Rapport hijackthis peu etre virus?
ouha
Messages postés
169
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
j'ai mon pc qui trés lent et je pense qu'il est infecté car je n'est pas installez d'antivirus et je vous poste un rapport hijackthis si quelqu'n peu me dire si mon pc est infecté merci d'avance
rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:24, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
c:\windows\system32\cmd.exe
c:\windows\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ww11.kingkongsearch.com/search-kkc-hm.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
O1 - Hosts: ;Tag&rename
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [svchost64.exe] c:\windows\system32\svchost64.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://bdube_667637.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.7.5:1001/activex/AxisCamControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
j'ai mon pc qui trés lent et je pense qu'il est infecté car je n'est pas installez d'antivirus et je vous poste un rapport hijackthis si quelqu'n peu me dire si mon pc est infecté merci d'avance
rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:24, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
c:\windows\system32\cmd.exe
c:\windows\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ww11.kingkongsearch.com/search-kkc-hm.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
O1 - Hosts: ;Tag&rename
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Administrateur\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [svchost64.exe] c:\windows\system32\svchost64.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://bdube_667637.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.7.5:1001/activex/AxisCamControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Rapport hijackthis peu etre virus?
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Plan rapport de stage - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
4 réponses
bonsoir,
ton PC est infecté
Télécharge Ad remover (sur le bureau) http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
.Installer AD REMOVER Lance Ad remover à partir de l'icône sur le bureau. Au menu principal, choisir l'option L Afficher le rapport qui apparait sur le prochain post (C:\Ad-report.log). Process.exe, une composante de l'outil est détectée par certains anti-virus (Antivir,Dr Web, Kaspersky) comme étant un Risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à un processus. Mis entre mauvaises mains, cet utilitaire pourrai arrêter des logiciels de sécurité (Anti-virus, Firewall) d'où l'alerte émise par ces anti-virus.
ton PC est infecté
Télécharge Ad remover (sur le bureau) http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe
.Installer AD REMOVER Lance Ad remover à partir de l'icône sur le bureau. Au menu principal, choisir l'option L Afficher le rapport qui apparait sur le prochain post (C:\Ad-report.log). Process.exe, une composante de l'outil est détectée par certains anti-virus (Antivir,Dr Web, Kaspersky) comme étant un Risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à un processus. Mis entre mauvaises mains, cet utilitaire pourrai arrêter des logiciels de sécurité (Anti-virus, Firewall) d'où l'alerte émise par ces anti-virus.
salut merci de ta réponse voici le rapport:
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Q | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 26/08/2009 à 6:37 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:48:26, 28/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
Nom du PC: F317EC0F12DB4E6 | Utilisateur actuel: Administrateur
.
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCR\urlsearchhook.toolbarurlsearchhook
HKCR\urlsearchhook.toolbarurlsearchhook.1
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKLM\Software\EoRezo
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Download
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\help_config.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\unins000.dat
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\unins000.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\user_config.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\user_profil.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.2
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo
C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel
C:\Program Files\EoRezo\ConfMedia.cyp
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\EoRezoTools_29.dll
C:\Program Files\EoRezo\EoRezoTools_30.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar\4 Search w google search
C:\Program Files\IEToolbar\4 Search w google search\4search.crc
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar\4 Search w google search\4search.dll
C:\Program Files\IEToolbar\4 Search w google search\about.html
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar\4 Search w google search\autosearch_plugin.dll
C:\Program Files\IEToolbar\4 Search w google search\basis.xml
C:\Program Files\IEToolbar\4 Search w google search\demo_logo.bmp
C:\Program Files\IEToolbar\4 Search w google search\error.html
C:\Program Files\IEToolbar\4 Search w google search\icons.bmp
C:\Program Files\IEToolbar\4 Search w google search\info.bmp
C:\Program Files\IEToolbar\4 Search w google search\info.txt
C:\Program Files\IEToolbar\4 Search w google search\info2.bmp
C:\Program Files\IEToolbar\4 Search w google search\logo.bmp
C:\Program Files\IEToolbar\4 Search w google search\logo2.bmp
C:\Program Files\IEToolbar\4 Search w google search\search.bmp
C:\Program Files\IEToolbar\4 Search w google search\search2.bmp
C:\Program Files\IEToolbar\4 Search w google search\tbhelper.dll
C:\Program Files\IEToolbar\4 Search w google search\uninstall.exe
C:\Program Files\IEToolbar\4 Search w google search\version.txt
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel
C:\Program Files\SoftwareRevenue.org\4search.exe
C:\Program Files\SoftwareRevenue.org\as.bmp
C:\Program Files\SoftwareRevenue.org\EnglishHarbourIcon.ico
C:\Program Files\SoftwareRevenue.org\gle.bmp
C:\Program Files\SoftwareRevenue.org\partypoker.ico
C:\Program Files\SoftwareRevenue.org
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.2 *
.
Nom du profil: y5tml1z9.default (Administrateur)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.13");
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.8");
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.8");
(Invalidprefs.js) user_pref("print.printer_Canon_PIXMA_iP40œuser_pref("browser.startup.homepage", "hxxp://y.lo.st");
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs : res://ieframe.dll/tabswelcome.htm
.
===================================
.
9615 Octet(s) - C:\Ad-Report-CLEAN.log
.
1531 Fichier(s) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
.
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
90 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 23:10:19 | 28/08/2009
.
============== E.O.F ==============
.
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Q | UNIQUEMENT XP/VISTA/SEVEN =======
.
Mit à jour par C_XX le 26/08/2009 à 6:37 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 22:48:26, 28/08/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-remover\
Système d'exploitation: Microsoft® Windows XP™ v5.1.2600
Nom du PC: F317EC0F12DB4E6 | Utilisateur actuel: Administrateur
.
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
HKCR\AppID\{362A53B2-2913-4F8A-82F5-7E0A23FDC6F9}
HKCR\AppID\EoRezoBHO.DLL
HKCR\CLSID\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKCR\EoRezoBHO.EoBho
HKCR\EoRezoBHO.EoBho.1
HKCR\Typelib\{B6ACB3F1-6A83-432C-B854-3E1056F87F4E}
HKCR\urlsearchhook.toolbarurlsearchhook
HKCR\urlsearchhook.toolbarurlsearchhook.1
HKCU\Software\EoRezo
HKCU\Software\ItsLabel
HKLM\Software\EoRezo
HKLM\Software\ItsLabel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\eoEngine_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdate_is1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Softwarehelper
.
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\cmhost.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\ConfMedia.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\db
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoStats
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\host.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\user.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\db\cat.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop\config.xml
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop\eoDesktop.html
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\eoDesktop\userConfig.xml
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Download
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\help_config.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\unins000.dat
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\unins000.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\user_config.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\user_profil.cyp
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.2
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.3\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.0.6\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.0\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.2\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.3\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate\Software\itsTV\3.0.1.4\itstv.exe
C:\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo
C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel\ItsTV
C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel\ItsTV\itsTV.xml
C:\DOCUME~1\ADMINI~1\APPLIC~1\ItsLabel
C:\Program Files\EoRezo\ConfMedia.cyp
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\EoRezo\eoEngine.url
C:\Program Files\EoRezo\EoMultiLanguage.dll
C:\Program Files\EoRezo\EoRezoComm.dll
C:\Program Files\EoRezo\EoRezoImg_17.dll
C:\Program Files\EoRezo\EoRezoImg_19.dll
C:\Program Files\EoRezo\EoRezoImg_20.dll
C:\Program Files\EoRezo\EoRezoImg_21.dll
C:\Program Files\EoRezo\EoRezoImg_22.dll
C:\Program Files\EoRezo\EoRezoImg_23.dll
C:\Program Files\EoRezo\EoRezoTools_16.dll
C:\Program Files\EoRezo\EoRezoTools_17.dll
C:\Program Files\EoRezo\EoRezoTools_18.dll
C:\Program Files\EoRezo\EoRezoTools_20.dll
C:\Program Files\EoRezo\EoRezoTools_21.dll
C:\Program Files\EoRezo\EoRezoTools_26.dll
C:\Program Files\EoRezo\EoRezoTools_27.dll
C:\Program Files\EoRezo\EoRezoTools_28.dll
C:\Program Files\EoRezo\EoRezoTools_29.dll
C:\Program Files\EoRezo\EoRezoTools_30.dll
C:\Program Files\EoRezo\FreeImage.dll
C:\Program Files\EoRezo\Host.cyp
C:\Program Files\EoRezo\lang
C:\Program Files\EoRezo\MngInstaller.dll
C:\Program Files\EoRezo\unins000.dat
C:\Program Files\EoRezo\unins000.exe
C:\Program Files\EoRezo\user.cyp
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv\atl90.dll
C:\Program Files\EoRezo\EoAdv\EoAdv.dll
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo\EoAdv\mfc90.dll
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.ATL.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.CRT.manifest
C:\Program Files\EoRezo\EoAdv\Microsoft.VC90.MFC.manifest
C:\Program Files\EoRezo\EoAdv\msvcr90.dll
C:\Program Files\EoRezo\lang\ihm_eoclock.xml
C:\Program Files\EoRezo\lang\ihm_eoengine.xml
C:\Program Files\EoRezo\lang\ihm_eonet.xml
C:\Program Files\EoRezo\lang\ihm_eorezotools.xml
C:\Program Files\EoRezo\lang\ihm_eosudoku.xml
C:\Program Files\EoRezo\lang\ihm_eoweather.xml
C:\Program Files\EoRezo\lang\lang_en.xml
C:\Program Files\EoRezo\lang\lang_es.xml
C:\Program Files\EoRezo\lang\lang_fr.xml
C:\Program Files\EoRezo\lang\lang_it.xml
/!\ NON SUPPRIMÉ: C:\Program Files\EoRezo
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar\4 Search w google search
C:\Program Files\IEToolbar\4 Search w google search\4search.crc
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar\4 Search w google search\4search.dll
C:\Program Files\IEToolbar\4 Search w google search\about.html
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar\4 Search w google search\autosearch_plugin.dll
C:\Program Files\IEToolbar\4 Search w google search\basis.xml
C:\Program Files\IEToolbar\4 Search w google search\demo_logo.bmp
C:\Program Files\IEToolbar\4 Search w google search\error.html
C:\Program Files\IEToolbar\4 Search w google search\icons.bmp
C:\Program Files\IEToolbar\4 Search w google search\info.bmp
C:\Program Files\IEToolbar\4 Search w google search\info.txt
C:\Program Files\IEToolbar\4 Search w google search\info2.bmp
C:\Program Files\IEToolbar\4 Search w google search\logo.bmp
C:\Program Files\IEToolbar\4 Search w google search\logo2.bmp
C:\Program Files\IEToolbar\4 Search w google search\search.bmp
C:\Program Files\IEToolbar\4 Search w google search\search2.bmp
C:\Program Files\IEToolbar\4 Search w google search\tbhelper.dll
C:\Program Files\IEToolbar\4 Search w google search\uninstall.exe
C:\Program Files\IEToolbar\4 Search w google search\version.txt
/!\ NON SUPPRIMÉ: C:\Program Files\IEToolbar
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\ItsLabel
C:\Program Files\SoftwareRevenue.org\4search.exe
C:\Program Files\SoftwareRevenue.org\as.bmp
C:\Program Files\SoftwareRevenue.org\EnglishHarbourIcon.ico
C:\Program Files\SoftwareRevenue.org\gle.bmp
C:\Program Files\SoftwareRevenue.org\partypoker.ico
C:\Program Files\SoftwareRevenue.org
(!) -- Fichiers temporaires supprimés.
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.2 *
.
Nom du profil: y5tml1z9.default (Administrateur)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Live Search");
(Prefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://fr.msn.com/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.13");
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.8");
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.8");
(Invalidprefs.js) user_pref("print.printer_Canon_PIXMA_iP40œuser_pref("browser.startup.homepage", "hxxp://y.lo.st");
.
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://home.microsoft.com/access/allinone.asp
Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs : res://ieframe.dll/tabswelcome.htm
.
===================================
.
9615 Octet(s) - C:\Ad-Report-CLEAN.log
.
1531 Fichier(s) - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
.
16 Fichier(s) - C:\Program Files\Ad-remover\BACKUP
90 Fichier(s) - C:\Program Files\Ad-remover\QUARANTINE
.
Fin à: 23:10:19 | 28/08/2009
.
============== E.O.F ==============
.
cool voici le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:48, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\windows\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
O1 - Hosts: ;Tag&rename
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [svchost64.exe] c:\windows\system32\svchost64.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://bdube_667637.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.7.5:1001/activex/AxisCamControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51:48, on 28/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe
C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE
C:\windows\system32\cmd.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\ping.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4FDDEB42-B849-4CBB-88D2-6D365CB942AC} - (no file)
O1 - Hosts: ;Tag&rename
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: XBTB06872 - {5FCB2823-9A85-48AF-8368-0D8D7A0C5E55} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 4 Search w google search - {0C9A45D1-6DF3-4615-9353-07FB5EE9B507} - C:\Program Files\IEToolbar\4 Search w google search\4search.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [svchost64.exe] c:\windows\system32\svchost64.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\Administrateur\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Global Startup: PageKeeper Jobs.lnk = C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe
O4 - Global Startup: Wireless Configuration Utility.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.google.fr/?gws_rd=ssl
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://bdube_667637.axiscam.net:9000/activex/AMC.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.128.7.5:1001/activex/AxisCamControl.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O4 - HKLM\..\Run: [svchost64.exe] c:\windows\system32\svchost64.exe
pas bon
Télécharge malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
pas bon
Télécharge malwarebytes' anti-malware
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
Enregistre le sur le bureau
Double-clique sur l'icône Download_mbam-setup.exe pour lancer le processus d'installation
Si la pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
Il va se mettre à jour une fois faite
Va dans l'onglet recherche
Sélectionne exécuter un examen complet
Clique sur rechercher
Le scan démarre
A la fin de l'analyse, le message s'affiche: L'examen s'est terminé normalement.
Clique sur afficher les résultats pour afficher les objets trouvés
Clique sur OK pour pousuivre
Si des malwares ont été détectés, cliquer sur afficher les résultats
Sélectionne tout (ou laisser coché)
Clique sur supprimer la sélection
Malwarebytes va détruire les fichiers et les clés de registre et en mettre une
copie dans la quarantaine
Malewarebytes va ouvrir le bloc-note et y copier le rapport
Redémarre le PC
Une fois redémarré, double-clique sur Malewarebytes
Va dans l'onglet rapport/log
Clique dessus pour l'afficher une fois affiché, cliquer sur édition en haut du
bloc-note puis sur sélectionner tout
Revient sur édition, puis sur copier et revient sur le forum et dans ta réponse
Clic droit dans le cadre de la réponse et coller
voila le rapport malwarebytes:
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2710
Windows 5.1.2600 Service Pack 3
29/08/2009 01:45:54
mbam-log-2009-08-29 (01-45-54).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158961
Temps écoulé: 1 hour(s), 21 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\toolbar3.xbtb06872 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4f7535b8-ba1f-4a35-99cc-4edddcafe58e} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10bbc89a-027b-475b-82f7-155db8f4e95e} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{865c15ae-01b0-48c3-ba13-ba5008f64344} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5fcb2823-9a85-48af-8368-0d8d7a0c5e55} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fcb2823-9a85-48af-8368-0d8d7a0c5e55} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fcb2823-9a85-48af-8368-0d8d7a0c5e55} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.xbtb06872.1 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.ietoolbar (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.ietoolbar.1 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.xbtb06872 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.xbtb06872.3 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4fddeb42-b849-4cbb-88d2-6d365cb942ac} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBTB06872 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4fddeb42-b849-4cbb-88d2-6d365cb942ac} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\IEToolbar\4 Search w Google search (Adware.ActiveSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\IEToolbar\4 Search w google search\4search.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdateHP.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoEngine.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoRezoBHO.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\4search.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\autosearch_plugin.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\4SEARC~1\4search.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\4SEARC~1\autosearch_plugin.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\SOFTWA~1.ORG\4search.exe (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\4 Search w google search\autosearch_plugin.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061897.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061898.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061914.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061919.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061944.exe (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mi1.exe (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\camKernel.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\svchost64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2710
Windows 5.1.2600 Service Pack 3
29/08/2009 01:45:54
mbam-log-2009-08-29 (01-45-54).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 158961
Temps écoulé: 1 hour(s), 21 minute(s), 18 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\toolbar3.xbtb06872 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4f7535b8-ba1f-4a35-99cc-4edddcafe58e} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{10bbc89a-027b-475b-82f7-155db8f4e95e} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{865c15ae-01b0-48c3-ba13-ba5008f64344} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5fcb2823-9a85-48af-8368-0d8d7a0c5e55} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fcb2823-9a85-48af-8368-0d8d7a0c5e55} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fcb2823-9a85-48af-8368-0d8d7a0c5e55} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\toolbar3.xbtb06872.1 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.ietoolbar (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.ietoolbar.1 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.xbtb06872 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xbtb06872.xbtb06872.3 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4fddeb42-b849-4cbb-88d2-6d365cb942ac} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBTB06872 (Adware.ActiveSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0c9a45d1-6df3-4615-9353-07fb5ee9b507} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4fddeb42-b849-4cbb-88d2-6d365cb942ac} (Adware.ActiveSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\IEToolbar\4 Search w Google search (Adware.ActiveSearch) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\IEToolbar\4 Search w google search\4search.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdate.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\DOCUME~1\ADMINI~1\APPLIC~1\EoRezo\SoftwareUpdateHP.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoEngine.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoRezoBHO.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\4search.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\autosearch_plugin.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\4SEARC~1\4search.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\IETOOL~1\4SEARC~1\autosearch_plugin.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\Ad-remover\QUARANTINE\PROGRA~1\SOFTWA~1.ORG\4search.exe (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\IEToolbar\4 Search w google search\autosearch_plugin.dll (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061897.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061898.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061914.dll (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061919.exe (Adware.EoRezo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{77116B72-1614-4AE5-8E53-322EF2CEE950}\RP486\A0061944.exe (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mi1.exe (Adware.ActiveSearch) -> Quarantined and deleted successfully.
C:\Program Files\camKernel.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\svchost64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
