft
[18-08-09|12:23] C:\ProgramData\Microsoft Help
[11-12-08|10:15] C:\ProgramData\NOS
[31-12-07|20:04] C:\ProgramData\NtiDvdCopy
[24-08-09|16:52] C:\ProgramData\SITEguard
[21-02-09|17:08] C:\ProgramData\Skype
[29-12-08|13:31] C:\ProgramData\SOAP BEEP BLUE.zuzed3
[03-05-09|12:36] C:\ProgramData\Software Platform View
[15-01-09|15:00] C:\ProgramData\Sony
[02-11-06|09:02] C:\ProgramData\Start Menu
[25-08-09|10:28] C:\ProgramData\STOPzilla!
[11-10-08|14:23] C:\ProgramData\Symantec
[02-11-06|09:02] C:\ProgramData\Templates
[15-09-08|21:59] C:\ProgramData\win multi multi.460517
[29-12-08|13:30] C:\ProgramData\win multi multi.4lvai7
[28-07-08|20:53] C:\ProgramData\win multi multi.5ebkb
[29-10-08|12:57] C:\ProgramData\win multi multi.83n5m6
[14-08-08|19:33] C:\ProgramData\win multi multi.8f6nl6
[30-09-08|09:50] C:\ProgramData\win multi multi.isyo5xu
[08-12-08|18:40] C:\ProgramData\win multi multi.kiqdj65
[29-12-08|13:30] C:\ProgramData\win multi multi.prg7i7a
[25-11-08|09:21] C:\ProgramData\win multi multi.w89t89
[23-02-09|10:50] C:\ProgramData\WindowsSearch
[08-03-08|16:29] C:\ProgramData\WLInstaller
[18-11-07|05:54] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[10-04-07|05:52] C:\Program Files\Acer Arcade Deluxe
[13-11-07|03:56] C:\Program Files\Acer Assist
[13-11-07|03:56] C:\Program Files\Acer Inc
[13-11-07|03:56] C:\Program Files\Acer Registration
[25-03-08|18:38] C:\Program Files\activePDF
[10-12-08|13:47] C:\Program Files\Adobe
[22-05-08|15:47] C:\Program Files\Adobe Media Player
[03-12-07|13:11] C:\Program Files\Adverts
[26-06-08|20:02] C:\Program Files\Animation-ish HomeTrial
[03-09-08|15:03] C:\Program Files\Apple Software Update
[22-03-09|18:36] C:\Program Files\AVG
[22-12-08|15:40] C:\Program Files\Bonjour
[24-08-09|18:27] C:\Program Files\CCleaner
[23-03-09|12:11] C:\Program Files\Circle Developement
[24-08-09|16:09] C:\Program Files\Common Files
[10-04-07|05:14] C:\Program Files\CONEXANT
[10-04-07|05:30] C:\Program Files\CyberLink
[31-12-07|19:38] C:\Program Files\EA Games
[25-07-09|12:10] C:\Program Files\FunWebProducts
[07-05-09|20:17] C:\Program Files\Google
[21-07-09|21:35] C:\Program Files\Graboid
[19-11-07|13:46] C:\Program Files\Grisoft
[21-08-08|11:53] C:\Program Files\IKEA HomePlanner
[26-06-08|20:02] C:\Program Files\InstallShield Installation Information
[10-04-07|04:53] C:\Program Files\Intel
[29-07-09|22:54] C:\Program Files\Internet Explorer
[20-07-09|14:09] C:\Program Files\iPod
[20-07-09|14:09] C:\Program Files\iTunes
[04-04-09|22:55] C:\Program Files\Java
[18-05-07|03:18] C:\Program Files\Launch Manager
[19-06-09|13:50] C:\Program Files\LimeWire
[18-11-07|06:11] C:\Program Files\Maxis
[31-03-08|19:22] C:\Program Files\MFInstall
[02-11-06|08:37] C:\Program Files\Microsoft Games
[18-03-08|21:38] C:\Program Files\Microsoft Office
[18-08-09|12:56] C:\Program Files\Microsoft Silverlight
[18-03-08|21:38] C:\Program Files\Microsoft Visual Studio
[18-03-08|21:34] C:\Program Files\Microsoft Visual Studio 8
[18-03-08|21:39] C:\Program Files\Microsoft Works
[18-03-08|21:37] C:\Program Files\Microsoft.NET
[07-10-08|08:10] C:\Program Files\Movie Maker
[21-07-09|21:35] C:\Program Files\Mozilla ActiveX Control v1.7.12
[03-08-08|17:17] C:\Program Files\Mozilla Thunderbird
[18-03-08|21:38] C:\Program Files\MSBuild
[18-11-07|04:01] C:\Program Files\MSXML 4.0
[24-07-09|12:53] C:\Program Files\MyWebSearch
[10-04-07|05:28] C:\Program Files\NewTech Infosystems
[11-12-08|10:15] C:\Program Files\NOS
[19-11-07|14:47] C:\Program Files\OpenOffice.org 2.3
[18-11-07|06:49] C:\Program Files\OpenOffice.org 2.3 Language Pack (Fran‡ais) Installation Files
[02-04-08|13:23] C:\Program Files\Oxy-Gen
[07-05-09|17:14] C:\Program Files\PAV
[07-06-09|21:37] C:\Program Files\QuickTime
[22-06-09|16:29] C:\Program Files\Radio-Canada
[10-04-07|05:04] C:\Program Files\Realtek
[02-11-06|08:37] C:\Program Files\Reference Assemblies
[24-08-09|10:25] C:\Program Files\Safari
[21-02-09|17:08] C:\Program Files\Skype
[10-04-07|05:26] C:\Program Files\SMSC
[15-01-09|14:57] C:\Program Files\Sony
[15-01-09|14:57] C:\Program Files\Sony Ericsson
[24-08-09|19:14] C:\Program Files\STOPzilla!
[10-04-07|05:09] C:\Program Files\Synaptics
[02-04-08|13:10] C:\Program Files\Uniblue
[02-11-06|09:01] C:\Program Files\Uninstall Information
[21-07-09|21:35] C:\Program Files\VideoLAN
[07-10-08|08:10] C:\Program Files\Windows Calendar
[07-10-08|08:10] C:\Program Files\Windows Collaboration
[07-10-08|08:09] C:\Program Files\Windows Defender
[07-10-08|08:10] C:\Program Files\Windows Journal
[01-12-07|17:27] C:\Program Files\Windows Live
[01-12-07|17:24] C:\Program Files\Windows Live Favorites
[01-12-07|17:24] C:\Program Files\Windows Live Toolbar
[18-08-09|12:04] C:\Program Files\Windows Mail
[18-08-09|12:54] C:\Program Files\Windows Media Player
[02-11-06|08:37] C:\Program Files\Windows NT
[07-10-08|08:10] C:\Program Files\Windows Photo Gallery
[07-10-08|08:10] C:\Program Files\Windows Sidebar
[13-11-07|03:56] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18-03-09|16:45] C:\Program Files\Common Files\Adobe
[22-05-08|15:47] C:\Program Files\Common Files\Adobe AIR
[20-07-09|14:09] C:\Program Files\Common Files\Apple
[18-03-08|21:38] C:\Program Files\Common Files\DESIGNER
[13-11-07|03:56] C:\Program Files\Common Files\InstallShield
[24-08-09|16:09] C:\Program Files\Common Files\iS3
[18-11-07|09:19] C:\Program Files\Common Files\Java
[10-04-07|05:27] C:\Program Files\Common Files\LightScribe
[06-03-09|00:14] C:\Program Files\Common Files\microsoft shared
[10-04-07|05:27] C:\Program Files\Common Files\muvee Technologies
[10-04-07|05:28] C:\Program Files\Common Files\NewTech Infosystems
[02-11-06|07:18] C:\Program Files\Common Files\Services
[21-02-09|17:08] C:\Program Files\Common Files\Skype
[02-11-06|07:18] C:\Program Files\Common Files\SpeechEngines
[11-10-08|14:23] C:\Program Files\Common Files\Symantec Shared
[07-10-08|08:09] C:\Program Files\Common Files\System
[01-12-07|17:22] C:\Program Files\Common Files\WindowsLiveInstaller
[21-08-08|11:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 90 Processes )

iexplore.exe ~ [PID:7380]

--------------------\\ Recherche avec S_Lop

C:\ProgramData\win multi multi.5ebkb
C:\ProgramData\SOAP BEEP BLUE.zuzed3
C:\ProgramData\win multi multi.460517
C:\ProgramData\win multi multi.4lvai7
C:\ProgramData\win multi multi.83n5m6
C:\ProgramData\win multi multi.8f6nl6
C:\ProgramData\win multi multi.w89t89
C:\ProgramData\win multi multi.isyo5xu
C:\ProgramData\win multi multi.kiqdj65
C:\ProgramData\win multi multi.prg7i7a

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\ProgramData\Admin Inter 1 Mags
C:\ProgramData\Admin Inter 1 Mags\play info.dat
C:\Program Files\Adverts
C:\Program Files\Circle Developement

--------------------\\ Verification du Registre

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mpeg Kind"="\"C:\\ProgramData\\win multi multi.86dn9t1\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 10:34:19
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 53

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Recent\Crack_The_Code_B_SCD_0769_01701.lnk
C:\Users\Sylvain\Documents\LACASSE COMMUNICATIONS\S2B COMMUNICATIONS\CONSIGNACTION-2\Campagne Boissons ‚nerg‚tiques\Pub 2 - ‚tudiant\musique\Crack_The_Code_B_SCD_0769_01701.mp3


[F:32][D:11]-> C:\Users\Sylvain\AppData\Local\Temp
[F:51][D:1]-> C:\Users\Sylvain\AppData\Roaming\MICROS~1\Windows\Cookies
[F:65][D:4]-> C:\Users\Sylvain\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:36][D:32]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 25-08-09|10:36 - Option : [1]

--------------------\\ Fin du rapport a 10:36:20
[ UAC => 1 ]
0
Réponse 9 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Bien maintenant fait ceci

~~~~~~~~~~~~~~~> Lop S&D <~~~~~~~~~~~~~~~~~~

- Relancer Lop S&D
- Dans le menu principal, tapez 2 puis validez par entrée.

- Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.
- Le nettoyage va prendre quelques minutes...
- Une fois l'opération terminée, le rapport de nettoyage s'ouvre.

- Poste ce rapport dans ton prochain message

0
Réponse 10 / 66
nicola-eusèbe
 
La dernière ôpération qu evous me suggérer est peut-être inutile: Mirar et StopZilla n'apparaissent plus ! Peut-être est-ce parce que j'avais mis plus tôt CC cleaner dans le coup? Merci en tout cas!
0
Réponse 11 / 66
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
Tu as d'autres infections.
0
Réponse 12 / 66
nicola-eusèbe
 
Voici non rapport une fois l'opération faite :

-------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz )
BIOS : Ver 1.00PARTTBLP
USER : Sylvain ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Norton Internet Security 2007 (Not Activated)
Firewall : Norton Internet Security 2007 (Not Activated)
C:\ (Local Disk) - NTFS - Total:69 Go (Free:23 Go)
D:\ (Local Disk) - NTFS - Total:69 Go (Free:69 Go)
E:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 25-08-09|15:52 )

[ UAC => 1 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\ProgramData\Admin Inter 1 Mags\play info.dat
Supprime! - C:\ProgramData\win multi multi.5ebkb
Supprime! - C:\ProgramData\SOAP BEEP BLUE.zuzed3
Supprime! - C:\ProgramData\win multi multi.460517
Supprime! - C:\ProgramData\win multi multi.4lvai7
Supprime! - C:\ProgramData\win multi multi.83n5m6
Supprime! - C:\ProgramData\win multi multi.8f6nl6
Supprime! - C:\ProgramData\win multi multi.w89t89
Supprime! - C:\ProgramData\win multi multi.isyo5xu
Supprime! - C:\ProgramData\win multi multi.kiqdj65
Supprime! - C:\ProgramData\win multi multi.prg7i7a
Supprime! - C:\ProgramData\Admin Inter 1 Mags
Supprime! - C:\Program Files\Adverts
Supprime! - C:\Program Files\Circle Developement
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans Local

[13-11-07|03:58] C:\Users\Sylvain\AppData\Local\acer eNM
[06-05-09|12:38] C:\Users\Sylvain\AppData\Local\Adobe
[27-03-08|21:19] C:\Users\Sylvain\AppData\Local\Apple
[12-10-08|13:02] C:\Users\Sylvain\AppData\Local\Apple Computer
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Application Data
[12-10-08|22:47] C:\Users\Sylvain\AppData\Local\d3d9caps.dat
[16-06-09|17:54] C:\Users\Sylvain\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[06-05-09|16:52] C:\Users\Sylvain\AppData\Local\GDIPFONTCACHEV1.DAT
[07-07-09|20:39] C:\Users\Sylvain\AppData\Local\Google
[21-07-09|21:42] C:\Users\Sylvain\AppData\Local\Graboid
[21-07-09|21:36] C:\Users\Sylvain\AppData\Local\Graboid_Inc
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\History
[24-08-09|18:47] C:\Users\Sylvain\AppData\Local\IconCache.db
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\MCE Deluxe Suite
[25-08-08|16:09] C:\Users\Sylvain\AppData\Local\Microsoft
[12-01-08|00:51] C:\Users\Sylvain\AppData\Local\Microsoft Games
[18-02-09|23:09] C:\Users\Sylvain\AppData\Local\Microsoft Help
[16-11-07|12:17] C:\Users\Sylvain\AppData\Local\PowerCinema
[12-01-08|21:43] C:\Users\Sylvain\AppData\Local\PowerDV
[15-01-09|14:58] C:\Users\Sylvain\AppData\Local\Sony
[25-08-09|15:52] C:\Users\Sylvain\AppData\Local\Temp
[13-11-07|03:55] C:\Users\Sylvain\AppData\Local\Temporary Internet Files
[30-11-07|12:31] C:\Users\Sylvain\AppData\Local\Thunderbird
[19-11-07|21:21] C:\Users\Sylvain\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[25-08-09 15:02][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{D10FB898-F793-4DEF-9EB2-0EB52D35AC1D}.job
[25-08-09 15:50][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{E6EA9C94-B29C-4D6C-B4C3-7019AE499AB8}.job
[01-12-07 17:24][--a------] C:\Windows\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[24-08-09 18:49][--ah-----] C:\Windows\tasks\SA.DAT
[24-08-09 18:48][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16-03-09|17:15] C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[12-04-09|21:11] C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[22-06-09|16:29] C:\ProgramData\Adobe
[27-03-08|21:18] C:\ProgramData\Apple
[24-11-08|11:24] C:\ProgramData\Apple Computer
[02-11-06|09:02] C:\ProgramData\Application Data
[23-06-09|08:13] C:\ProgramData\AVG Security Toolbar
[22-03-09|18:36] C:\ProgramData\avg8
[19-11-07|21:23] C:\ProgramData\CyberLink
[02-11-06|09:02] C:\ProgramData\Desktop
[02-11-06|09:02] C:\ProgramData\Documents
[21-02-09|17:11] C:\ProgramData\ezsidmv.dat
[02-11-06|09:02] C:\ProgramData\Favorites
[07-05-09|19:18] C:\ProgramData\Google
[13-11-07|03:56] C:\ProgramData\InstallShield
[03-12-07|18:29] C:\ProgramData\Messenger Plus!
[02-04-08|13:10] C:\ProgramData\Microsoft
[18-08-09|12:23] C:\ProgramData\Microsoft Help
[11-12-08|10:15] C:\ProgramData\NOS
[31-12-07|20:04] C:\ProgramData\NtiDvdCopy
[24-08-09|16:52] C:\ProgramData\SITEguard
[21-02-09|17:08] C:\ProgramData\Skype
[03-05-09|12:36] C:\ProgramData\Software Platform View
[15-01-09|15:00] C:\ProgramData\Sony
[02-11-06|09:02] C:\ProgramData\Start Menu
[25-08-09|15:45] C:\ProgramData\STOPzilla!
[11-10-08|14:23] C:\ProgramData\Symantec
[02-11-06|09:02] C:\ProgramData\Templates
[23-02-09|10:50] C:\ProgramData\WindowsSearch
[08-03-08|16:29] C:\ProgramData\WLInstaller
[18-11-07|05:54] C:\ProgramData\Yahoo! Companion

--------------------\\ Listing des dossiers dans C:\Program Files

[10-04-07|05:52] C:\Program Files\Acer Arcade Deluxe
[13-11-07|03:56] C:\Program Files\Acer Assist
[13-11-07|03:56] C:\Program Files\Acer Inc
[13-11-07|03:56] C:\Program Files\Acer Registration
[25-03-08|18:38] C:\Program Files\activePDF
[10-12-08|13:47] C:\Program Files\Adobe
[22-05-08|15:47] C:\Program Files\Adobe Media Player
[26-06-08|20:02] C:\Program Files\Animation-ish HomeTrial
[03-09-08|15:03] C:\Program Files\Apple Software Update
[22-03-09|18:36] C:\Program Files\AVG
[22-12-08|15:40] C:\Program Files\Bonjour
[24-08-09|18:27] C:\Program Files\CCleaner
[24-08-09|16:09] C:\Program Files\Common Files
[10-04-07|05:14] C:\Program Files\CONEXANT
[10-04-07|05:30] C:\Program Files\CyberLink
[31-12-07|19:38] C:\Program Files\EA Games
[25-07-09|12:10] C:\Program Files\FunWebProducts
[07-05-09|20:17] C:\Program Files\Google
[21-07-09|21:35] C:\Program Files\Graboid
[19-11-07|13:46] C:\Program Files\Grisoft
[21-08-08|11:53] C:\Program Files\IKEA HomePlanner
[26-06-08|20:02] C:\Program Files\InstallShield Installation Information
[10-04-07|04:53] C:\Program Files\Intel
[29-07-09|22:54] C:\Program Files\Internet Explorer
[20-07-09|14:09] C:\Program Files\iPod
[20-07-09|14:09] C:\Program Files\iTunes
[04-04-09|22:55] C:\Program Files\Java
[18-05-07|03:18] C:\Program Files\Launch Manager
[19-06-09|13:50] C:\Program Files\LimeWire
[18-11-07|06:11] C:\Program Files\Maxis
[31-03-08|19:22] C:\Program Files\MFInstall
[02-11-06|08:37] C:\Program Files\Microsoft Games
[18-03-08|21:38] C:\Program Files\Microsoft Office
[18-08-09|12:56] C:\Program Files\Microsoft Silverlight
[18-03-08|21:38] C:\Program Files\Microsoft Visual Studio
[18-03-08|21:34] C:\Program Files\Microsoft Visual Studio 8
[18-03-08|21:39] C:\Program Files\Microsoft Works
[18-03-08|21:37] C:\Program Files\Microsoft.NET
[07-10-08|08:10] C:\Program Files\Movie Maker
[21-07-09|21:35] C:\Program Files\Mozilla ActiveX Control v1.7.12
[03-08-08|17:17] C:\Program Files\Mozilla Thunderbird
[18-03-08|21:38] C:\Program Files\MSBuild
[18-11-07|04:01] C:\Program Files\MSXML 4.0
[24-07-09|12:53] C:\Program Files\MyWebSearch
[10-04-07|05:28] C:\Program Files\NewTech Infosystems
[11-12-08|10:15] C:\Program Files\NOS
[19-11-07|14:47] C:\Program Files\OpenOffice.org 2.3
[18-11-07|06:49] C:\Program Files\OpenOffice.org 2.3 Language Pack (Fran‡ais) Installation Files
[02-04-08|13:23] C:\Program Files\Oxy-Gen
[07-05-09|17:14] C:\Program Files\PAV
[07-06-09|21:37] C:\Program Files\QuickTime
[22-06-09|16:29] C:\Program Files\Radio-Canada
[10-04-07|05:04] C:\Program Files\Realtek
[02-11-06|08:37] C:\Program Files\Reference Assemblies
[24-08-09|10:25] C:\Program Files\Safari
[21-02-09|17:08] C:\Program Files\Skype
[10-04-07|05:26] C:\Program Files\SMSC
[15-01-09|14:57] C:\Program Files\Sony
[15-01-09|14:57] C:\Program Files\Sony Ericsson
[24-08-09|19:14] C:\Program Files\STOPzilla!
[10-04-07|05:09] C:\Program Files\Synaptics
[02-04-08|13:10] C:\Program Files\Uniblue
[02-11-06|09:01] C:\Program Files\Uninstall Information
[21-07-09|21:35] C:\Program Files\VideoLAN
[07-10-08|08:10] C:\Program Files\Windows Calendar
[07-10-08|08:10] C:\Program Files\Windows Collaboration
[07-10-08|08:09] C:\Program Files\Windows Defender
[07-10-08|08:10] C:\Program Files\Windows Journal
[01-12-07|17:27] C:\Program Files\Windows Live
[01-12-07|17:24] C:\Program Files\Windows Live Favorites
[01-12-07|17:24] C:\Program Files\Windows Live Toolbar
[18-08-09|12:04] C:\Program Files\Windows Mail
[18-08-09|12:54] C:\Program Files\Windows Media Player
[02-11-06|08:37] C:\Program Files\Windows NT
[07-10-08|08:10] C:\Program Files\Windows Photo Gallery
[07-10-08|08:10] C:\Program Files\Windows Sidebar
[13-11-07|03:56] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[18-03-09|16:45] C:\Program Files\Common Files\Adobe
[22-05-08|15:47] C:\Program Files\Common Files\Adobe AIR
[20-07-09|14:09] C:\Program Files\Common Files\Apple
[18-03-08|21:38] C:\Program Files\Common Files\DESIGNER
[13-11-07|03:56] C:\Program Files\Common Files\InstallShield
[24-08-09|16:09] C:\Program Files\Common Files\iS3
[18-11-07|09:19] C:\Program Files\Common Files\Java
[10-04-07|05:27] C:\Program Files\Common Files\LightScribe
[06-03-09|00:14] C:\Program Files\Common Files\microsoft shared
[10-04-07|05:27] C:\Program Files\Common Files\muvee Technologies
[10-04-07|05:28] C:\Program Files\Common Files\NewTech Infosystems
[02-11-06|07:18] C:\Program Files\Common Files\Services
[21-02-09|17:08] C:\Program Files\Common Files\Skype
[02-11-06|07:18] C:\Program Files\Common Files\SpeechEngines
[11-10-08|14:23] C:\Program Files\Common Files\Symantec Shared
[07-10-08|08:09] C:\Program Files\Common Files\System
[01-12-07|17:22] C:\Program Files\Common Files\WindowsLiveInstaller
[21-08-08|11:52] C:\Program Files\Common Files\Wise Installation Wizard

--------------------\\ Process

( 89 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 15:52:42
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 53

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\Users\Sylvain\AppData\Roaming\Microsoft\Windows\Recent\Crack_The_Code_B_SCD_0769_01701.lnk
C:\Users\Sylvain\Documents\LACASSE COMMUNICATIONS\S2B COMMUNICATIONS\CONSIGNACTION-2\Campagne Boissons ‚nerg‚tiques\Pub 2 - ‚tudiant\musique\Crack_The_Code_B_SCD_0769_01701.mp3


[F:31][D:11]-> C:\Users\Sylvain\AppData\Local\Temp
[F:61][D:1]-> C:\Users\Sylvain\AppData\Roaming\MICROS~1\Windows\Cookies
[F:66][D:4]-> C:\Users\Sylvain\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:36][D:32]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 25-08-09|10:36 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 25-08-09|15:54 - Option : [2]

--------------------\\ Fin du rapport a 15:54:47
[ UAC => 1 ]
0
Réponse 13 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Refait un log Hijack
0
Réponse 14 / 66
nicola-eusèbe
 
je n'arrive pas à le télécharger : zongPay m'a même facturé 3$ mais quand je clique sur l'icône de téléchargement, il se passe rien du tout. ;-(
0
Réponse 15 / 66
nicola-eusèbe
 
enfin, voici ce que j'ai obtenu :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:39, on 25-08-09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Acer\Empowering Technology\eDSMSNfix.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Sylvain\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Sylvain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9DQT8ZIG\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://ici.radio-canada.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.ca.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.ca.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O3 - Toolbar: (no name) - {A7AFE4D8-E79B-471C-8664-30695E37CF5B} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDSMSNfix] C:\Acer\Empowering Technology\eDSMSNfix.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [DealAssistant] C:\Users\Sylvain\AppData\Roaming\DealAssistant\dealassistant.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {17D667BA-5675-4AAB-9221-08B9379384D4} (Image Uploader Control) - http://cdnimg.piczo.com/images/uploader/piczo_fast_uploader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {861DB4B6-3838-11D2-8E50-002018200E57} (MrSIDI Control) - http://data6.archives.ca/mrsidi_cab/MrSIDI.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: avgrsstx.dll eNetHook.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 16 / 66
XaTon Messages postés 2160 Statut Membre 208
 
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"

La bébête est toujours présente

Est ce que je passe a OTM Destrio5 ?
0
Réponse 17 / 66
Destrio5 Messages postés 99820 Statut Modérateur 10 304
 
"La bébête est toujours présente"
--> Il y a juste la trace dans le registre donc fais fixer la ligne. Le fichier est déjà supprimé.

"C:\Program Files\FunWebProducts
C:\Program Files\MyWebSearch "
--> A virer avec Ad-Remover par exemple.
0
Réponse 18 / 66
XaTon Messages postés 2160 Statut Membre 208
  
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\dvd dead show.b83mmas"


Coche cette ligne et clic ensuite sur Fixcheked

Ensuite , tu vas faire ceci

~~~~~~~~~~~~~~~> Ad-Remover <~~~~~~~~~~~~~~~~~~~

/!\ Désactive temporairement ton antivirus /!\

Télécharge AD-Remover (de Cyrildu17 / C_XX) sur ton Bureau.

> http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

* Lance l'installation avec les paramètres par défaut.
* Double-clique sur le raccourci Ad-Remover sur ton Bureau.
* Choisit ta langue F pour française.
* Au menu principal, choisis l'option S.

/!\ Laisse travailler l'outil /!\


* Poste le rapport qui apparaît à la fin.


(Le rapport est sauvegardé aussi sous C:\Ad-report(date).log)

(CTRL+A pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

Note :

"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.


0
Réponse 19 / 66
nicola-eusèbe
 
Comment je fais pour désactiver temporairement mon anti-virus?
0
Réponse 20 / 66
XaTon Messages postés 2160 Statut Membre 208
 
Clic droit sur l'icone a coté de l'horloge et faire désactiver
0

Discussions similaires

virus abetterinternet.aurora et mirar
manu04 -
Utilisateur anonyme -

29 réponses