Bonjour,je suis infecter par un Spyware.SpyArsenalLog malgrer les différente analyse avec Arovax, Malwarebytes' et spybot. Alors comment supprimer Spyware.SpyArsenalLog. Merci.

Salut, fais ceci pour un diagnostic complet du PC : -+-+-+-> ZHPDiag <-+-+-+- [x] Télécharge ZHPDiag ( de Nicolas coolman ). [x] Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " ) [x] Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau ( Clique droit -> Executer en tant qu'admin ( vista ) ) [x] Clique sur la loupe en haut à gauche, puis laisse l'outil scanner. [x] Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. [x] Rend toi sur Cjoint [x] Clique sur " Parcourir " dans la partie " Joindre un fichier[...] " [x] Séléctionne le rapport ZHPdiag.txt qui se trouve sur ton bureau [x] Clique ensuite sur " Créer le lien cjoint " et copie/colle le dans ton prochain message

voila https://www.cjoint.com/?kDmrj8QPu1

-+-+-+-> ZHPfix <-+-+-+- [x] Relance ZHPDiag ( clic droit -> executer en tant qu'admin (vista) ) , fais un scan puis cette fois-ci cliques sur l'icone en forme d'écusson vert " ZHPFix ". [x] ZHPFix se lancera, clique maintenant sur le " H " bleu ( coller les lignes helper ) puis copie/colle dans l'encadré jaune ce qui se trouve à ce lien : https://www.cjoint.com/?kDmBCLy4An [x] Clique sur " Ok " , puis " Tous " et enfin " Nettoyer ". [x] Copie/Colle le rapport à l'écran dans ton prochain message

ZHPFix v1.12.19 by Nicolas Coolman - Rapport de suppression du 29.10.2009 12:31:45 Fichier d'export Registre : C:\ZHPExportRegistry-29.10.2009-12-31-45.txt Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html Processus mémoire : (Néant) Module mémoire : (Néant) Clé du Registre : O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game13.zylom.com/activex/zylomgamesplayer.cab => Clé absente O40 - ASIC: Microsoft Windows Media Player - {37BF7077-141C-C584-0B15-58BAECE20B0A} - (not file) => Clé absente O64 - Services: CurCS - Boonty Games (Boonty Games) - LEGACY_BOONTY_GAMES => Clé absente O64 - Services: CurCS - d617b9f8 (d617b9f8) - LEGACY_D617B9F8 => Clé absente O64 - Services: CurCS - f4aab18b (f4aab18b) - LEGACY_F4AAB18B => Clé absente O64 - Services: CurCS - Google Update Service (gupdate1c98c4ce11c608a) (gupdate1c98c4ce11c608a) - LEGACY_GUPDATE1C98C4CE11C608A => Clé absente Valeur du Registre : O4 - HKLM\..\Run: [ftutil2] rundll32.exe" ftutil2.dll,SetWriteCacheMode => Valeur absente O47 - AAKE:Key Export SP - "C:\Program Files\Allocam Multi Visio\allocam.exe"="C:\Program Files\Allocam Multi Visio\allocam.exe:*:Enabled:Multi Video" => Valeur absente O47 - AAKE:Key Export SP - "C:\PROGRA~1\ALLOCA~1\allocam.exe"="C:\PROGRA~1\ALLOCA~1\allocam.exe:*:Enabled:Multi Video" => Valeur absente Elément de données du Registre : (Néant) Dossier : C:\Program Files\Fichiers Communs\BOONTY Shared => Dossier absent Fichier : rundll32.exe" ftutil2.dll => Fichier absent c:\windows\fakeinlogpass.txt => Fichier absent Logiciel : (Néant) Script Registre : (Néant) Autre : (Néant) Récapitulatif : Processus mémoire : 0 Module mémoire : 0 Clé du Registre : 6 Valeur du Registre : 3 Elément de données du Registre : 0 Dossier : 1 Fichier : 2 Logiciel : 0 Autre : 0 End of the scan

Tu es sûr de ne pas l'avoir déjà lancé une fois ? car la il a rien supprimé... Refais un ZHPDiag pour vérification

https://www.cjoint.com/?kDmNpSBXXO

Ok, elles n'y sont plus, tu as du lancer deux fois le fix ^^ -+-+-+-> List&Kill'em <-+-+-+- [x] Télécharge List&Kill'em ( de Gen-Hackman ) sur ton bureau. [x] /!\ Désactive tes protections résidentes ( Antivirus, Pare-feu, Anti-spyware ) le temps du scan /!\ [x] Double clique sur list_killem.exe ( clique droit -> executer en tant qu'administrateur ( vista ) ) [x] Choisis l'option F ( français ) puis l'option 1 ( Recherche ) [x] Laisse le scan s'opérer, puis copie/colle le contenu du rapport qui s'ouvrira dans ton prochain message

List'em by g3n-h@ckm@n 1.0.4.7 User : Raphaël (Utilisateurs avec pouvoir) # NOM-FB9B15D2723 Update on 27/10/2009 by g3n-h@ckm@n ::::: 11.30 Start at: 12:45:26 | 29.10.2009 Contact : g3n-h@ckm@n sur CCM Intel(R) Pentium(R) 4 CPU 3.00GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ] C:\ -> Disque fixe local | 226.38 Go (189.94 Go free) [PRESARIO] | NTFS D:\ -> Disque fixe local | 6.48 Go (1.84 Go free) [PRESARIO_RP] | FAT32 E:\ -> Disque CD-ROM F:\ -> Disque amovible G:\ -> Disque amovible H:\ -> Disque amovible I:\ -> Disque amovible Z:\ -> Disque fixe local | 46.89 Mo (46.89 Mo free) [RAMDisk] | FAT Nom de l'image PIDÿ Nom de la sessio Num‚ro d Utilisation ========================= ====== ================ ======== ============ System Idle Process 0 Console 0 28 Ko System 4 Console 0 236 Ko smss.exe 620 Console 0 416 Ko csrss.exe 712 Console 0 4,908 Ko winlogon.exe 764 Console 0 5,588 Ko services.exe 816 Console 0 3,648 Ko lsass.exe 828 Console 0 2,544 Ko ati2evxx.exe 1028 Console 0 2,404 Ko svchost.exe 1044 Console 0 7,292 Ko svchost.exe 1104 Console 0 6,624 Ko svchost.exe 1180 Console 0 32,192 Ko svchost.exe 1304 Console 0 3,712 Ko svchost.exe 1360 Console 0 4,716 Ko spoolsv.exe 1540 Console 0 5,316 Ko sched.exe 1612 Console 0 844 Ko ati2evxx.exe 1852 Console 0 3,212 Ko GoogleCrashHandler.exe 1996 Console 0 564 Ko explorer.exe 184 Console 0 33,488 Ko RTHDCPL.EXE 724 Console 0 6,140 Ko ArovaxAntiSpyware.exe 728 Console 0 24,372 Ko issch.exe 776 Console 0 1,336 Ko hpsysdrv.exe 884 Console 0 1,884 Ko jusched.exe 1056 Console 0 9,296 Ko avgnt.exe 1172 Console 0 2,316 Ko realsched.exe 1244 Console 0 208 Ko GoogleQuickSearchBox.exe 1256 Console 0 18,896 Ko msnmsgr.exe 1216 Console 0 10,068 Ko Launcher.exe 1316 Console 0 26,652 Ko ctfmon.exe 1408 Console 0 4,272 Ko Core.exe 1484 Console 0 11,512 Ko GoogleToolbarNotifier.exe 880 Console 0 2,412 Ko wmpnscfg.exe 1620 Console 0 4,152 Ko GoogleCrashHandler.exe 1692 Console 0 548 Ko AlertModule.exe 1864 Console 0 4,744 Ko ImApp.exe 656 Console 0 2,140 Ko avguard.exe 900 Console 0 9,184 Ko arservice.exe 444 Console 0 2,588 Ko SystrayApp.exe 1212 Console 0 5,624 Ko ConnectivityManager.exe 976 Console 0 7,448 Ko CoreCom.exe 1916 Console 0 12,700 Ko ehrecvr.exe 2280 Console 0 4,652 Ko ehSched.exe 2336 Console 0 2,716 Ko E_S40RP7.EXE 2360 Console 0 1,516 Ko FTRTSVC.exe 2440 Console 0 2,852 Ko jqs.exe 2588 Console 0 1,380 Ko LSSrvc.exe 2660 Console 0 2,568 Ko SeaPort.exe 2800 Console 0 7,840 Ko svchost.exe 2932 Console 0 6,016 Ko svchost.exe 3248 Console 0 4,784 Ko mcrdsvc.exe 3516 Console 0 3,140 Ko svchost.exe 268 Console 0 3,528 Ko wmiprvse.exe 1292 Console 0 5,312 Ko wmpnetwk.exe 2164 Console 0 8,144 Ko dllhost.exe 2680 Console 0 6,304 Ko alg.exe 3320 Console 0 3,624 Ko OraConfigRecover.exe 3620 Console 0 1,640 Ko FTCOMModule.exe 3752 Console 0 3,044 Ko wlcomm.exe 1980 Console 0 27,328 Ko firefox.exe 3220 Console 0 67,268 Ko wscntfy.exe 2696 Console 0 3,644 Ko List_Killem.exe 3256 Console 0 5,472 Ko cmd.exe 3040 Console 0 1,768 Ko wmiprvse.exe 2376 Console 0 7,168 Ko tasklist.exe 3708 Console 0 5,240 Ko ====================== Cles de demarrage "Run" ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background" "IncrediMail"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe /c" "Google Update"="\"C:\\Documents and Settings\\Quentin\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe\" /c" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "EA Core"="\"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe\" -silent" "swg"="\"C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe\"" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" "Arovax AntiSpyware"="\"C:\\Program Files\\Arovax AntiSpyware\\arovaxantispyware.exe\" /s" "ISUSPM Startup"="C:\\PROGRA~1\\FICHIE~1\\INSTAL~1\\UPDATE~1\\ISUSPM.exe -startup" "ISUSScheduler"="\"C:\\Program Files\\Fichiers communs\\InstallShield\\UpdateService\\issch.exe\" -start" "ALCMTR"="ALCMTR.EXE" "hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe" "ORAHSSSessionManager"="C:\\Program Files\\OrangeHSS\\SessionManager\\SessionManager.exe" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\"" "avgnt"="\"C:\\Program Files\\Avira\\AntiVir Desktop\\avgnt.exe\" /min" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "Google Quick Search Box"="\"C:\\Program Files\\Google\\Quick Search Box\\GoogleQuickSearchBox.exe\" /autorun" "Malwarebytes Anti-Malware (reboot)"="\"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe\" /runcleanupscript" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" @="" ===================== cles additionnelles ===================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\ 00,53,00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,\ 54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,\ 00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,00,6d,00,73,00,73,00,74,00,\ 79,00,6c,00,65,00,73,00,00,00 "InstallTheme"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\ 00,5c,00,52,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,00,54,00,\ 68,00,65,00,6d,00,65,00,73,00,5c,00,52,00,6f,00,79,00,61,00,6c,00,65,00,2e,\ 00,74,00,68,00,65,00,6d,00,65,00,00,00 "ConsentPromptBehaviorAdmin"=dword:00000000 "EnableLUA"=dword:00000000 "ConsentPromptBehaviorUser"=dword:00000000 =============== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] =============== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" ====== BHO : ====== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] @="AcroIEHelperStub" "NoExplorer"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] @="Search Helper" "NoExplorer"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] "NoExplorer"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] @="JQSIEStartDetectorImpl" "NoExplorer"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\EWPP] "InternetExplore"="Called" "FileExplorer"="Called" "FileBrowser"="Called" ========================== =============== Path : C:\Program Files\Mozilla Firefox;C:\Program Files\COSMOS Applications;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\Fichiers communs\GIS\Tools;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static =============== ¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents : C:\Documents and Settings\All Users\Application Data\AGI C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\Program Files\AGI C:\WINDOWS\cookies.ini C:\WINDOWS\kb913800.exe C:\WINDOWS\System32\mcrh.tmp C:\WINDOWS\system32\sqlite3.dll C:\Documents and Settings\Quentin\Local Settings\Application Data\cwuciwq.exe C:\Documents and Settings\Quentin\Local Settings\Application Data\eyimo.exe C:\Documents and Settings\Quentin\LOCAL Settings\Temp\8BD54F3E-DD19-4a69-93D8-5C6A5BBBE20E.exe C:\Documents and Settings\Quentin\LOCAL Settings\Temp\bis304.exe C:\Documents and Settings\Quentin\LOCAL Settings\Temp\ytb.exe ¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} HKCU\SOFTWARE\fcn HKCU\SOFTWARE\Microsoft\contim HKCU\Software\Microsoft\Windows\CurrentVersion\Shell "HKLM\Software\Trymedia Systems" HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF HKLM\SYSTEM\ControlSet001\Services\npf HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_NPF HKLM\SYSTEM\ControlSet002\Services\npf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF HKLM\SYSTEM\CurrentControlSet\Services\npf ¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch : ADBLOCKER.EXE-236FB4B0.pf ALCMTR.EXE-235F9538.pf ALG.EXE-0F138680.pf ALLOCAM.EXE-1586E517.pf ANTEFIRSTPLAY.EXE-19F644D7.pf ANTIPUB.EXE-1A3621C8.pf ANTIPUB.EXE-363A62C3.pf AROVAXANTISPYWARE.EXE-2A7D4496.pf ATI2EVXX.EXE-19D16EB9.pf AU_.EXE-2851E2FE.pf AVGNT.EXE-200FEF40.pf AVNOTIFY.EXE-05ED5FD8.pf AVWSC.EXE-0283F9DD.pf BOLDMA~1.EXE-3293129D.pf BU_.EXE-36CAA027.pf CCLEANER.EXE-0BCE437C.pf CHCP.COM-18156052.pf CHROME.EXE-073BF07E.pf CMD.EXE-087B4001.pf CONNECTIVITYMANAGER.EXE-28554869.pf CONTROL.EXE-013DBFB5.pf CORE.EXE-0535AB52.pf CORECOM.EXE-0966857E.pf DLLHOST.EXE-5353C76C.pf DRWTSN32.EXE-2B4B52AC.pf DUMPREP.EXE-1B46F901.pf DWWIN.EXE-30875ADC.pf EXPLORER.EXE-082F38A9.pf FIND.EXE-0EC32F1E.pf FINDSTR.EXE-0CA6274B.pf FIREFOX.EXE-28641590.pf FTCOMMODULE.EXE-1B4BA6F0.pf GOOGLECRASHHANDLER.EXE-1A9F3296.pf GOOGLECRASHHANDLER.EXE-2CF4D4FC.pf GOOGLEUPDATE.EXE-0A2D426C.pf GOOGLEUPDATE.EXE-1E123D86.pf GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf GUARDGUI.EXE-00ECD849.pf HELPCTR.EXE-3862B6F5.pf HELPHOST.EXE-247D2792.pf HELPSVC.EXE-2878DDA2.pf HIJACKTHIS.EXE-3926CF6C.pf HPSYSDRV.EXE-0E7EF3EF.pf ICOLORFOLDER.EXE-25DD46B2.pf IDRIVER.EXE-20752B22.pf IEXPLORE.EXE-27122324.pf IMAPI.EXE-0BF740A4.pf IMAPP.EXE-093362B0.pf IMNOTFY.EXE-39B9FFE6.pf INCMAIL.EXE-1D49117E.pf INS531.TMP-088C9A1C.pf ISSCH.EXE-34B2B8F8.pf ISUSPM.EXE-105CAF46.pf JAVA.EXE-0C263507.pf JQSNOTIFY.EXE-24AE4A36.pf LAUNCHER.EXE-23018E2C.pf Layout.ini LOGONUI.EXE-0AF22957.pf LOPSD.EXE-07499CC3.pf LSTASKS.EXE-0042D0C8.pf MCRDSVC.EXE-0560ADD0.pf MODE.COM-31685BAE.pf MPTOOLS.EXE-2D0A23B6.pf MSFEEDSSYNC.EXE-25E13438.pf MSIEXEC.EXE-2F8A8CAE.pf MSNMSGR.EXE-030AB647.pf MSTSC.EXE-39B7CECA.pf NOTEPAD.EXE-336351A9.pf NTOSBOOT-B00DFAAD.pf OFFICELIVESIGNIN.EXE-042374FE.pf OIS.EXE-0E8237AE.pf ORACONFIGRECOVER.EXE-06415E0B.pf OSV.EXE-208BE58E.pf PANEL.EXE-2D41CA7F.pf PARTYMODE.EXE-249BD2E2.pf PV.EXE-3AA505F6.pf PYTHON.EXE-2D37E2CA.pf READER_SL.EXE-2B4EA1CB.pf REG.EXE-0D2A95F7.pf REGEDIT.EXE-1B606482.pf REGSVR32.EXE-25EEFE2F.pf ROCKETDOCK.EXE-2D5722F9.pf RTHDCPL.EXE-06918CFA.pf RUNDLL32.EXE-1B98B2EE.pf RUNDLL32.EXE-201D59AF.pf RUNDLL32.EXE-22E35C38.pf RUNDLL32.EXE-268BFF96.pf RUNDLL32.EXE-3D97474F.pf RUNDLL32.EXE-4489B61B.pf RUNDLL32.EXE-451FC2C0.pf SESSIONMANAGER.EXE-287366F2.pf SETPATH.EXE-0EAA488E.pf SETUPSTOPPUB.EXE-23FD4D5A.pf SLLAUNCHER.EXE-0E3D1802.pf SPIDER.EXE-2D998CA6.pf STOPPUB.EXE-0BA63850.pf STOPPUBUNINST.EXE-1F09222A.pf STUPID SIGN.EXE-1DC6130B.pf SVCHOST.EXE-3530F672.pf SYSOCMGR.EXE-31169C54.pf SYSTRAYAPP.EXE-173A7A11.pf TASKMGR.EXE-20256C55.pf TRANSBAR.EXE-37FB7CD8.pf TSKILL.EXE-2F6AAB7F.pf UBERICON MANAGER.EXE-266008A0.pf UNINS000.EXE-2E6CCE52.pf UNINSTALL.EXE-019266BC.pf UNINSTALL.EXE-1DCE8888.pf UNINSTALL.EXE-31C0D672.pf UNYT.EXE-03425888.pf UNYT_BS.EXE-05FE75CC.pf UNYT_W~1.EXE-2ACBC0C5.pf UPDATE.EXE-216E210D.pf UPDATE.EXE-2577D203.pf USERINIT.EXE-30B18140.pf VERCLSID.EXE-3667BD89.pf VLC.EXE-22DF01AA.pf WINRAR.EXE-39C6DAD9.pf WINWORD.EXE-07381162.pf WLCOMM.EXE-04AE9009.pf WLXPHOTOGALLERY.EXE-1CD66420.pf WMIAPSRV.EXE-1E2270A5.pf WMIPRVSE.EXE-28F301A9.pf WMPNETWK.EXE-2C0727AF.pf WSCRIPT.EXE-32960AB9.pf WUAUCLT.EXE-399A8E72.pf YTBB.EXE-36089050.pf YZSHADOW.EXE-2F89F5D9.pf ZHPDIAG 1.24.22.TMP-08EDE551.pf _IU14D2N.TMP-0B926A49.pf ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

C'est pas fini ! -+-+-+-> List&Kill'em - Nettoyage <-+-+-+- [x] Redémarre ton PC en mode sans échec [x] Relance list&kill'em , mais choisis cette fois ci l'option 2 ( destruction ) [x] Laisse l'outil travailler. [x] Un premier rapport s'ouvrira, ferme le. [x] Poste le contenu du deuxième rapport qui s'ouvrira dans ta prochaine réponse après avoir redémarré ton PC en mode normal.

Supprimer Spyware.SpyArsenalLog

Réponse 21 / 29

qenqen79100 Messages postés 352 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 2 mars 2013 25
29 oct. 2009 à 14:23

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
Service mbr stopped successfully.
Service mbr deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\rqRIaYqP not found.
C:\Kill'em\agi.Kill'em\config moved successfully.
C:\Kill'em\agi.Kill'em\AGI\tmp moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\xml\sax moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\xml\parsers moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\xml\etree moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\xml\dom moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\xml moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\logging moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\hotshot moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\encodings moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\email\mime moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\email moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\ctypes moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib\compiler moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\Lib moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25\DLLs moved successfully.
C:\Kill'em\agi.Kill'em\AGI\Python25 moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32comext\shell moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32comext\axcontrol moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32comext\authorization moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32comext\adsi moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32comext moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32com\server moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32com\client moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32com moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32\scripts moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32\lib moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\win32 moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\search\provider moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\search\algorithm moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\search moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\protection moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\process moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\lilw moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\install\installers moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\install\dependency moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\install moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore\config moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\pyagcore moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\dateutil\zoneinfo moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\dateutil moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\comtypes\tools moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\comtypes\server moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\comtypes\gen moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\comtypes\client moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common\comtypes moved successfully.
C:\Kill'em\agi.Kill'em\AGI\common moved successfully.
C:\Kill'em\agi.Kill'em\AGI moved successfully.
C:\Kill'em\agi.Kill'em moved successfully.
C:\Kill'em moved successfully.
C:\Kill'em.txt moved successfully.
C:\ZHPExportRegistry-29.10.2009-12-31-02.txt moved successfully.
C:\lopR.txt moved successfully.
C:\Documents and Settings\Quentin\Application Data\G-Force Prefs (WindowsMediaPlayer).txt moved successfully.
C:\Program Files\Panda Security moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Quentin\LOCALS~1\Temp\GoogleQuickSearchBox.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Quentin\LOCALS~1\Temp\~DFA66.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2f8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10292009_141150

Files moved on Reboot...
C:\DOCUME~1\Quentin\LOCALS~1\Temp\GoogleQuickSearchBox.log moved successfully.
C:\DOCUME~1\Quentin\LOCALS~1\Temp\~DFA66.tmp moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_2f8.dat moved successfully.
C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Quentin\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xcms2s0.default\XUL.mfl moved successfully.

Réponse 22 / 29

qenqen79100 Messages postés 352 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 2 mars 2013 25
29 oct. 2009 à 14:40

tt Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:39:11, on 29.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\arservice.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Documents and Settings\Quentin\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\2\FTCOMModule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tinit.org/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60347
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Arovax AntiSpyware] "C:\Program Files\Arovax AntiSpyware\arovaxantispyware.exe" /s
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Quentin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Quentin\LOCALS~1\Temp\cceBB.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_674125AABFE11C21.dll/cmsidewiki.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Quentin\LOCALS~1\Temp\cceB9.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c98c4ce11c608a) (gupdate1c98c4ce11c608a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

Réponse 23 / 29

Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
29 oct. 2009 à 14:41

O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\Quentin\LOCALS~1\Temp\cceBB.html
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\Quentin\LOCALS~1\Temp\cceB9.html

-----> Fixe ces deux lignes avec hijackthis.

Comment se porte le PC ? si tu n'as plus de soucis on va passer au nettoyage.

Réponse 24 / 29

qenqen79100 Messages postés 352 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 2 mars 2013 25
29 oct. 2009 à 14:44

oui

Réponse 25 / 29

Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
29 oct. 2009 à 14:47

1 - Nettoyage :

- Télécharge ATF-Cleaner

- Suis le tutoriel disponible à cette adresse

- Renouvelle l'opération régulièrement

-----------------

-+-+-+-> Tools Cleaner <-+-+-+-

[o] Afin de supprimer tout les logiciels qui ont été utilisés pour ta désinfection,

[o] Télécharge ToolsCleaner sur ton bureau à cette adresse : https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

[o] Double-clique sur « Toolscleaner.exe »

[o] Clique sur "restauration" pour créer un point de restauration.

[o] Puis clique sur « recherche »

[o] Quand la recherche sera terminée, clique sur "suppression".

[o] A la fin (il y aura des indications dans le cadre en-dessous), clique sur "quitter" et poste le rapport qui se trouve dans C:\Tcleaner.txt

Réponse 26 / 29

qenqen79100 Messages postés 352 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 2 mars 2013 25
29 oct. 2009 à 14:59

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Lop SD: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Quentin\Bureau\HijackThis.lnk: trouvé !
C:\Lop SD\catchme.exe: trouvé !
C:\Lop SD\catchme.log: trouvé !
C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\_OTMoveIt\MovedFiles\10292009_141150\lopR.txt: trouvé !

---------------------------------
--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Quentin\Bureau\HijackThis.lnk: supprimé !
C:\Lop SD\catchme.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Lop SD\catchme.log: supprimé !
C:\Program Files\Trend Micro\hijackthis.log: supprimé !
C:\_OTMoveIt\MovedFiles\10292009_141150\lopR.txt: supprimé !
C:\Lop SD: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 27 / 29

qenqen79100 Messages postés 352 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 2 mars 2013 25
29 oct. 2009 à 15:00

après c bon

Réponse 28 / 29

Xplode Messages postés 8820 Date d'inscription vendredi 21 août 2009 Statut Contributeur sécurité Dernière intervention 2 juillet 2015 726
29 oct. 2009 à 15:08

Tu peux supprimer toolscleaner et mettre ton post en résolu une fois que tu auras fais ceci :

-+-+-+-> Purger la restauration système <-+-+-+-

- Lors d'une désinfection, il est important de purger la restauration système car des fichiers infectés risquent de s'y trouver,
et lorsque tu effectueras une restauration système, le PC sera de nouveau infecté.

- Nous allons purger la restauration du système :

XP : https://support.microsoft.com/en-us/help/310405

Vista : https://www.commentcamarche.net/faq/13214-vista-desactiver-reactiver-la-restauration-systeme-de-vista

======================================================================

Egalement un peu de lecture :

-+-+-+-> Sécuriser son PC <-+-+-+-

I - Attitude sur le net

- Sécuriser son PC, c'est tout d'abord être responsable.

1-> Les sites de cracks sont à bannir ( Plus d'infos ici : https://forum.malekal.com/viewtopic.php?f=33&t=893 )

2-> Le P2P est également à éviter, source de nombreuses infections. ( Bagle par ex.) ( Plus d'infos ici : http://www.libellules.ch/... )

3-> Il est aussi très important de faire toutes les mises à jour de windows, qui sont nécessaire pour corriger les failles. ( IE, Mises à jour critiques, Service Pack etc.. ) ( Pourquoi mettre à jour son système : http://forum.malekal.com/ftopic3563.php )

4-> Adobe flash player, Java , et acrobat reader sont également à mettre à jour, pour éviter les exploits ( https://forum.malekal.com/viewtopic.php?f=33&t=13629 )

============================================================================================

II - Logiciels de protection

- Il faut ensuite avoir un bon antivirus, je recommande antivir qui est l'un de meilleur antivirus gratuit à ce jour ( et qui plus est en français ) :

Pour le télécharger --> http://www.commentcamarche.net/telecharger/telecharger-55-antivir

- Un bon pare-feu est aussi de rigueur, je recommande Comodo ( gratuit ) ou ZoneAlarm ( payant )

Comodo : https://www.commentcamarche.net/telecharger/securite/6291-comodo-firewall-free-windows/

ZoneAlarm : https://www.commentcamarche.net/telecharger/securite/24863-zonealarm/

- Pour complèter le tout, un anti-spyware est recommandé.

Malwarebyte's : https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/

SpywareTerminator ( Protection en temps réel ) : https://www.commentcamarche.net/telecharger/securite/20947-spyware-terminator/

============================================================================================

III - Liens utiles

-> Malekal - Sécuriser son PC : https://www.malekal.com/proteger-pc-virus-pirates/

-> Malekal - Les spywares/vers/malwares sous windows : http://www.malekal.com/spywares.php

-> Malekal - Les toolbars : https://forum.malekal.com/viewtopic.php?t=6173&start=

Réponse 29 / 29

qenqen79100 Messages postés 352 Date d'inscription mardi 12 août 2008 Statut Membre Dernière intervention 2 mars 2013 25
29 oct. 2009 à 15:14

oki bes c bon pui bes merci a toi

Supprimer Spyware.SpyArsenalLog

29 réponses

Newsletters