Virus Trojan besoin d'aide svp
elixyr_08
Messages postés
77
Statut
Membre
-
elixyr_08 Messages postés 77 Statut Membre -
elixyr_08 Messages postés 77 Statut Membre -
Bonjour,
Voila j'ai un soucis de virus ou de cheval de troie je pense, depuis plus d'un mois.
A cause des pubs qui defile sur internet, j'ai cliqué sur l'une d'entre elle par mal adresse, et depuis tout mon PC rame meme sur internet donc j'ai téléchargé hijackthis et voici le rapport: (Pouvez vous m'aider SVP) Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:00, on 11/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Documents and Settings\Balbina\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 Class - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - (no file)
O2 - BHO: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InstallShield Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:X09y22Ui8-G4VM:membres.lycos.fr/yanngermain/images/tigres.jpg
O24 - Desktop Component 1: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099857470.jpeg
O24 - Desktop Component 10: (no name) - http://pics.homere.jmsp.net/t_15/64x64/205594.jpg
O24 - Desktop Component 11: (no name) - http://www.lexode.com/galerie/galerie/d/a/darkmel38/mini/1173605364175.jpeg
O24 - Desktop Component 12: (no name) - http://www.lexode.com/galerie/galerie/t/a/taz3p/mini/11111542248.jpg
O24 - Desktop Component 13: (no name) - http://www.lexode.com/galerie/galerie/f/r/franzie38/mini/114330837761.jpg
O24 - Desktop Component 14: (no name) - http://www.lexode.com/galerie/galerie/h/o/horse3000/10857499275.jpg
O24 - Desktop Component 15: (no name) - http://www.lexode.com/galerie/galerie/b/a/babycat/109317439760.jpg
O24 - Desktop Component 16: (no name) - http://www.lexode.com/galerie/galerie/c/a/cazanova/115585246414.jpg
O24 - Desktop Component 17: (no name) - http://www.lexode.com/galerie/galerie/z/a/zaza67120/mini/113683511760.jpg
O24 - Desktop Component 18: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099808077.jpeg
O24 - Desktop Component 19: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099799681.jpeg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:VY4fAGsihx2lsM:www.calendars.com/images/011/1193/200500003800_hs.jpg
O24 - Desktop Component 20: (no name) - http://www.lexode.com/galerie/galerie/a/l/alex13/mini/108505947490.JPG
O24 - Desktop Component 21: (no name) - http://www.1001-votes.com/vote/1234fonds/soleil-1150219378-t.jpg
O24 - Desktop Component 22: (no name) - http://www.1001-votes.com/vote/1234fonds/cheval-a7-t.jpg
O24 - Desktop Component 23: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval-de-course.jpg
O24 - Desktop Component 24: (no name) - http://www.villiard.com/images/animaux/chevaux/chevaux-de-course.jpg
O24 - Desktop Component 25: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval.jpg
O24 - Desktop Component 26: (no name) - http://panther5.weeworld.com/images/fr-FR/demoholder.gif
O24 - Desktop Component 3: (no name) - http://www.lexode.com/galerie/galerie/p/i/pimsounette/mini/1181761249483.jpeg
O24 - Desktop Component 4: (no name) - http://www.lexode.com/galerie/galerie/e/u/euriel/mini/1180801813495.jpeg
O24 - Desktop Component 5: (no name) - http://www.lexode.com/galerie/galerie/b/e/bep50/mini/115615801830.jpg
O24 - Desktop Component 6: (no name) - http://www.lexode.com/galerie/galerie/c/h/cherygirl66/108472788379.jpg
O24 - Desktop Component 7: (no name) - http://www.lexode.com/galerie/galerie/a/n/angie21/mini/109086968629.jpg
O24 - Desktop Component 8: (no name) - http://www.lexode.com/galerie/galerie/c/l/cler0u/mini/115575995767.jpg
O24 - Desktop Component 9: (no name) - http://www.lexode.com/galerie/galerie/j/p/jpv34/mini/113629010111.jpg
Voila j'ai un soucis de virus ou de cheval de troie je pense, depuis plus d'un mois.
A cause des pubs qui defile sur internet, j'ai cliqué sur l'une d'entre elle par mal adresse, et depuis tout mon PC rame meme sur internet donc j'ai téléchargé hijackthis et voici le rapport: (Pouvez vous m'aider SVP) Merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14:00, on 11/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Documents and Settings\Balbina\Mes documents\Téléchargements\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 Class - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - (no file)
O2 - BHO: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O3 - Toolbar: (no name) - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InstallShield Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/images?q=tbn:X09y22Ui8-G4VM:membres.lycos.fr/yanngermain/images/tigres.jpg
O24 - Desktop Component 1: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099857470.jpeg
O24 - Desktop Component 10: (no name) - http://pics.homere.jmsp.net/t_15/64x64/205594.jpg
O24 - Desktop Component 11: (no name) - http://www.lexode.com/galerie/galerie/d/a/darkmel38/mini/1173605364175.jpeg
O24 - Desktop Component 12: (no name) - http://www.lexode.com/galerie/galerie/t/a/taz3p/mini/11111542248.jpg
O24 - Desktop Component 13: (no name) - http://www.lexode.com/galerie/galerie/f/r/franzie38/mini/114330837761.jpg
O24 - Desktop Component 14: (no name) - http://www.lexode.com/galerie/galerie/h/o/horse3000/10857499275.jpg
O24 - Desktop Component 15: (no name) - http://www.lexode.com/galerie/galerie/b/a/babycat/109317439760.jpg
O24 - Desktop Component 16: (no name) - http://www.lexode.com/galerie/galerie/c/a/cazanova/115585246414.jpg
O24 - Desktop Component 17: (no name) - http://www.lexode.com/galerie/galerie/z/a/zaza67120/mini/113683511760.jpg
O24 - Desktop Component 18: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099808077.jpeg
O24 - Desktop Component 19: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099799681.jpeg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/images?q=tbn:VY4fAGsihx2lsM:www.calendars.com/images/011/1193/200500003800_hs.jpg
O24 - Desktop Component 20: (no name) - http://www.lexode.com/galerie/galerie/a/l/alex13/mini/108505947490.JPG
O24 - Desktop Component 21: (no name) - http://www.1001-votes.com/vote/1234fonds/soleil-1150219378-t.jpg
O24 - Desktop Component 22: (no name) - http://www.1001-votes.com/vote/1234fonds/cheval-a7-t.jpg
O24 - Desktop Component 23: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval-de-course.jpg
O24 - Desktop Component 24: (no name) - http://www.villiard.com/images/animaux/chevaux/chevaux-de-course.jpg
O24 - Desktop Component 25: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval.jpg
O24 - Desktop Component 26: (no name) - http://panther5.weeworld.com/images/fr-FR/demoholder.gif
O24 - Desktop Component 3: (no name) - http://www.lexode.com/galerie/galerie/p/i/pimsounette/mini/1181761249483.jpeg
O24 - Desktop Component 4: (no name) - http://www.lexode.com/galerie/galerie/e/u/euriel/mini/1180801813495.jpeg
O24 - Desktop Component 5: (no name) - http://www.lexode.com/galerie/galerie/b/e/bep50/mini/115615801830.jpg
O24 - Desktop Component 6: (no name) - http://www.lexode.com/galerie/galerie/c/h/cherygirl66/108472788379.jpg
O24 - Desktop Component 7: (no name) - http://www.lexode.com/galerie/galerie/a/n/angie21/mini/109086968629.jpg
O24 - Desktop Component 8: (no name) - http://www.lexode.com/galerie/galerie/c/l/cler0u/mini/115575995767.jpg
O24 - Desktop Component 9: (no name) - http://www.lexode.com/galerie/galerie/j/p/jpv34/mini/113629010111.jpg
A voir également:
- Virus Trojan besoin d'aide svp
- Virus mcafee - Accueil - Piratage
- Softonic virus ✓ - Forum Virus
- Artemis virus - Forum Virus
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
18 réponses
Bonjours,
►Relancer HijackThis.
►"Do A System Scan Only"
►Cocher ces lignes et clic ensuite sur FIX CHECKED
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
►Va dans "Démarrer" -> "Exécuter" -> Taper : services.msc et [OK]
►Cherche dans la liste le nom : Boonty Games
►Double-clic dessus -> dans type de démarrage ->Désactivé -> en dessous et choisis
(Arrêter) et [OK]
►Ensuite "supprimer"
BOONTY Shared ==> dans C:\Program Files\Fichiers communs\
►/ Click ici( de Eric_71/Team IDN ) sur ton bureau :
►/ Va ici pour le Tutoriel
!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!
* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...</gras>
-> Tapes ( option " recherche " ) puis tape sur [Entrée].
Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
►Ensuite va ici pour / => Télécharger <=
►Enregistre le sur ton bureau.
►Double-clique dessus.
►Fait mise à jours.
►Fait un scanne "rapide".
►A la fin du scanne tu clique sur "Afficher le rapport".
►sélectionne tout donc fait : (CTRL + A)
►Ensuite copie tout tu fait : (CTRL + C)
►Et envoie moi le rapport ici en fessant le coller : (CTRL + V)
►Relancer HijackThis.
►"Do A System Scan Only"
►Cocher ces lignes et clic ensuite sur FIX CHECKED
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
►Va dans "Démarrer" -> "Exécuter" -> Taper : services.msc et [OK]
►Cherche dans la liste le nom : Boonty Games
►Double-clic dessus -> dans type de démarrage ->Désactivé -> en dessous et choisis
(Arrêter) et [OK]
►Ensuite "supprimer"
BOONTY Shared ==> dans C:\Program Files\Fichiers communs\
►/ Click ici( de Eric_71/Team IDN ) sur ton bureau :
►/ Va ici pour le Tutoriel
!! Déconnecte toi et ferme toutes tes applications en cours le temps de la manipe !!
* Double-clique sur ToolBar SD.exe pour lancer l'outil et laisse toi guider ...</gras>
-> Tapes ( option " recherche " ) puis tape sur [Entrée].
Un rapport sera généré à la fin du processus : poste son contenu dans ta prochaine réponse
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
►Ensuite va ici pour / => Télécharger <=
►Enregistre le sur ton bureau.
►Double-clique dessus.
►Fait mise à jours.
►Fait un scanne "rapide".
►A la fin du scanne tu clique sur "Afficher le rapport".
►sélectionne tout donc fait : (CTRL + A)
►Ensuite copie tout tu fait : (CTRL + C)
►Et envoie moi le rapport ici en fessant le coller : (CTRL + V)
Faut jamais prendre des crack...
►relance ToolBar S&D
►Lance l'option "2"
►Envoie moi le rapport dans ta prochaines réponse.
►Relance Malwarebytes' Anti-Malware.
►Puis refait le scanne "rapide" et supprime ce qu'il trouve.
►Envoie moi le rapport dans ta prochaines réponse.
►relance ToolBar S&D
►Lance l'option "2"
►Envoie moi le rapport dans ta prochaines réponse.
►Relance Malwarebytes' Anti-Malware.
►Puis refait le scanne "rapide" et supprime ce qu'il trouve.
►Envoie moi le rapport dans ta prochaines réponse.
►Relance Anti Malwaresbytes et relance le scanne "rapide" et supprime tout ce qu'il trouve.
►Envoie moi le rapport.
►Ensuite fait ci-dessous.
►Maintenant prend / RSIT
►Télécharge le.
►Lance le.
►Au moment du message "Disclaimer of warranty" clique sur continuer.
►Patientes lors du scanne.
►A la fin du scanne.
►2 Bloc notes s'ouvrent qui s'appelle :
►C:\rsit\info.txt
►C:\rsit\log.txt
►Envoie moi les 2, a ta prochaines réponse.
►Envoie moi le rapport.
►Ensuite fait ci-dessous.
►Maintenant prend / RSIT
►Télécharge le.
►Lance le.
►Au moment du message "Disclaimer of warranty" clique sur continuer.
►Patientes lors du scanne.
►A la fin du scanne.
►2 Bloc notes s'ouvrent qui s'appelle :
►C:\rsit\info.txt
►C:\rsit\log.txt
►Envoie moi les 2, a ta prochaines réponse.
j'ai vu que tu a avast. quand tu fais un scan avec il te trouve un problème? fais le en mode sans echec pour être plus sur!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
oui c'est ça. il faut tapoter. c'est avant que le logo windows apparaisse. Sur certain PC c'est F5 donc si F8 marche pa=>test F5.
Une foi en mode sans echec fais une analyse complète de ton pc. prépare un bouquin ou une console...ça prend du temps.
Une foi en mode sans echec fais une analyse complète de ton pc. prépare un bouquin ou une console...ça prend du temps.
ben tu verras si il reste des merdes ou pas. Il te le diras. Si tu as un virus et que ton antivirus est a jour, il va surement te le dégager
voila le rapport de toolbar
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Balbina ( Administrator )
BOOT : Normal boot
Antivirus : a-squared Anti-Malware 4 (Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:24 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:32 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 13/01/2010| 9:22 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Balbina\Cookies\balbina@www.bananalotto[2].txt
C:\DOCUME~1\Balbina\Cookies\balbina@malotoviche945.skyrock[1].txt
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128\temp\ws-14619.log
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128\temp\ws-14620.log
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128\temp\ws-14621.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14589.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14592.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14593.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14594.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14596.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14599.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14603.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14605.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14607.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14610.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14620.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14621.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\temp
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
C:\WINDOWS\iun6002.exe
-----------\\ Extensions
(Balbina) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual Dj Effetti Ita\AceCrack-VirtualDJ_1.05(1).exe
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack\serial.txt
1 - "C:\ToolBar SD\TB_1.txt" - 13/01/2010| 9:25 - Option : [1]
-----------\\ Fin du rapport a 9:25:20,37
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Balbina ( Administrator )
BOOT : Normal boot
Antivirus : a-squared Anti-Malware 4 (Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:24 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:32 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( 13/01/2010| 9:22 )
-----------\\ Recherche de Fichiers / Dossiers ...
C:\DOCUME~1\Balbina\Cookies\balbina@www.bananalotto[2].txt
C:\DOCUME~1\Balbina\Cookies\balbina@malotoviche945.skyrock[1].txt
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128\temp\ws-14619.log
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128\temp\ws-14620.log
C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128\temp\ws-14621.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14589.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14592.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14593.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14594.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14596.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14599.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14603.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14605.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14607.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14610.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14620.log
C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128\temp\ws-14621.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\temp
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll
C:\WINDOWS\iun6002.exe
-----------\\ Extensions
(Balbina) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual Dj Effetti Ita\AceCrack-VirtualDJ_1.05(1).exe
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack\serial.txt
1 - "C:\ToolBar SD\TB_1.txt" - 13/01/2010| 9:25 - Option : [1]
-----------\\ Fin du rapport a 9:25:20,37
Voila le resultat du scan
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3553
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
13/01/2010 10:05:59
mbam-log-2010-01-13 (10-05-52).txt
Type de recherche: Examen rapide
Eléments examinés: 205192
Temps écoulé: 20 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{c12fc24b-a7b9-487f-9603-5481ebf00c6f} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d945e9a-dc10-4670-83eb-99daa616628a} (Adware.Stud) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\Software\Suchspur (AdWare.Stud) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\phcv1cj0er1q.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\6514875.exe (Rootkit.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3553
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
13/01/2010 10:05:59
mbam-log-2010-01-13 (10-05-52).txt
Type de recherche: Examen rapide
Eléments examinés: 205192
Temps écoulé: 20 minute(s), 11 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 23
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\bho.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.ietoolbar.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\xbtb01621.xbtb01621.1 (Adware.Softomate) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{c12fc24b-a7b9-487f-9603-5481ebf00c6f} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5d945e9a-dc10-4670-83eb-99daa616628a} (Adware.Stud) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ed8525ea-2bfc-4440-bd8a-20efb9d5e541} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> No action taken.
HKEY_CURRENT_USER\Software\Suchspur (AdWare.Stud) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\h8srtd.sys (Rootkit.TDSS) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\shcp1cj0er1q\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\BrowserObjects (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Packages (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKCU\RunOnce (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\HKLM\RunOnce (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuAllUsers (Rogue.AdvancedXPDefender) -> No action taken.
C:\Documents and Settings\Antoine\Application Data\AXPDefender\AXPDefender\Quarantine\Autorun\StartMenuCurrentUser (Rogue.AdvancedXPDefender) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS\system32\phcv1cj0er1q.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\6514875.exe (Rootkit.Agent) -> No action taken.
-----------\\ ToolBar S&D 1.2.9 XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Balbina ( Administrator )
BOOT : Normal boot
Antivirus : a-squared Anti-Malware 4 (Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:24 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:32 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 15/01/2010|19:50 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Balbina\Cookies\balbina@www.bananalotto[2].txt
Supprime! - C:\DOCUME~1\Balbina\Cookies\balbina@malotoviche945.skyrock[1].txt
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
Supprime! - C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Balbina) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual Dj Effetti Ita\AceCrack-VirtualDJ_1.05(1).exe
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack\serial.txt
1 - "C:\ToolBar SD\TB_1.txt" - 13/01/2010| 9:25 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/01/2010|19:53 - Option : [2]
-----------\\ Fin du rapport a 19:53:20,67
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 3000+ )
BIOS : Award Modular BIOS v6.00PG
USER : Balbina ( Administrator )
BOOT : Normal boot
Antivirus : a-squared Anti-Malware 4 (Activated)
C:\ (Local Disk) - FAT32 - Total:72 Go (Free:24 Go)
D:\ (Local Disk) - FAT32 - Total:73 Go (Free:32 Go)
E:\ (CD or DVD)
F:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
G:\ (USB)
I:\ (USB)
J:\ (USB)
K:\ (USB)
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( 15/01/2010|19:50 )
-----------\\ SUPPRESSION
Supprime! - C:\DOCUME~1\Balbina\Cookies\balbina@www.bananalotto[2].txt
Supprime! - C:\DOCUME~1\Balbina\Cookies\balbina@malotoviche945.skyrock[1].txt
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
Supprime! - C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\DOCUME~1\JPETNA~1\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\BALBINA\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\HELPAS~1\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(Balbina) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\windows\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual Dj Effetti Ita\AceCrack-VirtualDJ_1.05(1).exe
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack
C:\DOCUME~1\BALBINA\Mes documents\LimeWire\Saved\Virtual DJ 4.2 ITA + 109 Effects + 123 Samples + 38 Skins\Virtual.DJ.Pro.v4.2.R1-YAG\Crack\serial.txt
1 - "C:\ToolBar SD\TB_1.txt" - 13/01/2010| 9:25 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/01/2010|19:53 - Option : [2]
-----------\\ Fin du rapport a 19:53:20,67
Désolé du temps de réponse j'étais en vacances
voici le blog note log: Logfile of random's system information tool 1.06 (written by random/random)
Run by Balbina at 2010-02-15 08:33:20
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 21 GB (28%) free of 74 GB
Total RAM: 447 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:40, on 15/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Balbina\Mes documents\Downloads\RSIT.exe
C:\Documents and Settings\Balbina\Mes documents\Téléchargements\Balbina.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 Class - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - (no file)
O2 - BHO: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InstallShield Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/...
O24 - Desktop Component 1: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099857470.jpeg
O24 - Desktop Component 10: (no name) - http://pics.homere.jmsp.net/t_15/64x64/205594.jpg
O24 - Desktop Component 11: (no name) - http://www.lexode.com/galerie/galerie/d/a/darkmel38/mini/1173605364175.jpeg
O24 - Desktop Component 12: (no name) - http://www.lexode.com/galerie/galerie/t/a/taz3p/mini/11111542248.jpg
O24 - Desktop Component 13: (no name) - http://www.lexode.com/galerie/galerie/f/r/franzie38/mini/114330837761.jpg
O24 - Desktop Component 14: (no name) - http://www.lexode.com/galerie/galerie/h/o/horse3000/10857499275.jpg
O24 - Desktop Component 15: (no name) - http://www.lexode.com/galerie/galerie/b/a/babycat/109317439760.jpg
O24 - Desktop Component 16: (no name) - http://www.lexode.com/galerie/galerie/c/a/cazanova/115585246414.jpg
O24 - Desktop Component 17: (no name) - http://www.lexode.com/galerie/galerie/z/a/zaza67120/mini/113683511760.jpg
O24 - Desktop Component 18: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099808077.jpeg
O24 - Desktop Component 19: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099799681.jpeg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/...
O24 - Desktop Component 20: (no name) - http://www.lexode.com/galerie/galerie/a/l/alex13/mini/108505947490.JPG
O24 - Desktop Component 21: (no name) - http://www.1001-votes.com/vote/1234fonds/soleil-1150219378-t.jpg
O24 - Desktop Component 22: (no name) - http://www.1001-votes.com/vote/1234fonds/cheval-a7-t.jpg
O24 - Desktop Component 23: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval-de-course.jpg
O24 - Desktop Component 24: (no name) - http://www.villiard.com/images/animaux/chevaux/chevaux-de-course.jpg
O24 - Desktop Component 25: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval.jpg
O24 - Desktop Component 26: (no name) - http://panther5.weeworld.com/images/fr-FR/demoholder.gif
O24 - Desktop Component 3: (no name) - http://www.lexode.com/galerie/galerie/p/i/pimsounette/mini/1181761249483.jpeg
O24 - Desktop Component 4: (no name) - http://www.lexode.com/galerie/galerie/e/u/euriel/mini/1180801813495.jpeg
O24 - Desktop Component 5: (no name) - http://www.lexode.com/galerie/galerie/b/e/bep50/mini/115615801830.jpg
O24 - Desktop Component 6: (no name) - http://www.lexode.com/galerie/galerie/c/h/cherygirl66/108472788379.jpg
O24 - Desktop Component 7: (no name) - http://www.lexode.com/galerie/galerie/a/n/angie21/mini/109086968629.jpg
O24 - Desktop Component 8: (no name) - http://www.lexode.com/galerie/galerie/c/l/cler0u/mini/115575995767.jpg
O24 - Desktop Component 9: (no name) - http://www.lexode.com/galerie/galerie/j/p/jpv34/mini/113629010111.jpg
voici le blog note log: Logfile of random's system information tool 1.06 (written by random/random)
Run by Balbina at 2010-02-15 08:33:20
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 21 GB (28%) free of 74 GB
Total RAM: 447 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:33:40, on 15/02/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Balbina\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Balbina\Mes documents\Downloads\RSIT.exe
C:\Documents and Settings\Balbina\Mes documents\Téléchargements\Balbina.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\WANADOO\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
R3 - URLSearchHook: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 Class - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - (no file)
O2 - BHO: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - (no file)
O3 - Toolbar: (no name) - {A20A76AD-7A29-4756-87FE-70C334CB40C0} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Morpheus Toolbar - {3F3714A9-89A4-46be-8AF3-D0C9D1FB03F9} - (no file)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: FearFM Toolbar - {bab31fc4-cb97-46f4-9565-26d65225cc2c} - C:\Program Files\FearFM\tbFea0.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Mininova Toolbar - {f592709f-ff4a-4862-b659-4afabda56312} - C:\Program Files\Mininova\tbMin1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\JP et Nathalie\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra 'Tools' menuitem: &Editeur audio basic - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\Program Files\Akimania\Editeur Audio Basic\Studio enregistrement (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: InstallShield Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O24 - Desktop Component 0: (no name) - http://tbn0.google.com/...
O24 - Desktop Component 1: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099857470.jpeg
O24 - Desktop Component 10: (no name) - http://pics.homere.jmsp.net/t_15/64x64/205594.jpg
O24 - Desktop Component 11: (no name) - http://www.lexode.com/galerie/galerie/d/a/darkmel38/mini/1173605364175.jpeg
O24 - Desktop Component 12: (no name) - http://www.lexode.com/galerie/galerie/t/a/taz3p/mini/11111542248.jpg
O24 - Desktop Component 13: (no name) - http://www.lexode.com/galerie/galerie/f/r/franzie38/mini/114330837761.jpg
O24 - Desktop Component 14: (no name) - http://www.lexode.com/galerie/galerie/h/o/horse3000/10857499275.jpg
O24 - Desktop Component 15: (no name) - http://www.lexode.com/galerie/galerie/b/a/babycat/109317439760.jpg
O24 - Desktop Component 16: (no name) - http://www.lexode.com/galerie/galerie/c/a/cazanova/115585246414.jpg
O24 - Desktop Component 17: (no name) - http://www.lexode.com/galerie/galerie/z/a/zaza67120/mini/113683511760.jpg
O24 - Desktop Component 18: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099808077.jpeg
O24 - Desktop Component 19: (no name) - http://www.lexode.com/galerie/galerie/c/h/chris177/mini/1182099799681.jpeg
O24 - Desktop Component 2: (no name) - http://tbn0.google.com/...
O24 - Desktop Component 20: (no name) - http://www.lexode.com/galerie/galerie/a/l/alex13/mini/108505947490.JPG
O24 - Desktop Component 21: (no name) - http://www.1001-votes.com/vote/1234fonds/soleil-1150219378-t.jpg
O24 - Desktop Component 22: (no name) - http://www.1001-votes.com/vote/1234fonds/cheval-a7-t.jpg
O24 - Desktop Component 23: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval-de-course.jpg
O24 - Desktop Component 24: (no name) - http://www.villiard.com/images/animaux/chevaux/chevaux-de-course.jpg
O24 - Desktop Component 25: (no name) - http://www.villiard.com/images/animaux/chevaux/cheval.jpg
O24 - Desktop Component 26: (no name) - http://panther5.weeworld.com/images/fr-FR/demoholder.gif
O24 - Desktop Component 3: (no name) - http://www.lexode.com/galerie/galerie/p/i/pimsounette/mini/1181761249483.jpeg
O24 - Desktop Component 4: (no name) - http://www.lexode.com/galerie/galerie/e/u/euriel/mini/1180801813495.jpeg
O24 - Desktop Component 5: (no name) - http://www.lexode.com/galerie/galerie/b/e/bep50/mini/115615801830.jpg
O24 - Desktop Component 6: (no name) - http://www.lexode.com/galerie/galerie/c/h/cherygirl66/108472788379.jpg
O24 - Desktop Component 7: (no name) - http://www.lexode.com/galerie/galerie/a/n/angie21/mini/109086968629.jpg
O24 - Desktop Component 8: (no name) - http://www.lexode.com/galerie/galerie/c/l/cler0u/mini/115575995767.jpg
O24 - Desktop Component 9: (no name) - http://www.lexode.com/galerie/galerie/j/p/jpv34/mini/113629010111.jpg
