Spyware aol a détecté Winfixer

Claire -  
 Utilisateur anonyme -
Bonsoir,

J'ai le spyware d'aol et il a détecté winfixer sans plus d'information. Je le bloque et le supprime, mais il réapparaît à chaque fois. J'ai téléchargé Spybot, il ne détecte rien (est-ce que j'utilise le bon logiciel ?)
Pouvez-vous m'aider à enlever complètement winfixer ?
Merci.

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Plusieurs utilisateurs signalent qu’un spyware lié à WinFixer est détecté par AOL et que les tentatives de suppression se révèlent récurrentes malgré les scans avec Spybot. En pratique, la meilleure réponse propose de désinstaller AOL Spyware, mettre à jour le registre et redémarrer, afin d’éliminer WinFixer et les éléments résiduels détectés dans les rapports. D'autres échanges recommandent d’utiliser des outils complémentaires, tels que HijackThis pour générer un log système, ou A2Free pour les faux positifs et les détections, avec des exemples de rapports et des étapes précises.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    salut
    , télécharge HijackThis ici:
    http://www.hijackthis.de/downloads/hijackthis_199.zip

    Dézippe le dans un dossier prévu à cet effet.
    Par exemple C:\hijackthis < Enregistre le bien dans c : !
    Lance le puis:
    clique sur "do a system scan and save logfile" (cf démo)
    faire un copier coller du log entier sur le forum

    Démo : (merci à balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/demohijack.htm

    +

    télécharge ceci Registry Search Tool
    http://www.billsway.com/vbspage/
    decompresse le et tape ou colle
    winfixer
    et copie colle le resultat dans le bloc note et donne le nous

    a bientot
    0
    1. Claire
       
      Bonjour,

      Merci pour ta réponse, je fais toute la procédure ce soir et je te donne le résultat.

      Bonne journée
      0
    2. Claire
       
      Bonsoir,

      Voici le rapport de Hijackthis.
      J'ai par contre un message avec Registry search tool (fenêtre Norton antivirus) :

      Scipt malveillant détecté
      votre système à été interrompu et doit agir sur ce script.
      Objet : windows script host shell objet
      Activité : run
      Fichier : c:\document-1\clair..\RegSrch.vbs
      Il y a une liste déroulante : arrêter ce scipt (recommandé)....


      Logfile of HijackThis v1.99.1
      Scan saved at 18:53:19, on 20/10/2005
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      C:\WINDOWS\system32\CTsvcCDA.EXE
      C:\Program Files\Norton AntiVirus\navapsvc.exe
      C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Apoint2K\Apoint.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\WINDOWS\system32\hphmon05.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
      C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
      C:\Program Files\MouseWare\system\em_exec.exe
      C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
      C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
      C:\Program Files\AOL 9.0b\aoltray.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\AOL 9.0b\waol.exe
      C:\Program Files\AOL 9.0b\shellmon.exe
      C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\QuickZip4\QuickZip.exe
      C:\DOCUME~1\CLAIRE~1\LOCALS~1\Temp\QZTEMP\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q304&bd=presario&pf=laptop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
      O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
      O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
      O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
      O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
      O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
      O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
      O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
      O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
      O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
      O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
      O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
      O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
      O4 - Global Startup: Logitech Desktop Messenger Agent.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.fr/computercheckup/qdiagcc.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120303533953
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B75BAF60-E4B8-40C1-9BFD-552A240625ED}: NameServer = 205.188.146.145
      O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
      O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Fichiers communs\AOL\AOL Spyware Protection\\aolserv.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
      O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
      O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
      O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
      O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
      O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
      O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
      O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

      Merci
      0
  2. Claire
     
    Pardon j'ai caffouillé, voir au-dessus.

    Merci
    0
  3. Utilisateur anonyme
     
    salut
    deconnecte toi du net.
    Desactive norton
    Relance le programme et tape winfixer et copie/colle le rapport
    N oublies pas de reactiver norton avant de te reconnecter

    a+
    0
    1. Claire
       
      J'ai désactivé Norton en cliquant droit sur l'icone en bas de l'écran, il y avait bien une croix blanche dans un cercle rouge sur l'icone.
      J'ai lancé Regsrch et j'ai eu le même message d'alerte !
      Je n'ai pas fait comme il fallait ?
      J'ai également Zonealarm y a t-il un lien ?

      Merci
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    re
    quand tu clik droit sur l icone de norton, tu as marqué desactivé norton ou pas?

    a+
    0
    1. Claire
       
      J'ai "désactiver auto-protect", je sélectionne ce choix, il me demande de confirmer ce choix avec un menu déroulant pour une durée de 15 min, 1 heure ... je valide, et ensuite j'ai cette croix blanche sur le petite icone de norton dans la barre des taches en bas de l'écran.

      a+
      0
  6. Claire
     
    J'ai eu le même message d'alerte avec silentrunners, mais j'ai trouvé qu'il fallait que je désactive manuellement norton, blocage de script... donc voici les résultats :

    Avec Regsrch : No instances of "winfixer" found.

    Avec silentrunners voici le rapport :

    "Silent Runners.vbs", revision 41, http://www.silentrunners.org/
    Operating System: Windows XP SP2
    Output limited to non-default values, except where indicated by "{++}"

    Startup items buried in registry:
    ---------------------------------

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
    "RecordNow!" = (empty string)
    "MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
    "Creative Detector" = "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R" ["Creative Technology Ltd"]
    "LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Apoint" = "C:\Program Files\Apoint2K\Apoint.exe" ["Alps Electric Co., Ltd."]
    "AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
    "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
    "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"]
    "SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
    "UpdateManager" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
    "HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]
    "HPHmon05" = "C:\WINDOWS\system32\hphmon05.exe" ["Hewlett-Packard"]
    "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" ["Apple Computer, Inc."]
    "QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
    "Cpqset" = "C:\Program Files\HPQ\Default Settings\cpqset.exe" [null data]
    "AOLSAV" = "C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe" ["TechCity Solutions France"]
    "AOLDialer" = "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" ["America Online, Inc"]
    "Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
    "AOL Spyware Protection" = ""C:\PROGRA~1\FICHIE~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
    "SpeedTouch USB Diagnostics" = ""C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon" ["THOMSON Telecom Belgium"]
    "Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
    "ccApp" = ""C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
    "Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
    "UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u" [MS]
    "HP Software Update" = "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."]
    "TkBellExe" = ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
    "LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
    "Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
    "LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe" ["Logitech Inc."]
    "LogitechVideoTray" = "C:\Program Files\Logitech\Video\LogiTray.exe" ["Logitech Inc."]
    "RoxioDragToDisc" = ""C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"" ["Roxio"]
    "eabconfg.cpl" = "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start" ["Hewlett-Packard "]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4}\(Default) = "ST" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll" [MS]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\(Default) = "MSNToolBandBHO" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]
    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
    {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\(Default) = "EpsonToolBandKicker Class" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
    -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Explorateur de Bureau"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]
    "{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\RecordNow!\shlext.dll" ["Sonic Solutions"]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
    "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
    "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
    "{BF05BB6E-442C-428B-8025-82280B7BC26C}" = "Zen Micro Media Explorer"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll" ["Creative Technology Ltd"]
    "{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "Mes photos Logitech"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
    "{5E44E225-A408-11CF-B581-008029601108}" = "Roxio DragToDisc Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll" ["Roxio"]
    "{0873D142-79EF-49fa-81B5-211AAC0B0A7F}" = "Target Finder Shell Extension"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Roxio\Easy Media Creator 7\Creator Classic\TargetFinder.dll" [empty string]

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
    Qzip3\(Default) = "{4C156620-A582-11D5-858B-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QuickZip\QzShlExt.dll" [null data]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
    Qzip3\(Default) = "{4C156620-A582-11D5-858B-444553540000}"
    -> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\QuickZip\QzShlExt.dll" [null data]

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop is disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Claire CHATAIGNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Startup items in "Claire CHATAIGNER" & "All Users" startup folders:
    -------------------------------------------------------------------

    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
    "AOL 9.0 Icône AOL" -> shortcut to: "C:\Program Files\AOL 9.0b\aoltray.exe -check" ["America Online, Inc."]
    "Event Reminder" -> shortcut to: "C:\Program Files\Broderbund\PrintMaster\PMremind.exe" ["TLC Multimedia Inc."]
    "Logitech Desktop Messenger Agent" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
    "Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
    "Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]

    Enabled Scheduled Tasks:
    ------------------------

    "Norton AntiVirus - Analyser mon ordinateur - Claire CHATAIGNER" -> launches: "C:\PROGRA~1\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
    "Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]

    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
    "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = "EPSON Web-To-Page" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "MSN" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\
    "{EE5D279F-081B-4404-994D-C6B60AAEBA6D}" = "EPSON Web-To-Page" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll" ["SEIKO EPSON CORPORATION"]

    "{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

    "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
    -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll" [MS]

    Explorer Bars

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
    {FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
    -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
    "MenuText" = "Console Java (Sun)"
    "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

    {CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
    "ButtonText" = "Real.com"

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\
    "ButtonText" = "Messenger"
    "MenuText" = "Windows Messenger"
    "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q304&bd=presario&pf=laptop
    [Strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    Running Services (Display Name, Service Name, Path {Service DLL}):
    ------------------------------------------------------------------

    AOL Connectivity Service, AOL ACS, "C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe" ["America Online, Inc."]
    Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTsvcCDA.EXE" ["Creative Technology Ltd"]
    HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
    iPod Service, iPodService, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
    Norton AntiVirus Firewall Monitor Service, NPFMntor, ""C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe"" ["Symantec Corporation"]
    Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
    NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]
    Service Norton AntiVirus Auto-Protect, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
    SoundMAX Agent Service, SoundMAX Agent Service (default), "C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe" ["Analog Devices, Inc."]
    Symantec Core LC, Symantec Core LC, "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
    Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
    Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
    Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
    Symantec SPBBCSvc, SPBBCSvc, ""C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe"" ["Symantec Corporation"]
    TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
    Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

    Print Monitors:
    ---------------

    HKLM\System\CurrentControlSet\Control\Print\Monitors\
    EPSON Stylus Photo RX420 Series 2KMonitor5E\Driver = "E_FLM9CE.DLL" ["SEIKO EPSON CORPORATION"]

    ----------
    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
    use the -supp parameter or answer "No" at the first message box.
    ---------- (total run time: 19 seconds)

    Merci a+
    0
  7. Utilisateur anonyme
     
    salut
    en mode sans echec, passe aol anti spyware
    bloque le + supprime

    redemarre en normal et repasse le

    a+
    0
    1. Claire
       
      Salut

      mode en echec c'est F combien ? et je dois appuyer juste après avoir allumer le pc ?

      merci a+
      0
  8. Utilisateur anonyme
     
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5)
    0
    1. Claire
       
      Salut

      Pas de bonnes nouvelles... j'ai effectué la procédure que tu as proposée, mais le spyware d'aol détecte toujours Winfixer.

      As-tu une autre proposition ?

      Merci a+
      0
  9. Utilisateur anonyme
     
    salut

    Commence par scanner ton pc avec ces 2 anti spywares complémentaires :

    1/Spybot S&D 1.4 <<nouvelle version
    http://www.safer-networking.org/fr/index.htm

    Démo d’utilisation (merci à Balltrap34 pour cette réalisation)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    2/Ad-Aware SE 1.06 <<nouvelle version
    http://www.lavasoftusa.com/software/adaware/
    -Une aide:
    http://www.tutopat.com/viewtopic.php?t=1191
    - installe le patch français, tu pourras le trouver ici:
    http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
    et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation)
    http://pageperso.aol.fr/balltrap34/adawrevid.asf

    supprime tous ce qu il te trouveront

    repasse aol anti spywares...

    a+
    0
    1. Claire
       
      Salut

      Donc avec spybot :

      Windows security center-AntivirusDisableNotify
      Réglages : HKEY_LOCAL_MACHINE\SOFTWARE\
      Microsoft\Security center\antivirusdisablenotify!=dword:0

      J'ai corrigé les problèmes

      Avec Ad Aware :

      Tracking cookie
      Type : IE cache entry
      Categorie : data miner
      Objet : @bluestreak.com/
      @estat.com/
      @adtech.de/
      @imrworldwide.com/cgi.bin

      mis en quarantaine et supprimés

      J'ai relancer spyware aol mais winfixer est toujours là

      merci a+
      0
  10. Utilisateur anonyme
     
    re,
    fais ce scan en ligne et colle le rapport stp
    http://www.pandasoftware.com/products/activescan

    a+
    0
    1. Claire
       
      Salut

      Voici le rapport


      Incident Status Location

      Spyware:Cookie/Com.com Reported C:\Documents and Settings\Claire CHATAIGNER\Cookies\claire chataigner@com[2].txt
      Spyware:Cookie/fe.lea.lycos Reported C:\Documents and Settings\Claire CHATAIGNER\Cookies\claire chataigner@fe.lea.lycos[1].txt
      Spyware:Cookie/Xiti Reported C:\Documents and Settings\Claire CHATAIGNER\Cookies\claire chataigner@xiti[1].txt
      Spyware:Cookie/Xiti Reported C:\Documents and Settings\Claire CHATAIGNER\Application Data\Mozilla\Firefox\Profiles\roiwhgda.default\cookies.txt[.xiti.com/]
      Spyware:Cookie/Com.com Reported C:\Documents and Settings\Claire CHATAIGNER\Cookies\claire chataigner@com[2].txt
      Spyware:Cookie/fe.lea.lycos Reported C:\Documents and Settings\Claire CHATAIGNER\Cookies\claire chataigner@fe.lea.lycos[1].txt
      Spyware:Cookie/Xiti Reported C:\Documents and Settings\Claire CHATAIGNER\Cookies\claire chataigner@xiti[1].txt

      Merci a+
      0
  11. Utilisateur anonyme
     
    salut

    Télécharge ce fichier : winfixer
    http://home.tele2.fr/gchrispage/index/download/fichiers_&_scripts/winfixer.zip
    Dézippe-le sur ton bureau.
    Dans le dossier, double-clic sur winfixer.reg et accepte la fusion à ton registre.

    a+
    0
    1. Claire
       
      Hi

      j'ai cliqué droit sur winfixer.reg, je répond oui et j'ai une fenêtre de l'éditeur de registre :

      Impossible d'importer winfixer.reg le fichier spécifié n'est pas un script du registre
      Vous pouvez uniquement importer des fichiers du registre binaires à partir de l'éditeur de registre


      merci a+
      0
  12. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    le reg ne fonctionne pas regedit est ecrit en minuscule il me semble
    0
    1. Claire
       
      Hello

      Merci pour ta réponse mais je ne comprend pas plus, pas douée en informatique.

      Y a plus rien à faire ?

      a+
      0
  13. Utilisateur anonyme
     
    Bonjour claire,
    toujours pareil ou pas?

    a+
    0
    1. Claire
       
      Bonjour Regis,

      Malheureusement c'est toujours pareil, le spyware d'aol me trouve toujours winfixer.
      Mais je n'ai pas compris pour le registre, avec le message que j'ai noté plus haut, ça n'a pas l'air d'avoir fonctionné.
      Et je n'ai pas compris ce que je dois faire avec le dernier lien que tu m'as donné.
      Je suis un peu beaucoup perdue ! j'espère que je ne suis pas un cas désespéré ,-)

      Merci a+
      0
  14. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    ouvre le bloc note et copie colle ceci entre les etoiles
    **********
    REGEDIT4
    [-HKEY_CLASSES_ROOT\compcleancore.appcleaner.1\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.appcleaner\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.appcleaner\curver]
    [-HKEY_CLASSES_ROOT\compcleancore.filecleaner.1\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.filecleaner\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.filecleaner\curver]
    [-HKEY_CLASSES_ROOT\compcleancore.inetcleaner.1\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.inetcleaner\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.inetcleaner\curver]
    [-HKEY_CLASSES_ROOT\compcleancore.regcleaner.1\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.regcleaner\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.regcleaner\curver]
    [-HKEY_CLASSES_ROOT\compcleancore.systemcleaner.1\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.systemcleaner\clsid]
    [-HKEY_CLASSES_ROOT\compcleancore.systemcleaner\curver]
    [-HKEY_CLASSES_ROOT\df_fixer.fixer.1\clsid]
    [-HKEY_CLASSES_ROOT\df_fixer.fixer\clsid]
    [-HKEY_CLASSES_ROOT\df_fixer.fixer\curver]
    [-HKEY_CLASSES_ROOT\df_proxy.drivermanipulate.1\clsid]
    [-HKEY_CLASSES_ROOT\df_proxy.drivermanipulate\clsid]
    [-HKEY_CLASSES_ROOT\df_proxy.drivermanipulate\curver]
    [-HKEY_CLASSES_ROOT\ffcom.flfixer\clsid]
    [-HKEY_CLASSES_ROOT\ffwraper.ffenginwraper.1\clsid]
    [-HKEY_CLASSES_ROOT\ffwraper.ffenginwraper\clsid]
    [-HKEY_CLASSES_ROOT\ffwraper.ffenginwraper\curver]
    [-HKEY_CLASSES_ROOT\fixcore.mmfixcore.1\clsid]
    [-HKEY_CLASSES_ROOT\fixcore.mmfixcore\clsid]
    [-HKEY_CLASSES_ROOT\fixcore.mmfixcore\curver]
    [-HKEY_CLASSES_ROOT\interface\{1ce1c25b-f8b4-4974-99d2-5d4ae96b9900}]
    [-HKEY_CLASSES_ROOT\interface\{9e984934-cd94-4763-9dbc-618e483d4b7f}]
    [-HKEY_CLASSES_ROOT\typelib\{30ed49a5-ca6c-4918-b5f3-5e6818c91d8b}\1.0]
    [-HKEY_CLASSES_ROOT\typelib\{6a077841-5016-42c8-92c8-f2d6b865bcd1}]
    [-HKEY_CLASSES_ROOT\typelib\{ad70ac89-f460-4e7e-b5a5-7eaf7e207736}]
    [-HKEY_CLASSES_ROOT\typelib\{b6625280-8cd8-4632-97c0-83cec12a49a3}]
    [-HKEY_CLASSES_ROOT\typelib\{f458adae-d53b-4859-b99f-9fa127791278}]
    [-HKEY_CLASSES_ROOT\typelib\{fc76a5b8-db35-4f3e-8b9a-bf0eea098d64}]
    [-HKEY_CURRENT_USER\software\winsoftware\winfixer 2005]

    ************
    enregistre le sur ton bureau et nomme le www.reg
    et dans la case en dessous type met sur tous fichiers

    la vas sur ton bureau et double clik sur se fichier que tu vient de faire et accepte la fusion avec le registre
    0
    1. Claire
       
      Bonjour Baltrap34,

      Merci pour ta réponse.
      J'ai effectué la manip que tu m'as demandé, tout a bien fonctionné.
      Que dois-je faire maintenant ?

      Merci a+
      0
  15. balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
     
    redemarre et dit moi si aol le detecte toujours
    si oui a quelle endroit exactement
    0
    1. Claire
       
      Salut,

      Winfixer est toujours détecté, mais je ne peux pas te dire où car le spyware d'aol ne me donne que le nom du malware et pas son emplacement, mais il le découvre au début du scan (au bout de 10 000 fichiers), si ça peut te donner une idée.

      Merci a+
      0
  16. Utilisateur anonyme
     
    salut claire
    spybot te detecte qqchose?
    Quelque chose appele rotue?

    a+
    0
    1. Claire
       
      Salut Regis,

      Auncun mouchard trouvé par spybot, mais toujours par le spyware d'aol.

      Y a de quoi devenir chèvre ! 8-

      Merci à+
      0
  17. Rumbacampus Messages postés 1244 Statut Membre 184
     
    salut vous tous

    Pour voir où le logiciel d'AOL trouve winfixer, dans l'antispyware d'AOL, cliques sur "options" et "afficher les rapports" tu trouveras la clé de registre ou le fichier incriminé.
    Copies-le sur ce post, pour vérifier qu'il ne s'agit pas d'une fausse alerte (AOL croit des fois trouver des malware dans de simples fichiers ou clés de registre normaux, générés par des programmes légitimes).
    Quoiqu'il en soit, l'information sera intéressante.

    @+
    0
  18. Utilisateur anonyme
     
    Salut claire
    < 33 > - Spyware aol a détecté Winfixer
    Ajouté par Rumbacampus (23/10/2005 à 15:53 GMT+2)
    salut vous tous

    Pour voir où le logiciel d'AOL trouve winfixer, dans l'antispyware d'AOL, cliques sur "options" et "afficher les rapports" tu trouveras la clé de registre ou le fichier incriminé.
    Copies-le sur ce post, pour vérifier qu'il ne s'agit pas d'une fausse alerte (AOL croit des fois trouver des malware dans de simples fichiers ou clés de registre normaux, générés par des programmes légitimes).
    Quoiqu'il en soit, l'information sera intéressante.

    @+
    0
    1. Claire
       
      Merci Rumbacampus, je ne connaissais pas cette option.

      Régis, voici le rapport du spyware d'aol :

      n
      *****************

      ASP Version: 1.0.78 Definition Date: 08-31-05 Date: 07/09/2005 21:03:03
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 08-31-05 Date: 07/09/2005 21:03:05
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 08-31-05 Date: 07/09/2005 21:03:24
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}
      Spyware Name: Exploit.CHM
      *****************

      ASP Version: 1.0.78 Definition Date: 08-31-05 Date: 07/09/2005 21:03:27
      Action: Begin File Scan
      *****************

      *****************07/09/2005 21:49:43: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {B45FF030-4447-11D2-85DE-00C04FA35C89}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-07-05 Date: 14/09/2005 20:05:49
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-07-05 Date: 14/09/2005 20:05:53
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-07-05 Date: 14/09/2005 20:06:55
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}
      Spyware Name: Exploit.CHM
      *****************

      ASP Version: 1.0.78 Definition Date: 09-07-05 Date: 14/09/2005 20:07:09
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-07-05 Date: 14/09/2005 20:25:33
      Action: Found: c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\zlib.dll
      Spyware Name: DiabloKeys
      *****************

      *****************14/09/2005 20:55:33: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {B45FF030-4447-11D2-85DE-00C04FA35C89}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 19:00:51
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 19:00:53
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 19:01:10
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
      Spyware Name: NaughtyPops
      *****************

      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 19:01:43
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 19:19:47
      Action: Found: c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\zlib.dll
      Spyware Name: DiabloKeys
      *****************

      *****************20/09/2005 19:35:28: Delete: c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\ : zlib.dll
      *****************
      *****************20/09/2005 19:35:28: Delete: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\ : 5603
      *****************
      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 21:45:53
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 21:45:55
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-14-05 Date: 20/09/2005 21:46:43
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 20:26:08
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 20:26:10
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 20:27:02
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 20:27:02
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 20:27:02
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 20:27:02
      Action: Begin File Scan
      *****************

      *****************23/09/2005 21:22:30: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {6BF52A52-394A-11D3-B153-00C04F79FAA6}
      *****************
      *****************23/09/2005 21:22:30: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {25336920-03F9-11CF-8FD0-00AA00686F13}
      *****************
      *****************23/09/2005 21:22:30: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 22:27:28
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 22:27:30
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 22:28:30
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 23/09/2005 22:28:30
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 24/09/2005 20:26:45
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 24/09/2005 20:26:47
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 24/09/2005 20:27:37
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 24/09/2005 20:27:38
      Action: Begin File Scan
      *****************

      *****************24/09/2005 21:18:44: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 25/09/2005 20:27:03
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 25/09/2005 20:27:06
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 25/09/2005 20:27:07
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 27/09/2005 20:26:57
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 27/09/2005 20:26:59
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 27/09/2005 20:27:18
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
      Spyware Name: NaughtyPops
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 27/09/2005 20:27:48
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 27/09/2005 20:27:48
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 28/09/2005 20:27:23
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 28/09/2005 20:27:25
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 28/09/2005 20:27:46
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
      Spyware Name: NaughtyPops
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 28/09/2005 20:28:32
      Action: Begin File Scan
      *****************

      *****************28/09/2005 20:29:50: Delete: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\ : 5603
      *****************
      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 01/10/2005 19:59:49
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 01/10/2005 19:59:52
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 01/10/2005 20:00:44
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 01/10/2005 20:00:44
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 01/10/2005 20:00:44
      Action: Begin File Scan
      *****************

      *****************01/10/2005 20:27:52: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {6BF52A52-394A-11D3-B153-00C04F79FAA6}
      *****************
      *****************01/10/2005 20:27:52: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:03:59
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:04:01
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:04:52
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:04:52
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:04:52
      Action: Begin File Scan
      *****************

      *****************02/10/2005 17:16:01: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {6BF52A52-394A-11D3-B153-00C04F79FAA6}
      *****************
      *****************02/10/2005 17:16:01: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:28:22
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:28:24
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-21-05 Date: 02/10/2005 17:29:16
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 11:09:57
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 11:09:59
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 11:10:49
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 11:10:49
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 14:26:36
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 14:26:38
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 14:26:51
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 16:27:22
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 16:27:24
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 16:28:12
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 16:28:12
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 04/10/2005 16:48:03
      Action: Found: c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\zlib.dll
      Spyware Name: DiabloKeys
      *****************

      *****************04/10/2005 17:20:27: Delete: c:\Program Files\Fichiers communs\Roxio Shared\DLLShared\ : zlib.dll
      *****************
      *****************04/10/2005 17:20:27: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 05/10/2005 20:27:05
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 05/10/2005 20:27:07
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 09-28-05 Date: 05/10/2005 20:27:14
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 07/10/2005 22:27:03
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 07/10/2005 22:27:07
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 07/10/2005 22:27:40
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
      Spyware Name: NaughtyPops
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 07/10/2005 22:28:14
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 07/10/2005 22:28:14
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 07/10/2005 22:28:17
      Action: Begin File Scan
      *****************

      *****************07/10/2005 23:18:49: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {6BF52A52-394A-11D3-B153-00C04F79FAA6}
      *****************
      *****************07/10/2005 23:18:49: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      *****************07/10/2005 23:18:50: Delete: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\ : 5603
      *****************
      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 08/10/2005 15:27:42
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 08/10/2005 15:27:44
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 08/10/2005 15:28:37
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 08/10/2005 15:28:40
      Action: Begin File Scan
      *****************

      *****************08/10/2005 16:00:08: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 18:18:03
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 18:18:05
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 18:18:58
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 18:19:00
      Action: Begin File Scan
      *****************

      *****************11/10/2005 18:43:40: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 20:27:09
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 20:27:12
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 20:28:04
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-05-05 Date: 11/10/2005 20:28:07
      Action: Begin File Scan
      *****************

      *****************11/10/2005 20:33:06: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 19:01:42
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 19:01:45
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 19:02:40
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 19:02:44
      Action: Begin File Scan
      *****************

      *****************13/10/2005 19:34:14: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 20:26:45
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 20:26:50
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 20:27:50
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 13/10/2005 20:27:54
      Action: Begin File Scan
      *****************

      *****************13/10/2005 21:04:15: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 18:02:12
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 18:02:15
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 18:03:02
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}
      Spyware Name: Exploit.CHM
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 18:03:13
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 18:03:17
      Action: Begin File Scan
      *****************

      *****************16/10/2005 18:29:12: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      *****************16/10/2005 18:29:12: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {B45FF030-4447-11D2-85DE-00C04FA35C89}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 19:21:26
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 19:21:29
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 19:22:19
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 19:22:22
      Action: Begin File Scan
      *****************

      *****************16/10/2005 19:47:10: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 20:28:47
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 20:29:10
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 16/10/2005 20:30:40
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 19:24:19
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 19:24:22
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 19:25:14
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 19:25:18
      Action: Begin File Scan
      *****************

      *****************19/10/2005 19:52:03: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 20:27:19
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 20:27:23
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 20:28:14
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 19/10/2005 20:28:18
      Action: Begin File Scan
      *****************

      *****************19/10/2005 21:15:39: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 22:54:43
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 22:54:45
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 22:55:32
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
      Spyware Name: NaughtyPops
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 22:57:25
      Action: Begin File Scan
      *****************

      *****************20/10/2005 22:59:24: Delete: HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\ : 5603
      *****************
      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 23:00:02
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 23:00:04
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 20/10/2005 23:02:43
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 21/10/2005 18:32:17
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 21/10/2005 18:32:20
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 21/10/2005 18:33:14
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-12-05 Date: 21/10/2005 18:33:18
      Action: Begin File Scan
      *****************

      *****************21/10/2005 19:16:04: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 20:29:05
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 20:29:25
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 20:30:32
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 20:30:36
      Action: Begin File Scan
      *****************

      *****************21/10/2005 21:21:12: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 22:27:16
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 22:27:20
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 22:42:48
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 22:42:51
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 22:43:41
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 21/10/2005 22:43:44
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 22/10/2005 00:27:33
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 22/10/2005 00:27:35
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 13:54:45
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 13:54:48
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 13:55:37
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 13:55:41
      Action: Begin File Scan
      *****************

      *****************23/10/2005 13:55:47: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:27:14
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:27:17
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:28:11
      Action: Begin File Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:53:33
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:53:37
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:54:27
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 14:54:31
      Action: Begin File Scan
      *****************

      *****************23/10/2005 14:54:56: Delete: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\ : {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      *****************
      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 15:56:58
      Action: Begin Memory Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 15:57:01
      Action: Begin Registry Scan
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 15:57:51
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 15:57:51
      Action: Found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}
      Spyware Name: WinFixer
      *****************

      ASP Version: 1.0.78 Definition Date: 10-19-05 Date: 23/10/2005 15:57:54
      Action: Begin File Scan
      *****************

      Merci pour ton aide a+
      0
  • 1
  • 2
  • 3