logfile mode sans echec smitfraudfix

Question

SmitFraudFix v2.11

Rapport fait à 16:14:16,48 le 02/01/2006
Executé à partir de C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\kl.exe supprimé
C:\WINDOWS\ms1.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS\tool1.exe supprimé
C:\WINDOWS\tool2.exe supprimé
C:\WINDOWS\tool3.exe supprimé
C:\WINDOWS\tool4.exe supprimé
C:\WINDOWS\tool5.exe supprimé
C:\Program Files\Daily Weather Forecast\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Afficher la suite

aranjuez31 · Answer

bjroui et alors c'est à quoi ???

Utilisateur anonyme · Answer

reRestes sur le meme posteLorsque tu reviens sur le forum, clik sur repondre a Regis59comme ca tu mettras tous ce que l on fait a  la suite, sinon je pourrais pas suivre, imagine, j ai 15postes a m occuper sur ce forum sans compter d autres forums alors si t ouvres un poste a chaque fois, je ne sais plus ou on est arrivé lolTu vois?a+

Utilisateur anonyme · Answer

lol5 fois que je le repete[Mode 'marre de tout repeter']

Dovanz · Answer

ben poutant g bien mis a la suite !!! bon et maintenant g envoyé le rapport et apres???

Utilisateur anonyme · Answer

saluttu sais tant que tu ne mettras pas les postes sur un seul, ca va etre dur de t aiderIl te suffit de prendre un poste et de clik sur [repondre a ce message]A+

aranjuez31 · Answer

bjr les copsmoi je le laisserais tomber puisqu'il s'obstine ds sa surdité !!

dovanz · Answer

que veut tu dire par ce poste ??? c peut etre parce que je pige pas c tout chuis pas sourd !!!

Utilisateur anonyme · Answer

ok,restes ici et ne cree pas 50postes ailleurs stpPeux tu remettre les 3programmes que je t avais demandé?hijack this, registry tools et silent runnerMerci, a demainPS: On est tres simpa !

dovanz · Answer

bon ok voici celui de hijackthis:==========================================Logfile of HijackThis v1.99.1Scan saved at 13:47:15, on 02/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exec:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exec:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exec:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\hphmon06.exeC:\HP\KBD\KBD.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\system32\rundll32.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\ALCMTR.EXEC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exec:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\RFA\rfagent.exeC:\Program Files\Daily Weather Forecast\weather.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\explorer.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\XoftSpy\XoftSpy.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Xi\NetTransport 2\NetTransport.exeC:\hijackthis_199\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: (no name) - {ABA2AE83-989B-843D-787E-183B98227AC0} - C:\DOCUME~1\HP_PRO~1\APPLIC~1\DUMBMA~1\ModeBook.exe (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dllO3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLLO3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exeO4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Xxwllohm] C:\Program Files\Wssd\Sthxdmn.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [poke copy grid stop] C:\Documents and Settings\All Users\Application Data\Else Ace Poke Copy\Once each.exeO4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exeO4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exeO4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorunO4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe"O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exeO4 - HKLM\..\Run: [c:\hp\drivers\keyboard\PS2.EXE] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EX$O4 - Startup: UltraMètre.lnk = C:\ultrameter\ultrameter.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htmO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008YYFR_ZSzeb029XXCAO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.htmlO8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://129.15.200.110/activex/AMC.cabO16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/FanLorie.exeO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.varldskulturmuseet.se/activex/AMC.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe=========================================celui de registry tools=========================================REGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "browsela" 04/01/2006 12:04:27; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]@="C:\WINDOWS\system32\browsela.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}\InprocServer32]@="C:\WINDOWS\system32\browsela.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela]"DLLName"="C:\WINDOWS\system32\browsela.dll"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Beyersdorf\HexDecCharEditor\1.02]"File0"="C:\WINDOWS\system32\browsela1"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Beyersdorf\HexDecCharEditor\1.02]"File1"="C:\WINDOWS\system32\browsela.dll"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU]"f"="C:\WINDOWS\system32\browsela1"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]"d"="C:\WINDOWS\system32\browsela.dll"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\txt]"c"="C:\WINDOWS\system32\browsela1.txt"==========================================Puis celui de silentrunners=========================================="Silent Runners.vbs", revision 41, http://www.silentrunners.org/Operating System: Windows XP SP2Output limited to non-default values, except where indicated by "{++}"Startup items buried in registry:---------------------------------HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"IncrediMail" = "C:\Program Files\IncrediMail\bin\IncMail.exe /c" ["IncrediMail, Ltd."]"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]"Gadwin PrintScreen 3.1" = "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash" ["Gadwin Systems, Inc."]"Skype" = ""C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."]HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]"Raccourci vers la page des propriétés de High Definition Audio" = "HDAudPropShortcut.exe" ["Windows (R) Server 2003 DDK provider"]"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]"HPHUPD06" = "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" ["Hewlett-Packard"]"HPHmon06" = "C:\WINDOWS\system32\hphmon06.exe" ["Hewlett-Packard"]"KBD" = "C:\HP\KBD\KBD.EXE" ["Hewlett-Packard Company"]"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]"ccApp" = ""c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]"IS CfgWiz" = "c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"" ["Symantec Corporation"]"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]"AlcWzrd" = "ALCWZRD.EXE" ["RealTek Semicoductor Corp."]"Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."]"LSBWatcher" = "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" ["Hewlett-Packard Company"]"MessengerPlus3" = ""C:\Program Files\MessengerPlus! 3\MsgPlus.exe"" ["Patchou"]"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]"Xxwllohm" = "C:\Program Files\Wssd\Sthxdmn.exe" [file not found]"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]"poke copy grid stop" = "C:\Documents and Settings\All Users\Application Data\Else Ace Poke Copy\Once each.exe" [null data]"Easy PDF Creator" = "C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe" [file not found]"WeatherOnTray" = "C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe" [file not found]"Device Detector" = "DevDetect.exe -autorun" ["ACD Systems, Ltd."]"rfagent" = ""C:\Program Files\RFA\rfagent.exe"" ["KsL Software"]"c:\hp\drivers\keyboard\PS2.EXE" = "C:\WINDOWS\system32\ps2.exe" [file not found]"TrojanScanner" = "C:\Program Files\Trojan Remover\Trjscan.exe" ["Simply Super Software"]HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = "SSVHelper Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]{83B80A9C-D91A-4F22-8DCF-EA7204039F79}\(Default) = "NetXfer"  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Xi\NetXfer\NXIEHelper.dll" ["Xi"]{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = "Google Toolbar Helper" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\program files\google\googletoolbar2.dll" ["Google Inc."]{ABA2AE83-989B-843D-787E-183B98227AC0}\(Default) = (no title provided)  -> {CLSID}\InProcServer32\(Default) = "C:\DOCUME~1\HP_PRO~1\APPLIC~1\DUMBMA~1\ModeBook.exe" [file not found]{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "CNavExtBho Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]{C56CB6B0-0D96-11D6-8C65-B2868B609932}\(Default) = "NTIECatcher Class" [from CLSID]  -> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll" ["Xi"]HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"  -> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"  -> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]==========================================Ensuite celui de smitfraudfix étape 1==========================================SmitFraudFix v2.11Rapport fait à 12:15:47,79 le 04/01/2006Executé à partir de C:\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\HP_Propri‚taire\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau  »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant""{31EE3286-D785-4E3F-95FC-51D00FDABC01}"="Master Browseui"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport==========================================Enfin celui de smitfraudfix étape 2==========================================SmitFraudFix v2.11Rapport fait à 12:17:12,20 le 04/01/2006Executé à partir de C:\SmitfraudFix\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Utilisateur anonyme · Answer

ok,HijackThis -> Open the misc tools sections -> open Uninstall manager -> clique sur "Save list" -> enregistre le fichier -> fais-en un copier/coller ici.

Dovanz · Answer

voici la liste que tu as demandé==========================================ACDSee 8Adobe Acrobat - Reader 6.0.2 UpdateAdobe Acrobat and Reader 6.0.3 UpdateAdobe Acrobat and Reader 6.0.4 UpdateAdobe Reader 6.0.1 - FrançaisAdobe Stock Photos 1.0Advanced IP Scanner v1.4Agere Systems PCI Soft ModemAnti-Leech Plugin for Internet ExplorerAV Voice Changer Software 3.0AVS Video Converter 4.3.1.371AXIS Media ControlAXIS Media Control EmbeddedCC_ccProxyExtccCommonccPxyCoreComplément Microsoft Word pour Microsoft Works SuiteConnexion Facile à InternetCopernic Agent ProfessionalCorrectif Windows XP - KB873333Correctif Windows XP - KB873339Correctif Windows XP - KB883667Correctif Windows XP - KB885250Correctif Windows XP - KB885835Correctif Windows XP - KB885836Correctif Windows XP - KB886185Correctif Windows XP - KB887472Correctif Windows XP - KB887742Correctif Windows XP - KB888113Correctif Windows XP - KB888302Correctif Windows XP - KB890175Correctif Windows XP - KB890859Correctif Windows XP - KB890923Correctif Windows XP - KB891781Correctif Windows XP - KB893066Correctif Windows XP - KB893086Creative PC-CAM CenterCreative WebCam MonitorCreative WebCam NX Ultra Driver (1.00.06.0919)Dev-C++ 5 beta 9 release (4.9.9.2)Direct Show Ogg Vorbis Filter (remove only)DivXDivX PlayereMuleEncyclopédie Microsoft Encarta 2005Free Buttons.orgGadwin PrintScreenGif Movie Gear 4Google EarthGoogle Toolbar for Internet ExplorerHalf-LifeHelp and Support AdditionsHigh Definition Audio Driver Package - KB835221HijackThis 1.99.1Hotbar Browser, Weather and Wowpapers ToolsHotbar Outlook ToolsHotbar ShopperReportsHP Appareils photos Photosmart 4.0HP Deskjet 3840 SeriesHP Deskjet Preloaded Printer DriversHP Image Zone 4.5.3HP Image Zone Plus 4.5.3HP PSC & OfficeJet 4.0HP Software UpdateHPIZplus450IncrediMail XeInterVideo DiscLabelInterVideo WinDVD CreatorInterVideo WinDVD PlayeriTunesJ2SE Runtime Environment 5.0 Update 6Jasc Paint Shop Pro 9Jasc Paint Shop Pro 9.01 PatchJava 2 Runtime Environment, SE v1.4.2_03KBDK-Lite Mega Codec Pack 1.34KonvertorLecteur Windows Media 10LiveboxLiveReg (Symantec Corporation)LiveUpdate 2.5 (Symantec Corporation)Macromedia Flash Player 8Macromedia Shockwave PlayerManuel d'utilisation de Creative WebCam NX Ultra (Français)Messenger Plus! 3Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 French Language PackMicrosoft AntiSpywareMicrosoft AutoRoute 2005Microsoft FrontPage ExpressMicrosoft MoneyMicrosoft Office Small Business Edition 2003Microsoft Photo Premium 10Microsoft WorksMise à jour de sécurité pour Step by Step Interactive Training (KB898458)Mise à jour de sécurité pour Windows XP (KB883939)Mise à jour de sécurité pour Windows XP (KB890046)Mise à jour de sécurité pour Windows XP (KB893756)Mise à jour de sécurité pour Windows XP (KB896358)Mise à jour de sécurité pour Windows XP (KB896422)Mise à jour de sécurité pour Windows XP (KB896423)Mise à jour de sécurité pour Windows XP (KB896424)Mise à jour de sécurité pour Windows XP (KB896428)Mise à jour de sécurité pour Windows XP (KB896688)Mise à jour de sécurité pour Windows XP (KB899587)Mise à jour de sécurité pour Windows XP (KB899588)Mise à jour de sécurité pour Windows XP (KB899591)Mise à jour de sécurité pour Windows XP (KB900725)Mise à jour de sécurité pour Windows XP (KB901017)Mise à jour de sécurité pour Windows XP (KB901214)Mise à jour de sécurité pour Windows XP (KB902400)Mise à jour de sécurité pour Windows XP (KB903235)Mise à jour de sécurité pour Windows XP (KB904706)Mise à jour de sécurité pour Windows XP (KB905414)Mise à jour de sécurité pour Windows XP (KB905749)Mise à jour de sécurité pour Windows XP (KB905915)Mise à jour pour Windows XP (KB894391)Mise à jour pour Windows XP (KB896727)Mise à jour pour Windows XP (KB898461)Mise à jour pour Windows XP (KB910437)Mozilla Firefox (1.0.7)MSN Messenger 7.5MSRedistNeoTrace Pro 3.25 TrialNet Transport 1.94.282Norton AntiSpamNorton AntiVirus 2005Norton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet SecurityNorton Internet Security 2005 (Symantec Corporation)Norton Security CenterNorton WMI UpdateNorton WMI UpdateNVIDIA DriversNvu 1.0PC-Doctor for WindowsPhotosmart 320,370,7400,8100,8400 Series (fra)PMsn Paraiso v1.2.40PowerCrypt 2000Programme de désinstallation de l'imprimante hp deskjet 450Python 2.2 pywin32 extensions (build 203)Python 2.2.3Quick Zip 4.60.005QuickTimeRegistry First AidSagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11gSélecteur d'installation de Microsoft Works 2005SereneScreen Marine Aquarium 2ShockwaveShopperReports by HotbarSkype 1.4SnadBoy's Revelation v2Sonic Express LabelerSonic RecordNow!SPBBCSpybot - Search & Destroy 1.4StuffPlug-NG (Messenger Plus! Plugins)SymNetTeleport ProTrojan Remover 6.4.4UPX Shell 3.2.1.2007Utilitaires SierraUtility SierraWindows Installer 3.1 (KB893803)Windows Media Format RuntimeWinRAR archiverXoftSpy

Utilisateur anonyme · Answer

redesinstalle XoftSpyet remet un hijack thisa+PS: Attention a tes surfs, tu as pas des pubs X?

Dovanz · Answer

je remet un coup de hijackthis en quel mode avec le logfile ou la liste de mes progz et pour les pubs X j'en é pas trop ca va

Utilisateur anonyme · Answer

Re,en  mode normal, je veux un logfiles hijack this, cad ceciLogfile of HijackThis v1.99.1 Scan saved at 13:47:15, on 02/01/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32undll32.exe c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe C:\WINDOWS\ALCMTR.EXE C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\WINDOWS\system32
vsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\RFAfagent.exe C:\Program Files\Daily Weather Forecast\weather.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\XoftSpy\XoftSpy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Xi\NetTransport 2\NetTransport.exe C:\hijackthis_199\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=pavilion&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: (no name) - {ABA2AE83-989B-843D-787E-183B98227AC0} - C:\DOCUME~1\HP_PRO~1\APPLIC~1\DUMBMA~1\ModeBook.exe (file missing) O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Xxwllohm] C:\Program Files\Wssd\Sthxdmn.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [poke copy grid stop] C:\Documents and Settings\All Users\Application Data\Else Ace Poke Copy\Once each.exe O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFAfagent.exe" O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe O4 - HKLM\..\Run: [c:\hp\drivers\keyboard\PS2.EXE] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EX$ O4 - Startup: UltraMètre.lnk = C:\ultrameter\ultrameter.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exe O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ? O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htm O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008YYFR_ZSzeb029XXCA O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://129.15.200.110/activex/AMC.cab O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/FanLorie.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.varldskulturmuseet.se/activex/AMC.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exe a++

Dovanz · Answer

voila le nouvo hijackthis lofile==========================================Logfile of HijackThis v1.99.1Scan saved at 13:59:00, on 04/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exec:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exec:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exec:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32undll32.exeC:\WINDOWS\system32\hphmon06.exeC:\HP\KBD\KBD.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\WINDOWS\ALCMTR.EXEC:\WINDOWS\System32\svchost.exeC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exeC:\Program Files\RFAfagent.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Daily Weather Forecast\weather.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\ultrameter\ultrameter.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\hijackthis_199\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blankR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: (no name) - {ABA2AE83-989B-843D-787E-183B98227AC0} - C:\DOCUME~1\HP_PRO~1\APPLIC~1\DUMBMA~1\ModeBook.exe (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dllO3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLLO3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file)O3 - Toolbar: SearchBar.us ToolBand - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - C:\PROGRA~1\IETOOL~1\SEARCH~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exeO4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXEO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [poke copy grid stop] C:\Documents and Settings\All Users\Application Data\Else Ace Poke Copy\Once each.exeO4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exeO4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorunO4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFAfagent.exe"O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exeO4 - HKLM\..\Run: [c:\hp\drivers\keyboard\PS2.EXE] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: UltraMètre.lnk = C:\ultrameter\ultrameter.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008YYFR_ZSzeb029XXCAO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.htmlO8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://129.15.200.110/activex/AMC.cabO16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/FanLorie.exeO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.varldskulturmuseet.se/activex/AMC.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Utilisateur anonyme · Answer

Bonjour, Méthode à suivre dans l'ordre... ---------------------------------------------------------------------------- ¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite: 1/Spybot S&D 1.4 <<nouvelle version.http://www.safer-networking.org/fr/index.html Démo d’utilisation (merci à Balltrap34 pour cette réalisation).http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm2/Ad-Aware SE 1.06 <<nouvelle version.http://www.lavasoftusa.com/software/adaware/ -Une aide:http://www.tutopat.com/viewtopic.php?t=1191 - installe le patch français, tu pourras le trouver ici: http://download.lavasoft.de.edgesuite.net/public/pllangs.exe et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).http://pageperso.aol.fr/balltrap34/adawrevid.asf ---------------------------------------------------------------------------- ¤Affiche tous les fichiers et dossiers : Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage Coche « afficher les fichiers et dossiers cachés » Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" Décoche « masquer les extensions dont le type est connu » Puis fais «Ok» pour valider les changements. Et appliquer !---------------------------------------------------------------------------- ¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked : R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank O3 - Toolbar: (no name) - {74CC49F7-EB32-4A08-B204-948962A6E3DB} - (no file) O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [poke copy grid stop] C:\Documents and Settings\All Users\Application Data\Else Ace Poke Copy\Once each.exe O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\HbTools\Bin\4.7.0.0\HbtWeatherOnTray.exe  O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb008YYFR_ZSzeb029XXCA O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dll O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://129.15.200.110/activex/AMC.cab O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://www.sexequalite.com/39220/FanLorie.exe O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.varldskulturmuseet.se/activex/AMC.cab O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll ---------------------------------------------------------------------------- ¤Démarre en mode sans échec : Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! (Si F8 ne marche pas utilise la touche F5).  ----------------------------------------------------------------------------¤Vide tes fichiers temps et temporary internet file: :: Supprimer les fichiers temporaires :: vider tout le contenu de ces dossiers. * C:\Documents and Settings	on compte\Local Settings\Temp * C:\Documents and Settings	ous les autres comptes\Local Settings\Temp * C:\Windows\Temp :: Le contenu du dossier prefetch :: * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini * Ne pas oublier de vider la corbeille !----------------------------------------------------------------------------¤Recherche et supprime ceci: attention seulement les fichiers  (si présents).C:\WINDOWS\ALCMTR.EXE C:\Documents and Settings\All Users\Application Data\Else Ace Poke CopyC:\Program Files\HbTools C:\Program Files\Daily Weather ForecastC:\WINDOWS\system32\browsela.dll ----------------------------------------------------------------------------¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…----------------------------------------------------------------------------¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…----------------------------------------------------------------------------¤ Vide ta Corbeille.----------------------------------------------------------------------------¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.Précise tes soucis s’il en reste.... Tiens-moi au courant  A+ PS: NeoTrace It <-- J'espere que c'est a des fins nobles

Dovanz · Answer

je ne peux supprimer que hbtools les autres ca me met que c'est impossible et que c peut etre utilisé par une autre personne ou un autre programmej'utilise neo trace pro par curiosité pour tracer l'ip de ceux qui m'envoie des virus.

dovanz · Answer

g tout supprimé sauf browsela.dll et quelque fichier temp qui sont restés du nom de hpodvd09.log, ~DF4DDB.tmp , ~DF2A05.tmp peut etre ont-ils un rapport???

Utilisateur anonyme · Answer

saluttu as bien suivi la procedure, tu etais bien en mode sans echec?

Dovanz · Answer

oui attend je vé réessayer mé je doit supprimer les fichiers dans temporary internet files ???

Utilisateur anonyme · Answer

Oui tu peux, c est sans gravité mais moi je n indique que ceci* C:\Documents and Settings	on compte\Local Settings\Temp * C:\Documents and Settings	ous les autres comptes\Local Settings\Temp * C:\Windows\Temp :: Le contenu du dossier prefetch :: * C:\WINDOWS\Prefetch <= sauf le fichier layout.ini a+

Dovanz · Answer

tout é partit dans temp mé pas  browsela.dll malheureusement.  c dingue il é vachement résistant ce trojan en plus le type a pris mon mot de passe msn et il insulte mes contacts !!!

Utilisateur anonyme · Answer

salutah bon ?? je n etais pas au courant de ce problemeremet moi un hijackthis, je sais que tu ne l auras pas comme ca le browsela.dll

Dovanz · Answer

voici le nouveau hijackthisLogfile of HijackThis v1.99.1Scan saved at 17:31:39, on 04/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exec:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exec:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exec:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\hphmon06.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32undll32.exeC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\RFAfagent.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\ultrameter\ultrameter.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\HP_Propriétaire\Mes documents\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: (no name) - {ABA2AE83-989B-843D-787E-183B98227AC0} - C:\DOCUME~1\HP_PRO~1\APPLIC~1\DUMBMA~1\ModeBook.exe (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dllO3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLLO3 - Toolbar: SearchBar.us ToolBand - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - C:\PROGRA~1\IETOOL~1\SEARCH~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exeO4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorunO4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFAfagent.exe"O4 - HKLM\..\Run: [c:\hp\drivers\keyboard\PS2.EXE] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: UltraMètre.lnk = C:\ultrameter\ultrameter.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.htmlO8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.varldskulturmuseet.se/activex/AMC.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Utilisateur anonyme · Answer

Bon on va s en occuper de suiteTélécharge ceci Registry Search Tool http://www.billsway.com/vbspage/ décompresse le et tape ou colle  browsela.dll et copie colle le résultat dans le bloc note et donne le nousA+

Dovanz · Answer

voici le rapport:REGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "browsela.dll" 04/01/2006 17:44:22; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]@="C:\WINDOWS\system32\browsela.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}\InprocServer32]@="C:\WINDOWS\system32\browsela.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela]"DLLName"="C:\WINDOWS\system32\browsela.dll"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Beyersdorf\HexDecCharEditor\1.02]"File1"="C:\WINDOWS\system32\browsela.dll"[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll]"d"="C:\WINDOWS\system32\browsela.dll"

Utilisateur anonyme · Answer

et pendant que j y pense, desinstalles ceciHotbar Browser, Weather and Wowpapers Tools Hotbar Outlook Tools Hotbar ShopperReports

Utilisateur anonyme · Answer

desinstalle ce que je t ai dis dans le poste d avant,ensuite fais ceci:Ouvre le bloc note et copie colle ceci entre les étoiles ********** REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}] @=-[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}\InprocServer32] @=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela] "DLLName"=-[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Beyersdorf\HexDecCharEditor\1.02] "File1"=-[HKEY_USERS\S-1-5-21-973886438-65069074-3995-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\dll] "d"=-************ enregistre le sur ton bureau et nomme le www.reg et dans la case en dessous type met sur tous fichiers la vas sur ton bureau et double click sur se fichier que tu vient de faire et accepte la fusion avec le registre.ensuite, remet moi un rapporta+

Dovanz · Answer

rapport hijackthis je suppose ???

Utilisateur anonyme · Answer

Non ce que tu as fais avec browsela.dll

Dovanz · Answer

commandant au rapport !!!voici mon rapport commandant !!!REGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "browsela.dll" 04/01/2006 18:03:02; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}]@="C:\WINDOWS\system32\browsela.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}\InprocServer32]@="C:\WINDOWS\system32\browsela.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela]"DLLName"="C:\WINDOWS\system32\browsela.dll"

Utilisateur anonyme · Answer

salut,,fais une recherche avec ca31EE3286-D785-4E3F-95FC-51D00FDABC01je fais que passer, a demain

Dovanz · Answer

Voici le rapport Regis 59REGEDIT4; RegSrch.vbs © Bill James; Registry search results for string "31EE3286-D785-4E3F-95FC-51D00FDABC01" 05/01/2006 19:18:12; NOTE: This file will be deleted when you close WordPad.; You must manually save this file to a new location if you want to refer to it again later.; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{31EE3286-D785-4E3F-95FC-51D00FDABC01}"="Master Browseui"

Utilisateur anonyme · Answer

Ouvre le bloc note et copie colle ceci entre les étoiles ********** REGEDIT4 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela] "DLLName"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31EE3286-D785-4E3F-95FC-51D00FDABC01}\InprocServer32] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{31EE3286-D785-4E3F-95FC-51D00FDABC01}"=-************ enregistre le sur ton bureau et nomme le www.reg et dans la case en dessous type met sur tous fichiers la vas sur ton bureau et double click sur se fichier que tu vient de faire et accepte la fusion avec le registre.Puis remet un hijack this

^^Marie^^ · Answer

chui là

Dovanz · Answer

voici le log hijack thisLogfile of HijackThis v1.99.1Scan saved at 19:46:30, on 05/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exec:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exec:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exec:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEc:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\hphmon06.exeC:\WINDOWS\system32undll32.exeC:\HP\KBD\KBD.EXEC:\Program Files\Fichiers communs\Symantec Shared\ccApp.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\RFAfagent.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\ultrameter\ultrameter.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Documents and Settings\HP_Propriétaire\Mes documents\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensR3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: (no name) - {ABA2AE83-989B-843D-787E-183B98227AC0} - C:\DOCUME~1\HP_PRO~1\APPLIC~1\DUMBMA~1\ModeBook.exe (file missing)O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dllO3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLLO3 - Toolbar: SearchBar.us ToolBand - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - C:\PROGRA~1\IETOOL~1\SEARCH~1.DLLO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exeO4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorunO4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFAfagent.exe"O4 - HKLM\..\Run: [c:\hp\drivers\keyboard\PS2.EXE] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: UltraMètre.lnk = C:\ultrameter\ultrameter.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.htmlO8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://webcam.varldskulturmuseet.se/activex/AMC.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: IS Service (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus
avapsvc.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Dovanz · Answer

a g oublié le rapport HiJackThisLogfile of HijackThis v1.99.1Scan saved at 17:16:15, on 06/01/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Eset
od32krn.exeC:\WINDOWS\system32
vsvc32.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\windows\system\hpsysdrv.exeC:\WINDOWS\AGRSMMSG.exeC:\WINDOWS\system32\hphmon06.exeC:\HP\KBD\KBD.EXEC:\WINDOWS\system32undll32.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\ALCWZRD.EXEC:\Program Files\MessengerPlus! 3\MsgPlus.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\Fichiers communs\ACD Systems\FR\DevDetect.exeC:\Program Files\RFAfagent.exeC:\Program Files\Eset
od32kui.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\PROGRA~1\INCRED~1\bin\IMApp.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeC:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exeC:\ultrameter\ultrameter.exeC:\WINDOWS\system32\wuauclt.exeC:\Documents and Settings\HP_Propriétaire\Mes documents\hijackthis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q105&bd=pavilion&pf=desktopR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ogame.fr/R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8088R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dllO3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLLO3 - Toolbar: SearchBar.us ToolBand - {7CBBB3F1-0E68-43FA-B034-4D3EC394D085} - C:\PROGRA~1\IETOOL~1\SEARCH~1.DLL (file missing)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exeO4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetectO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exeO4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exeO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXEO4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXEO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXEO4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXEO4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exeO4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorunO4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFAfagent.exe"O4 - HKLM\..\Run: [c:\hp\drivers\keyboard\PS2.EXE] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exeO4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset
od32kui.exe" /WAITSERVICEO4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /cO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Gadwin PrintScreen 3.1] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - Startup: UltraMètre.lnk = C:\ultrameter\ultrameter.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: myPrintMileage.lnk = C:\Program Files\Hewlett-Packard\hp deskjet 450 printer\ToolBox\mpm.exeO4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\binesources\WebMenuImg.htmO8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htmO8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.htmlO8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htmO8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.htmlO8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXEO9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\system32\shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset
od32krn.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Utilisateur anonyme · Answer

retelecharge ceci-SpySweeper (de Webroot) (c'est une version d'essai de 14 jours) http://www.download.com/Webroot-Spy-Sweepe...4-10405877.html ou http://www.webroot.com/consumer/products/spysweeper?acode=af1&rc=3597 • clique sur le lien Free Trial sous la rubrique "SpySweeper" • installe le programme. Une fois installé, il va se lancer. • L'option de le mettre à jour va s'afficher, clique sur Yes • Une fois les mises à jour faites, clique Options sur la gauche • Clique sur l'onglet Sweep Options• Sous What to Sweep tu coches les options suivantes : Sweep Memory Sweep Registry Sweep Cookies Sweep All User Accounts Enable Direct Disk Sweeping Sweep Contents of Compressed Files Sweep for Rootkits Décoche Do not Sweep System Restore Folder • clique sur Sweep Now sur la gauche • clique sur Start • quand le scan est terminé, clique sur Next• assure toi que tous les items sont cochés, puis clique sur Next • Tous les items cochés seront éliminés • Si SpySweeper veut redémarrer pour terminer le nettoyage : ACCEPTE • Clique Session Log en haut à droite, et copie tout ce qu'il y a dans la fenêtre • Clique sur l'onglet Summary, puis clique sur Finish • Colle enfin a+

Utilisateur anonyme · Answer

bsrlecture en coup de vent1 - vire de ton pc : msn+  , source de tes ennuis2 - fixeO3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dllO8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm +  pour aérerO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab -----ce n est pas fini

Utilisateur anonyme · Answer

salut solveig1;O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm C'est le robot d'analyse en ligne qui te donne cela?

Dovanz · Answer

le log spysweeper mon commandant17:58: |       Start of Session, vendredi 6 janvier 2006       |17:58: Spy Sweeper started17:58: Sweep initiated using definitions version 59717:58: Found Trojan Horse: trojan-downloader-2pursuit17:58: HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\inprocserver32\  (2 subtraces) (ID = 1098696)17:58: browsela.dll (ID = 1098696)17:58: HKLM\software\microsoft\windows nt\currentversion\winlogon
otify\browsela\ || dllname (ID = 1098846)17:58: browsela.dll (ID = 1098846)17:58: Starting Memory Sweep18:01: Memory Sweep Complete, Elapsed Time: 00:02:2018:01: Starting Registry Sweep18:01:   Found Adware: hotbar18:01:   HKCR\appid\weatherontray.exe\  (1 subtraces) (ID = 127217)18:01:   HKCR\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\  (1 subtraces) (ID = 127218)18:01:   HKCR\hbcoresrv.dynamicprop.1\  (3 subtraces) (ID = 127276)18:01:   HKCR\hbcoresrv.dynamicprop\  (5 subtraces) (ID = 127277)18:01:   HKCR\hbtcoresrv.hbtcoreservices.1\  (3 subtraces) (ID = 127291)18:01:   HKCR\hbtcoresrv.hbtcoreservices\  (5 subtraces) (ID = 127292)18:01:   HKCR\hbtcoresrv.lfgax.1\  (3 subtraces) (ID = 127293)18:01:   HKCR\hbtcoresrv.lfgax\  (5 subtraces) (ID = 127294)18:01:   HKCR\hbthostie.bho.1\  (3 subtraces) (ID = 127295)18:01:   HKCR\hbthostie.bho\  (5 subtraces) (ID = 127296)18:01:   HKCR\hbthostol.hbtmailanim.1\  (3 subtraces) (ID = 127297)18:01:   HKCR\hbthostol.hbtmailanim\  (5 subtraces) (ID = 127298)18:01:   HKCR\hbthostol.hbtwebmailsend.1\  (3 subtraces) (ID = 127299)18:01:   HKCR\hbthostol.hbtwebmailsend\  (5 subtraces) (ID = 127300)18:01:   HKCR\hbtinstie.hbinstobj.1\  (3 subtraces) (ID = 127301)18:01:   HKCR\hbtinstie.hbinstobj\  (5 subtraces) (ID = 127302)18:01:   HKCR\hbtools.hbtcommband.1\  (3 subtraces) (ID = 127306)18:01:   HKCR\hbtools.hbtcommband\  (5 subtraces) (ID = 127307)18:01:   HKCR\hbtools.hbttravelcomparebar.1\  (3 subtraces) (ID = 127308)18:01:   HKCR\hbtools.hbttravelcomparebar\  (5 subtraces) (ID = 127309)18:01:   HKCR\hbtsrv.hbtcoreservices.1\  (3 subtraces) (ID = 127310)18:01:   HKCR\hbtsrv.hbtcoreservices\  (5 subtraces) (ID = 127311)18:01:   HKCR\hbttoolbar.hbthtmlmenuui.1\  (3 subtraces) (ID = 127312)18:01:   HKCR\hbttoolbar.hbthtmlmenuui\  (5 subtraces) (ID = 127313)18:01:   HKCR\hbttoolbar.hbttoolbarctl.1\  (3 subtraces) (ID = 127314)18:01:   HKCR\hbttoolbar.hbttoolbarctl\  (5 subtraces) (ID = 127315)18:01:   HKCR\hbttools.hbmain.1\  (3 subtraces) (ID = 127316)18:01:   HKCR\hbttools.hbmain\  (5 subtraces) (ID = 127317)18:01:   HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\  (8 subtraces) (ID = 127325)18:01:   HKCR\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\  (8 subtraces) (ID = 127334)18:01:   HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\  (8 subtraces) (ID = 127339)18:01:   HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\  (8 subtraces) (ID = 127353)18:01:   HKCRprtspsclient.psexecuter.1\  (3 subtraces) (ID = 127362)18:01:   HKCRprtspsclient.psexecuter\  (5 subtraces) (ID = 127363)18:01:   HKCR\shprrprts.hbax.1\  (3 subtraces) (ID = 127365)18:01:   HKCR\shprrprts.hbax\  (5 subtraces) (ID = 127366)18:01:   HKCR\shprrprts.hbinfoband.1\  (3 subtraces) (ID = 127369)18:01:   HKCR\shprrprts.hbinfoband\  (5 subtraces) (ID = 127370)18:01:   HKCR\shprrprts.iebutton.1\  (3 subtraces) (ID = 127371)18:01:   HKCR\shprrprts.iebutton\  (5 subtraces) (ID = 127372)18:01:   HKCR\shprrprts.iebuttona.1\  (3 subtraces) (ID = 127373)18:01:   HKCR\shprrprts.iebuttona\  (5 subtraces) (ID = 127374)18:01:   HKCR\shprrprts.smrtshprctl.1\  (3 subtraces) (ID = 127375)18:01:   HKCR\shprrprts.smrtshprctl\  (5 subtraces) (ID = 127376)18:01:   HKLM\software\classes\appid\weatherontray.exe\  (1 subtraces) (ID = 127380)18:01:   HKLM\software\classes\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\  (1 subtraces) (ID = 127381)18:01:   HKLM\software\classes\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\  (2 subtraces) (ID = 127416)18:01:   HKLM\software\classes\hbcoresrv.dynamicprop\  (5 subtraces) (ID = 127441)18:01:   HKLM\software\classes\hbtcoresrv.hbtcoreservices.1\  (3 subtraces) (ID = 127457)18:01:   HKLM\software\classes\hbtcoresrv.hbtcoreservices\  (5 subtraces) (ID = 127458)18:01:   HKLM\software\classes\hbtcoresrv.lfgax.1\  (3 subtraces) (ID = 127459)18:01:   HKLM\software\classes\hbtcoresrv.lfgax\  (5 subtraces) (ID = 127460)18:01:   HKLM\software\classes\hbthostie.bho.1\  (3 subtraces) (ID = 127461)18:01:   HKLM\software\classes\hbthostie.bho\  (5 subtraces) (ID = 127462)18:01:   HKLM\software\classes\hbthostol.hbtmailanim.1\  (3 subtraces) (ID = 127463)18:01:   HKLM\software\classes\hbthostol.hbtmailanim\  (5 subtraces) (ID = 127464)18:01:   HKLM\software\classes\hbthostol.hbtwebmailsend.1\  (3 subtraces) (ID = 127465)18:01:   HKLM\software\classes\hbthostol.hbtwebmailsend\  (5 subtraces) (ID = 127466)18:01:   HKLM\software\classes\hbtinstie.hbinstobj.1\  (3 subtraces) (ID = 127467)18:01:   HKLM\software\classes\hbtinstie.hbinstobj\  (5 subtraces) (ID = 127468)18:01:   HKLM\software\classes\hbtools.hbtcommband.1\  (3 subtraces) (ID = 127472)18:01:   HKLM\software\classes\hbtools.hbtcommband\  (5 subtraces) (ID = 127473)18:01:   HKLM\software\classes\hbtools.hbttravelcomparebar.1\  (3 subtraces) (ID = 127474)18:01:   HKLM\software\classes\hbtools.hbttravelcomparebar\  (5 subtraces) (ID = 127475)18:01:   HKLM\software\classes\hbtsrv.hbtcoreservices.1\  (3 subtraces) (ID = 127476)18:01:   HKLM\software\classes\hbtsrv.hbtcoreservices\  (5 subtraces) (ID = 127477)18:01:   HKLM\software\classes\hbttoolbar.hbthtmlmenuui.1\  (3 subtraces) (ID = 127478)18:01:   HKLM\software\classes\hbttoolbar.hbthtmlmenuui\  (5 subtraces) (ID = 127479)18:01:   HKLM\software\classes\hbttoolbar.hbttoolbarctl.1\  (3 subtraces) (ID = 127480)18:01:   HKLM\software\classes\hbttoolbar.hbttoolbarctl\  (5 subtraces) (ID = 127481)18:01:   HKLM\software\classes\hbttools.hbmain.1\  (3 subtraces) (ID = 127482)18:01:   HKLM\software\classes\hbttools.hbmain\  (5 subtraces) (ID = 127483)18:01:   HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\  (8 subtraces) (ID = 127490)18:01:   HKLM\software\classes\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\  (8 subtraces) (ID = 127499)18:01:   HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\  (8 subtraces) (ID = 127503)18:01:   HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\  (8 subtraces) (ID = 127514)18:01:   HKLM\software\classesprtspsclient.psexecuter.1\  (3 subtraces) (ID = 127521)18:01:   HKLM\software\classesprtspsclient.psexecuter\  (5 subtraces) (ID = 127522)18:01:   HKLM\software\classes\shprrprts.hbax.1\  (3 subtraces) (ID = 127524)18:01:   HKLM\software\classes\shprrprts.hbax\  (5 subtraces) (ID = 127525)18:01:   HKLM\software\classes\shprrprts.hbinfoband.1\  (3 subtraces) (ID = 127528)18:01:   HKLM\software\classes\shprrprts.hbinfoband\  (5 subtraces) (ID = 127529)18:01:   HKLM\software\classes\shprrprts.iebutton.1\  (3 subtraces) (ID = 127530)18:01:   HKLM\software\classes\shprrprts.iebutton\  (5 subtraces) (ID = 127531)18:01:   HKLM\software\classes\shprrprts.iebuttona.1\  (3 subtraces) (ID = 127532)18:01:   HKLM\software\classes\shprrprts.iebuttona\  (5 subtraces) (ID = 127533)18:01:   HKLM\software\classes\shprrprts.smrtshprctl.1\  (3 subtraces) (ID = 127534)18:01:   HKLM\software\classes\shprrprts.smrtshprctl\  (5 subtraces) (ID = 127535)18:01:   HKLM\software\classes	ypelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\  (9 subtraces) (ID = 127537)18:01:   HKLM\software\classes	ypelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\  (9 subtraces) (ID = 127542)18:01:   HKLM\software\classes	ypelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\  (9 subtraces) (ID = 127543)18:01:   HKLM\software\classes	ypelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\  (9 subtraces) (ID = 127545)18:01:   HKLM\software\classes	ypelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\  (9 subtraces) (ID = 127546)18:01:   HKLM\software\classes	ypelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\  (9 subtraces) (ID = 127547)18:01:   HKLM\software\classes	ypelib\{45397063-d7d0-47c2-9508-26487608a298}\  (9 subtraces) (ID = 127549)18:01:   HKLM\software\classes	ypelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\  (9 subtraces) (ID = 127552)18:01:   HKLM\software\classes	ypelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\  (9 subtraces) (ID = 127555)18:01:   HKLM\software\classes	ypelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\  (9 subtraces) (ID = 127557)18:01:   HKLM\software\classes	ypelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\  (9 subtraces) (ID = 127558)18:01:   HKLM\software\classes\wallpaper.wallpapermanager\  (5 subtraces) (ID = 127559)18:01:   HKLM\software\hbtools\  (60 subtraces) (ID = 127564)18:01:   HKLM\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\  (1 subtraces) (ID = 127569)18:01:   HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\  (6 subtraces) (ID = 127577)18:01:   HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || buttontext (ID = 127578)18:01:   HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || default visible (ID = 127579)18:01:   HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || hoticon (ID = 127580)18:01:   HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || icon (ID = 127581)18:01:   HKLM\software\microsoft\internet explorer\extensions\{e77eda01-3c56-4a96-8d08-02b42891c169}\  (6 subtraces) (ID = 127582)18:01:   HKLM\software\microsoft\office\outlook\addins\hbthostol.hbtmailanim\  (4 subtraces) (ID = 127590)18:01:   HKLM\software\shopperreports\  (12 subtraces) (ID = 127632)18:01:   HKCR	ypelib\{4cf5a3c1-07a2-4336-9b54-6870452ebde1}\  (9 subtraces) (ID = 127635)18:01:   HKCR	ypelib\{71e9cf40-af72-4b55-bd3f-1fea2a0eaea6}\  (9 subtraces) (ID = 127640)18:01:   HKCR	ypelib\{71efe583-62fe-4419-9918-ca3b683f7b36}\  (9 subtraces) (ID = 127641)18:01:   HKCR	ypelib\{793af621-5cd0-4b92-b765-6712f6aaf48e}\  (9 subtraces) (ID = 127643)18:01:   HKCR	ypelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\  (9 subtraces) (ID = 127644)18:01:   HKCR	ypelib\{9967a873-40f3-4c7e-9239-6c8760f19f61}\  (9 subtraces) (ID = 127645)18:01:   HKCR	ypelib\{45397063-d7d0-47c2-9508-26487608a298}\  (9 subtraces) (ID = 127647)18:01:   HKCR	ypelib\{b9f51d42-cca0-4408-bb02-d433d1865a3a}\  (9 subtraces) (ID = 127651)18:01:   HKCR	ypelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\  (9 subtraces) (ID = 127654)18:01:   HKCR	ypelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\  (9 subtraces) (ID = 127656)18:01:   HKCR	ypelib\{f8ee014f-b34c-4544-8e45-95a7971d323b}\  (9 subtraces) (ID = 127657)18:01:   HKCR\wallpaper.wallpapermanager.1\  (3 subtraces) (ID = 127658)18:01:   HKCR\wallpaper.wallpapermanager\  (5 subtraces) (ID = 127659)18:01:   Found Adware: 180search assistant/zango18:01:   HKLM\software\180solutions\ (ID = 135618)18:01:   HKCR\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\  (8 subtraces) (ID = 774214)18:01:   HKCR\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\  (8 subtraces) (ID = 774223)18:01:   HKCR\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\  (8 subtraces) (ID = 774232)18:01:   HKCR\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\  (8 subtraces) (ID = 774241)18:01:   HKCR\interface\{1e07646f-07c4-4847-a250-0ec8114f2963}\  (8 subtraces) (ID = 774250)18:01:   HKCR\interface\{27c4569f-8728-4958-a920-a607cae8153c}\  (8 subtraces) (ID = 774259)18:01:   HKCR\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\  (8 subtraces) (ID = 774268)18:01:   HKCR\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\  (8 subtraces) (ID = 774277)18:01:   HKCR\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\  (8 subtraces) (ID = 774286)18:01:   HKCR\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\  (8 subtraces) (ID = 774295)18:01:   HKCR\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\  (8 subtraces) (ID = 774304)18:01:   HKCR\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\  (8 subtraces) (ID = 774322)18:01:   HKCR\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\  (8 subtraces) (ID = 774331)18:01:   HKCR\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\  (8 subtraces) (ID = 774349)18:01:   HKCR\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\  (8 subtraces) (ID = 774358)18:01:   HKCR\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\  (8 subtraces) (ID = 774367)18:01:   HKCR\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\  (8 subtraces) (ID = 774376)18:01:   HKCR\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\  (8 subtraces) (ID = 774385)18:01:   HKCR\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\  (8 subtraces) (ID = 774394)18:01:   HKCR\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\  (8 subtraces) (ID = 774403)18:01:   HKCR\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\  (8 subtraces) (ID = 774412)18:01:   HKCR\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\  (8 subtraces) (ID = 774421)18:01:   HKCR\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\  (8 subtraces) (ID = 774430)18:01:   HKCR\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\  (8 subtraces) (ID = 774439)18:01:   HKCR\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\  (8 subtraces) (ID = 774448)18:01:   HKCR\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\  (8 subtraces) (ID = 774457)18:01:   HKCR\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\  (8 subtraces) (ID = 774466)18:01:   HKLM\software\classes\interface\{023a4648-601a-4c30-8a2e-c72ebfa99af6}\  (8 subtraces) (ID = 774490)18:01:   HKLM\software\classes\interface\{175816a5-219e-4079-b2f9-53c501c409ba}\  (8 subtraces) (ID = 774499)18:01:   HKLM\software\classes\interface\{19ebcbe0-9245-4397-bc5d-883d34782043}\  (8 subtraces) (ID = 774508)18:01:   HKLM\software\classes\interface\{1c1793e0-1034-4cac-837d-aa545f6961bf}\  (8 subtraces) (ID = 774517)18:01:   HKLM\software\classes\interface\{1e07646f-07c4-4847-a250-0ec8114f2963}\  (8 subtraces) (ID = 774526)18:01:   HKLM\software\classes\interface\{27c4569f-8728-4958-a920-a607cae8153c}\  (8 subtraces) (ID = 774535)18:01:   HKLM\software\classes\interface\{38370864-346f-4afa-8c4b-4fbff518c0bb}\  (8 subtraces) (ID = 774544)18:01:   HKLM\software\classes\interface\{397a208b-3d09-4b3e-93e8-ca171886612e}\  (8 subtraces) (ID = 774553)18:01:   HKLM\software\classes\interface\{421745e9-16df-4ee4-a758-d51f939c49cb}\  (8 subtraces) (ID = 774562)18:01:   HKLM\software\classes\interface\{4331ec56-0aab-499e-8757-dd2ee44ad671}\  (8 subtraces) (ID = 774571)18:01:   HKLM\software\classes\interface\{54286c3a-e044-4e65-bd44-528d6ae28a18}\  (8 subtraces) (ID = 774580)18:01:   HKLM\software\classes\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\  (8 subtraces) (ID = 774598)18:01:   HKLM\software\classes\interface\{5f2b9de7-f878-4762-8cfe-e9c58f082f0e}\  (8 subtraces) (ID = 774607)18:01:   HKLM\software\classes\interface\{601a9784-1114-4089-9b3e-cbd70dafc6ad}\  (8 subtraces) (ID = 774616)18:01:   HKLM\software\classes\interface\{8654592e-952a-4e7c-a960-304763b35fa6}\  (8 subtraces) (ID = 774625)18:01:   HKLM\software\classes\interface\{8a61a950-c325-4f44-ba64-273180ff3464}\  (8 subtraces) (ID = 774634)18:01:   HKLM\software\classes\interface\{8d5c4ec6-af8e-4b85-ba27-64babe410510}\  (8 subtraces) (ID = 774643)18:01:   HKLM\software\classes\interface\{8e98faf8-794f-47f9-af90-15305564ed81}\  (8 subtraces) (ID = 774652)18:01:   HKLM\software\classes\interface\{af15975b-1498-4740-8e6c-90af78e4198c}\  (8 subtraces) (ID = 774661)18:01:   HKLM\software\classes\interface\{b53d4cd4-406d-43cc-8244-7893d72236dd}\  (8 subtraces) (ID = 774670)18:01:   HKLM\software\classes\interface\{b671426c-5c1a-48ac-9652-bc9402b1c404}\  (8 subtraces) (ID = 774679)18:01:   HKLM\software\classes\interface\{b9bb3219-f84c-4060-966b-4a1e73e24226}\  (8 subtraces) (ID = 774688)18:01:   HKLM\software\classes\interface\{bc8c2e5f-d8b4-4997-bce3-8775c3707956}\  (8 subtraces) (ID = 774697)18:01:   HKLM\software\classes\interface\{d082721f-4bd4-4b8b-bb82-06753ee6174f}\  (8 subtraces) (ID = 774706)18:01:   HKLM\software\classes\interface\{d24f9d3c-5d4c-47f8-9ab7-632b44ad6a0d}\  (8 subtraces) (ID = 774715)18:01:   HKLM\software\classes\interface\{f43ec88b-b6c8-4969-a763-e2bf55602cce}\  (8 subtraces) (ID = 774724)18:01:   HKLM\software\classes\interface\{f786cb18-3809-4e49-bc99-9a66da47db8b}\  (8 subtraces) (ID = 774733)18:01:   HKLM\software\classes\interface\{f814be58-1bf9-4b50-829a-e889f86127ad}\  (8 subtraces) (ID = 774742)18:01:   Found Adware: dollarrevenue18:01:   HKLM\software\microsoft\drsmartload\  (1 subtraces) (ID = 916795)18:01:   Found Adware: ietoolbar - searchbar.us18:01:   HKCR\clsid\{7cbbb3f1-0e68-43fa-b034-4d3ec394d085}\  (8 subtraces) (ID = 971929)18:01:   HKLM\software\classes\clsid\{7cbbb3f1-0e68-43fa-b034-4d3ec394d085}\  (8 subtraces) (ID = 971950)18:01:   HKCR\clsid\{460ac4db-b0de-4626-a0f0-175dd84dcb9b}\  (2 subtraces) (ID = 1084062)18:01:   HKCR\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\  (5 subtraces) (ID = 1094393)18:01:   HKLM\software\classes\clsid\{31ee3286-d785-4e3f-95fc-51d00fdabc01}\  (5 subtraces) (ID = 1094538)18:01:   HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {31ee3286-d785-4e3f-95fc-51d00fdabc01} (ID = 1094560)18:01:   HKLM\software\microsoft\windows nt\currentversion\winlogon
otify\browsela\  (10 subtraces) (ID = 1094567)18:01:   HKCR\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\  (5 subtraces) (ID = 1098652)18:01:   HKLM\software\classes\clsid\{eee7178c-bbc3-4153-9dde-cd0e9ab1b5b6}\  (5 subtraces) (ID = 1098686)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\hbtools\  (206 subtraces) (ID = 127563)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\microsoft\internet explorer	oolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\shopperreports\  (4 subtraces) (ID = 127631)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\180solutions\  (5 subtraces) (ID = 135617)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\microsoft\installer\features\10b0642b36134f8f914ea8e11ee5b503\  (1 subtraces) (ID = 788006)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1013\software\microsoft\installer\products\d493500bd4a54ea6bc805fc9cda952c5\  (2 subtraces) (ID = 788008)18:01:   Found Adware: apropos18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\aprps\  (7 subtraces) (ID = 103740)18:01:   Found Adware: dapsol dialer18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\internet explorer\main\ || conc (ID = 124673)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\hbtools\  (212 subtraces) (ID = 127563)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\internet explorer	oolbar\webbrowser\ || {74cc49f7-eb32-4a08-b204-948962a6e3db} (ID = 127586)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\shopperreports\  (4 subtraces) (ID = 127631)18:01:   Found Adware: internetoptimizer18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\avenue media\ (ID = 128887)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\180solutions\  (5 subtraces) (ID = 135617)18:01:   Found Adware: ist sidefind18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\installer\features\10b0642b36134f8f914ea8e11ee5b503\  (1 subtraces) (ID = 788006)18:01:   HKU\WRSS_Profile_S-1-5-21-973886438-65069074-3995-1012\software\microsoft\installer\products\d493500bd4a54ea6bc805fc9cda952c5\  (2 subtraces) (ID = 788008)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\hbtools\  (315 subtraces) (ID = 127563)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\internet explorer\explorer bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e}\  (1 subtraces) (ID = 127568)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\internet explorer\explorer bars\{66b90adb-0be3-40ae-8680-84a6f0577ca0}\  (2 subtraces) (ID = 127570)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\internet explorer\explorer bars\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\  (1 subtraces) (ID = 127571)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\shopperreports\  (5 subtraces) (ID = 127631)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\installer\features\10b0642b36134f8f914ea8e11ee5b503\  (1 subtraces) (ID = 788006)18:01:   HKU\S-1-5-21-973886438-65069074-3995-1007\software\microsoft\installer\products\d493500bd4a54ea6bc805fc9cda952c5\  (2 subtraces) (ID = 788008)18:01:   HKU\S-1-5-18\software\hbtools\  (191 subtraces) (ID = 127563)18:01:   HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)18:01:   HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)18:01:   HKU\S-1-5-18\software\shopperreports\  (4 subtraces) (ID = 127631)18:01:   HKU\S-1-5-18\software\microsoft\installer\features\10b0642b36134f8f914ea8e11ee5b503\  (1 subtraces) (ID = 788006)18:01:   HKU\S-1-5-18\software\microsoft\installer\products\d493500bd4a54ea6bc805fc9cda952c5\  (2 subtraces) (ID = 788008)18:01: Registry Sweep Complete, Elapsed Time:00:00:2018:01: Starting Cookie Sweep18:01:   Found Spy Cookie: hotbar cookie18:01:   joëlle levy@adopt.hotbar[2].txt (ID = 4207)18:01:   Found Spy Cookie: mywebsearch cookie18:01:   joëlle levy@mywebsearch[1].txt (ID = 3051)18:01:   alex-levy@adopt.hotbar[1].txt (ID = 4207)18:01:   alex-levy@mywebsearch[1].txt (ID = 3051)18:01:   Found Spy Cookie: 247realmedia cookie18:01:   hp_propriétaire@247realmedia[1].txt (ID = 1953)18:01:   Found Spy Cookie: yieldmanager cookie18:01:   hp_propriétaire@ad.yieldmanager[2].txt (ID = 3751)18:01:   Found Spy Cookie: advertising cookie18:01:   hp_propriétaire@advertising[1].txt (ID = 2175)18:01:   Found Spy Cookie: falkag cookie18:01:   hp_propriétaire@as1.falkag[2].txt (ID = 2650)18:01:   Found Spy Cookie: atlas dmt cookie18:01:   hp_propriétaire@atdmt[2].txt (ID = 2253)18:01:   Found Spy Cookie: bluestreak cookie18:01:   hp_propriétaire@bluestreak[1].txt (ID = 2314)18:01:   Found Spy Cookie: toplist cookie18:01:   hp_propriétaire@toplist[1].txt (ID = 3557)18:01:   Found Spy Cookie: weborama cookie18:01:   hp_propriétaire@weborama[1].txt (ID = 3658)18:01:   hp_propriétaire@wreport.weborama[1].txt (ID = 3659)18:01:   Found Spy Cookie: xiti cookie18:01:   hp_propriétaire@xiti[1].txt (ID = 3717)18:01:   system@adopt.hotbar[2].txt (ID = 4207)18:01:   system@hotbar[1].txt (ID = 2797)18:01: Cookie Sweep Complete, Elapsed Time: 00:00:0018:01: Starting File Sweep18:01:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:01:   Found Adware: searchit toolbar18:01:   c:\program files\ietoolbar (2 subtraces) (ID = -2147480355)18:01:   c:\documents and settings\joëlle levy\application data\hbtools (204 subtraces) (ID = -2147480879)18:01:   c:\documents and settings\joëlle levy\application data\shopperreports (16 subtraces) (ID = -2147480876)18:01:   c:\documents and settings\hp_propriétaire\application data\hbtools (3172 subtraces) (ID = -2147480879)18:01:   c:\documents and settings
etworkservice\application data\hbtools (112 subtraces) (ID = -2147480879)18:01:   Warning: Failed to open file "c:\$boot". Accès refusé18:01:   Warning: Failed to open file "c:\$boot". Accès refusé18:01:   c:\documents and settings\alex-levy.dovan\application data\hbtools (308 subtraces) (ID = -2147480879)18:01:   c:\documents and settings\alex-levy.dovan\application data\shopperreports (16 subtraces) (ID = -2147480876)18:01:   d_icons_buttons_bbar8.res (ID = 121837)18:02:   d_icons_buttons_bbar1.res (ID = 121825)18:02:   d_icons_buttons_bbar4.res (ID = 121833)18:02:   d_icons_buttons_bbar11.res (ID = 121827)18:02:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0004246.dll". Accès refusé18:02:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:03:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:03:   d_icons_buttons_3000.xip (ID = 114353)18:03:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:03:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:03:   a0008890.exe (ID = 121818)18:03:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:03:   d_icons_buttons_bbar11.res (ID = 121827)18:03:   d_icons_buttons_bbar1.res (ID = 121825)18:03:   top7[1].xip (ID = 162956)18:04:   d_icons_buttons_bbar11.res (ID = 121827)18:04:   icons2.res (ID = 121846)18:04:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000120.exe". Accès refusé18:04:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000179.dll". Accès refusé18:04:   a0006706.exe (ID = 121818)18:04:   a0013835.exe (ID = 121818)18:04:   d_icons_weather.res (ID = 121840)18:04:   d_icons_buttons_bbar4.res (ID = 121833)18:04:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0004586.exe". Accès refusé18:04:   d_icons_buttons_bbar8.res (ID = 121837)18:04:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:04:   Found Adware: azsearch toolbar18:04:   azesearch.bmp (ID = 50322)18:04:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:04:   a0008621.exe (ID = 121818)18:04:   s_icons_buttons[1].xip (ID = 130929)18:04:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:04:   a0008574.exe (ID = 121818)18:05:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001323.dll". Accès refusé18:05:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001336.exe". Accès refusé18:05:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:05:   d_icons_buttons_bbar1[1].xip (ID = 114354)18:05:   t2_bg[1].xip (ID = 121869)18:05:   tsd_bg[1].xip (ID = 62383)18:05:   d_icons_buttons_bbar12[1].xip (ID = 114375)18:05:   d_icons_buttons_bbar11[1].xip (ID = 114340)18:05:   d_icons_weather[1].xip (ID = 121860)18:05:   d_icons_buttons_bbar10[1].xip (ID = 114391)18:05:   d_icons_buttons_bbar9[1].xip (ID = 114377)18:05:   d_icons_buttons_bbar8[1].xip (ID = 114356)18:05:   d_icons_buttons_bbar7[1].xip (ID = 114343)18:05:   d_icons_buttons_bbar6[1].xip (ID = 114394)18:05:   d_icons_buttons_bbar5[1].xip (ID = 114376)18:05:   d_icons_buttons_bbar4[1].xip (ID = 114355)18:05:   d_icons_buttons_bbar3[1].xip (ID = 114342)18:05:   d_icons_buttons_x[1].xip (ID = 121859)18:05:   d_icons_buttons_bbar2[1].xip (ID = 114393)18:05:   tsd_bg.xip (ID = 62383)18:05:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:05:   d_icons_buttons_bbar1[1].xip (ID = 114354)18:05:   t2_bg[1].xip (ID = 121869)18:05:   tsd_bg[1].xip (ID = 62383)18:05:   d_icons_weather[1].xip (ID = 121860)18:05:   Found Adware: isearch desktop search18:05:   a0008884.exe (ID = 178687)18:05:   top7[1].xip (ID = 162956)18:05:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:05:   s_icons_buttons[1].xip (ID = 130929)18:05:   icons2[1].xip (ID = 121862)18:05:   Found Adware: hotconnect dialer18:05:   a0010501.ico (ID = 71873)18:05:   a0010502.ico (ID = 71873)18:05:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:06:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:06:   country[1].xip (ID = 121857)18:06:   d_icons_buttons_3000[1].xip (ID = 114353)18:06:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:06:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:07:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:07:   country.exe (ID = 121818)18:07:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 2979318:07:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:07:   a0005305.exe (ID = 121818)18:07:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:07:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:07:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:08:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:08:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001356.exe". Accès refusé18:08:   a0008817.exe (ID = 121818)18:08:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p33\a0010792.exe". Le fichier spécifié est introuvable18:08:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:08:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000127.exe". Accès refusé18:08:   a0009520.exe (ID = 121818)18:08:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:09:   a0012505.exe (ID = 121818)18:09:   d_icons_buttons_x.res (ID = 121839)18:09:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0004240.dll". Accès refusé18:09:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:09:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 5525518:09:   d_icons_buttons_1000[1].xip (ID = 114339)18:09:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p3\a0005443.exe". Accès refusé18:09:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:09:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 018:10:   components.cdf (ID = 121817)18:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p33\a0010796.exe". Le fichier spécifié est introuvable18:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015245.dll". Accès refusé18:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015238.dll". Accès refusé18:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015235.dll". Accès refusé18:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015242.dll". Accès refusé18:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015241.dll". Accès refusé18:10:   d_icons_weather.xip (ID = 121860)18:10:   tsd_bg.xip (ID = 62383)18:10:   tsd_bg.res (ID = 62382)18:10:   t2_bg.xip (ID = 121869)18:10:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:10:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001170.dll". Accès refusé18:11:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 2612218:11:   d_icons_buttons_bbar4.res (ID = 121833)18:11:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:11:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000177.exe". Accès refusé18:11:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0003921.exe". Accès refusé18:11:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0003895.exe". Accès refusé18:12:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:13:   a0010719.ico (ID = 71873)18:13:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:13:   d_icons_buttons_x.res (ID = 121839)18:13:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 1862818:13:   progress.res (ID = 62367)18:13:   d_icons_buttons_bbar1.xip (ID = 114354)18:13:   a0005261.exe (ID = 121818)18:13:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:13:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:14:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:14:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:14:   d_icons_buttons_bbar8.xip (ID = 114356)18:14:   d_icons_buttons_bbar12.res (ID = 121828)18:14:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:14:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 018:14:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 5606418:14:   a0012639.exe (ID = 121818)18:14:   a0005446.exe (ID = 121818)18:14:   top7.xip (ID = 162956)18:14:   layout.cdf (ID = 121848)18:14:   t2_bg.res (ID = 121851)18:14:   d_icons_buttons_bbar11.xip (ID = 114340)18:14:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 6528018:14:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:14:   a0006558.exe (ID = 121818)18:14:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:14:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:14:   a0015062.exe (ID = 121818)18:14:   d_icons_buttons_bbar5.res (ID = 121834)18:14:   s_icons_buttons.xip (ID = 130929)18:14:   d_icons_buttons_bbar8.xip (ID = 114356)18:15:   d_icons_buttons_bbar8.res (ID = 121837)18:15:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 2948918:16:   a0010165.exe (ID = 121818)18:16:   d_icons_buttons_3000.res (ID = 121824)18:16:   d_icons_buttons_bbar10.res (ID = 121826)18:16:   a0009239.exe (ID = 121818)18:17:   default_hotbarcom.mnu (ID = 121820)18:17:   top7.xip (ID = 162956)18:17:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0004001.exe". Accès refusé18:17:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 018:17:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p17\a0008881.exe". Accès refusé18:17:   a0012787.exe (ID = 121818)18:17:   a0009395.exe (ID = 121818)18:17:   progress.res (ID = 62367)18:17:   d_icons_buttons_1000.xip (ID = 114339)18:17:   d_icons_buttons_1000.xip (ID = 114339)18:17:   icons2.res (ID = 121846)18:17:   a0009300.exe (ID = 121818)18:17:   a0008445.exe (ID = 121818)18:17:   a0008962.exe (ID = 121818)18:17:   d_icons_buttons_bbar9.res (ID = 121838)18:17:   d_icons_buttons_bbar6.res (ID = 121835)18:17:   d_icons_buttons_3000.res (ID = 121824)18:17:   d_icons_weather.res (ID = 121840)18:18:   d_icons_weather.xip (ID = 121860)18:18:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p33\a0010793.dll". Le fichier spécifié est introuvable18:18:   tsd_bg.xip (ID = 62383)18:18:   tsd_bg.res (ID = 62382)18:18:   d_icons_buttons_bbar5.res (ID = 121834)18:18:   d_icons_buttons_3000.res (ID = 121824)18:18:   t2_bg.xip (ID = 121869)18:18:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015216.exe". Accès refusé18:18:   d_icons_buttons_2000[1].xip (ID = 114390)18:18:   d_icons_weather.xip (ID = 121860)18:18:   t2_bg.xip (ID = 121869)18:18:   progress.res (ID = 62367)18:18:   d_icons_buttons_bbar1.xip (ID = 114354)18:18:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:18:   a0009216.exe (ID = 121818)18:18:   d_icons_buttons_2000.xip (ID = 114390)18:18:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:18:   d_icons_buttons_bbar1.xip (ID = 114354)18:18:   d_icons_buttons_bbar3.res (ID = 121832)18:18:   icons2.res (ID = 121846)18:19:   d_icons_buttons_bbar1.res (ID = 121825)18:19:   d_icons_buttons_bbar3.xip (ID = 114342)18:19:   d_icons_buttons_bbar4.xip (ID = 114355)18:19:   d_icons_buttons_bbar5.xip (ID = 114376)18:19:   d_icons_buttons_bbar6.xip (ID = 114394)18:19:   d_icons_buttons_bbar7.xip (ID = 114343)18:19:   d_icons_buttons_bbar9.xip (ID = 114377)18:19:   d_icons_buttons_bbar10.xip (ID = 114391)18:19:   icons2.res (ID = 121846)18:19:   d_icons_buttons_bbar12.xip (ID = 114375)18:19:   icons2[1].xip (ID = 121862)18:19:   icons2.xip (ID = 121862)18:19:   a0009521.exe (ID = 121818)18:19:   top7.cdf (ID = 121853)18:19:   theweb.mnu (ID = 121852)18:19:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 018:19:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 819218:19:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:19:   default[1].xip (ID = 208927)18:19:   default.xip (ID = 208927)18:19:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015239.dll". Accès refusé18:19:   d_icons_buttons_bbar4.res (ID = 121833)18:19:   default.cdf (ID = 121819)18:19:   d_icons_buttons_x.xip (ID = 121859)18:19:   default_hotbarcom.mnu (ID = 121820)18:19:   country[1].xip (ID = 121857)18:19:   country.xip (ID = 121857)18:19:   d_icons_buttons_bbar2.xip (ID = 114393)18:19:   Found Adware: ist surf accuracy18:19:   dfc315e4-da75-49b5-9694-0a56b6 (ID = 162775)18:20:   Found Adware: whenu savenow18:20:   9db098ea-65b1-4641-9a11-2e3141 (ID = 127161)18:20:   a0015181.exe (ID = 121818)18:20:   a0009829.exe (ID = 121818)18:20:   a0012730.exe (ID = 121818)18:20:   d_icons_weather.res (ID = 121840)18:20:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:20:   d_icons_buttons_bbar4.xip (ID = 114355)18:20:   d_icons_buttons_bbar8.res (ID = 121837)18:21:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 51318:21:   default_hotbarcom.mnu (ID = 121820)18:21:   top7[1].xip (ID = 162956)18:21:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 018:21:   d_icons_buttons_bbar5.xip (ID = 114376)18:21:   d_icons_weather.res (ID = 121840)18:21:   s_icons_buttons.res (ID = 121850)18:21:   d_icons_buttons_bbar11.res (ID = 121827)18:21:   country.exe (ID = 121818)18:21:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:21:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:21:   d_icons_buttons_bbar3.res (ID = 121832)18:21:   d_icons_buttons_bbar5.res (ID = 121834)18:21:   d_icons_buttons_bbar6.res (ID = 121835)18:21:   d_icons_buttons_bbar6.xip (ID = 114394)18:21:   d_icons_buttons_bbar7.xip (ID = 114343)18:21:   icons2.xip (ID = 121862)18:21:   d_icons_buttons_bbar11.xip (ID = 114340)18:21:   country.xip (ID = 121857)18:21:   d_icons_buttons_bbar10.xip (ID = 114391)18:21:   d_icons_buttons_x.xip (ID = 121859)18:21:   d_icons_buttons_bbar9.res (ID = 121838)18:21:   d_icons_buttons_bbar3.xip (ID = 114342)18:21:   d_icons_buttons_x.res (ID = 121839)18:21:   d_icons_buttons_bbar12.res (ID = 121828)18:21:   top7.xip (ID = 162956)18:22:   d_icons_buttons_bbar9.xip (ID = 114377)18:22:   d_icons_buttons_bbar12.xip (ID = 114375)18:22:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:22:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p17\a0008873.exe". Accès refusé18:23:   a0010247.exe (ID = 121818)18:23:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015212.dll". Accès refusé18:23:   Found Adware: lopdotcom18:23:   a0001662.exe (ID = 91)18:23:   t2_bg.res (ID = 121851)18:23:   s_icons_buttons.xip (ID = 130929)18:23:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 2851918:23:   a0010929.exe (ID = 121818)18:23:   top7_theweb.mnu (ID = 121854)18:24:   d_icons_buttons_bbar1.res (ID = 121825)18:24:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 102418:24:   0e3f2a1b-8d6e-4b87-9658-447187 (ID = 216235)18:24:   a0b4b5e0-0c5e-44f9-9c25-198666 (ID = 216235)18:24:   4d628591-7950-4def-8edb-665099 (ID = 216235)18:24:   whitelist.xip (ID = 208925)18:24:   d_icons_buttons_bbar2.xip (ID = 114393)18:24:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001696.exe". Accès refusé18:24:   d_icons_buttons_3000.xip (ID = 114353)18:24:   country.xip (ID = 121857)18:24:   d_icons_buttons_2000.res (ID = 121823)18:24:   a0012572.exe (ID = 121818)18:24:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001591.exe". Accès refusé18:24:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001773.dll". Accès refusé18:26:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:26:   a0005101.exe (ID = 121818)18:26:   a0005193.exe (ID = 121818)18:26:   country.exe (ID = 121818)18:26:   d_icons_weather.res (ID = 121840)18:26:   country.exe (ID = 121818)18:26:   a0011041.exe (ID = 121818)18:26:   d_icons_buttons_1000.res (ID = 121822)18:26:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015234.dll". Accès refusé18:26:   d_icons_buttons_bbar10.res (ID = 121826)18:26:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:26:   a0012697.exe (ID = 121818)18:26:   d_icons_buttons_1000.xip (ID = 114339)18:26:   d_icons_buttons_bbar7.res (ID = 121836)18:26:   icons2.res (ID = 121846)18:26:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015230.dll". Accès refusé18:27:   d_icons_buttons_bbar10.res (ID = 121826)18:27:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:27:   country.exe (ID = 121818)18:27:   d_icons_buttons_bbar12.res (ID = 121828)18:27:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:27:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:27:   d_icons_buttons_bbar9.res (ID = 121838)18:27:   installation hotbar tools.exe (ID = 62332)18:27:   9a45baa9-bc03-417c-a168-fd2d0d (ID = 192666)18:27:   d_icons_buttons_2000.res (ID = 121823)18:27:   d_icons_buttons_1000.res (ID = 121822)18:27:   70889563-5d0a-46c4-a1fc-c084c4 (ID = 216235)18:27:   a0010281.exe (ID = 121818)18:27:   d_icons_buttons_bbar6.res (ID = 121835)18:27:   d_icons_buttons_bbar7.res (ID = 121836)18:27:   d_icons_buttons_bbar2.res (ID = 121831)18:27:   d_icons_buttons_bbar7.res (ID = 121836)18:28:   d_icons_buttons_x.res (ID = 121839)18:28:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015211.exe". Accès refusé18:28:   a0007556.exe (ID = 121818)18:28:   d_icons_buttons_3000.res (ID = 121824)18:28:   58dffb53-fb9f-428b-8746-d56607 (ID = 216235)18:28:   a0015223.dll (ID = 154118)18:28:   8dfa1a4f-fa31-48f5-84b0-b94a1b (ID = 154118)18:28:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015237.dll". Accès refusé18:28:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:29:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015229.dll". Accès refusé18:29:   d_icons_buttons_2000.res (ID = 62279)18:29:   d_icons_buttons_1000.res (ID = 121822)18:29:   d_icons_buttons_2000.xip (ID = 114390)18:29:   d_icons_buttons_2000.xip (ID = 114390)18:29:   d_icons_buttons_bbar3.res (ID = 121832)18:29:   d_icons_buttons_bbar5.res (ID = 121834)18:29:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:29:   d_icons_buttons_3000.res (ID = 62281)18:29:   d_icons_buttons_bbar6.res (ID = 121835)18:29:   d_icons_buttons_bbar1.res (ID = 121825)18:29:   icons2.xip (ID = 121862)18:29:   20d24ea0-e335-4323-97ce-894e40 (ID = 154110)18:29:   a0006642.exe (ID = 121818)18:29:   d_icons_buttons_2000.res (ID = 121823)18:30:   d_icons_buttons_bbar10.res (ID = 121826)18:30:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:30:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:30:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:30:   d_icons_buttons_bbar3.res (ID = 121832)18:30:   d_icons_buttons_bbar7.res (ID = 121836)18:30:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:31:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 3046618:31:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:31:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 1140418:31:   d_icons_buttons_bbar9.res (ID = 121838)18:31:   a0005145.exe (ID = 121818)18:31:   d_icons_buttons_1000.res (ID = 121822)18:31:   96400ee8-62ad-4d7c-8338-00267b (ID = 216235)18:32:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:32:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000232.exe". Accès refusé18:32:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:32:   d_icons_buttons_1000[1].xip (ID = 114339)18:32:   d_icons_buttons_bbar12.res (ID = 121828)18:32:   d_icons_buttons_bbar2.res (ID = 121831)18:32:   a0008400.exe (ID = 121818)18:32:   d_icons_buttons_bbar2.res (ID = 121831)18:32:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:32:   d_icons_buttons_bbar2.res (ID = 121831)18:32:   tsd_bg.res (ID = 62382)18:32:   t2_bg.res (ID = 121851)18:32:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:32:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p17\a0008874.exe". Accès refusé18:33:   c81c666e-c404-4d9f-900e-dc3cdc (ID = 154118)18:33:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:33:   progress.res (ID = 62367)18:33:   default_hotbarcom.mnu (ID = 121820)18:33:   d_icons_buttons_2000[1].xip (ID = 114390)18:33:   tsd_bg.res (ID = 62382)18:33:   t2_bg.res (ID = 121851)18:33:   progress.res (ID = 62367)18:33:   default_hotbarcom.mnu (ID = 121820)18:33:   c0afa33a-e586-47ed-a1b2-658fec (ID = 154110)18:33:   7611f227-ca1b-4a4e-9c4e-9f6228 (ID = 154118)18:33:   d_icons_buttons_3000.res (ID = 121824)18:34:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p8\a0006776.exe". Accès refusé18:34:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015214.exe". Accès refusé18:34:   a0015215.exe (ID = 62375)18:34:   a0015213.dll (ID = 62327)18:34:   Found System Monitor: windows keylogger18:34:   a0008880.exe (ID = 215730)18:35:   a0015210.dll (ID = 62323)18:35:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0004010.dll". Accès refusé18:35:   d_icons_buttons_3000[1].xip (ID = 114353)18:35:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000121.exe". Accès refusé18:35:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0000123.exe". Accès refusé18:35:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0004106.exe". Accès refusé18:35:   fac6d893-6bac-4650-91fc-ea760f (ID = 216235)18:35:   a0015217.dll (ID = 216235)18:35:   d_icons_buttons_3000.xip (ID = 114353)18:35:   tsd_bg.res (ID = 62382)18:35:   t2_bg.res (ID = 121851)18:35:   Warning: Failed to read file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:35:   7a4f69d4-265a-4930-891a-eab7e1 (ID = 154118)18:35:   d_icons_weather.res (ID = 121840)18:35:   29b4b39b-1fff-42fe-a062-871d7c (ID = 62336)18:36:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p38\a0012790.exe". Accès refusé18:36:   e914a157-dfe1-4681-ac4e-15c17f (ID = 62325)18:36:   d_icons_buttons_1000.res (ID = 121822)18:36:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:36:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:36:   d_icons_buttons_2000.res (ID = 121823)18:36:   default_hotbarcom.mnu (ID = 121820)18:36:   s_icons_buttons[1].xip (ID = 130929)18:36:   s_icons_buttons.xip (ID = 130929)18:36:   597566ab-7dd3-4c53-929d-afe66e (ID = 154110)18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015227.dll". Le fichier spécifié est introuvable18:37:   ce0526c7-5ebb-4d45-b49a-5aa86c (ID = 154111)18:37:   65359e16-c54d-4f0f-9be4-906687 (ID = 154110)18:37:   a0004581.exe (ID = 166347)18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p1\a0001337.exe". Accès refusé18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015218.exe". Accès refusé18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015253.exe". Accès refusé18:37:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:37:   whitelist[1].xip (ID = 208925)18:37:   a0015225.exe (ID = 154120)18:37:   progress.res (ID = 62367)18:37:   d_icons_buttons_bbar1.res (ID = 121825)18:37:   country.exe (ID = 121818)18:37:   a0017728.dll (ID = 188712)18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p33\a0010794.dll". Le fichier spécifié est introuvable18:37:   tsd_bg.res (ID = 62382)18:37:   t2_bg.res (ID = 121851)18:37:   progress.res (ID = 62367)18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015243.dll". Accès refusé18:37:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015236.exe". Accès refusé18:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015244.dll". Accès refusé18:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015204.dll". Accès refusé18:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015240.dll". Accès refusé18:38:   qmrfmkbo.exe (ID = 197158)18:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015224.exe". Accès refusé18:38:   a0016814.dll (ID = 154111)18:38:   a0016813.dll (ID = 154110)18:38:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:38:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 58918:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015231.dll". Accès refusé18:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015232.dll". Accès refusé18:38:   icons2.res (ID = 121846)18:38:   Warning: Failed to open file "c:\system volume information\_restore{f75eec69-6e97-419b-93b4-6a3a275301c4}p47\a0015219.dll". Accès refusé18:39:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Stream read error18:39:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Magic ID "FILE" expected but not found18:40:   Warning: PerformFileOffsetMatch Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 1500918:40:   Warning: Failed to check file "C:\WINDOWS\system32\browsela.dll". Sector size must be 512 bytes, not 1500918:40:   d_icons_buttons_bbar13.res (ID = 121829)18:40:   d_icons_buttons_bbar14.res (ID = 121829)18:40:   upgradeinfo[1].ver (ID = 162972)18:41:   d_icons_buttons_bbar13.res (ID = 121829)18:41:   d_icons_buttons_bbar14.res (ID = 121829)18:41:   drsmartload.dat (ID = 198788)18:41:   a0008844.cfg (ID = 188711)18:41:   azesearch.inf (ID = 50329)18:41:   progress.xip (ID = 62368)18:41:   hotbar_promo.xip (ID = 114346)18:41:   email-def-email-backgrounds.mnu (ID = 121844)18:41:   email-premium-email-premium.mnu (ID = 121844)18:41:   email-def-511724-9595.mnu (ID = 121842)18:41:   email-def-511745-514279.mnu (ID = 121844)18:41:   email-def-511724-9696.mnu (ID = 121842)18:41:   email-def-511724-548964.mnu (ID = 121841)18:41:   upgradeinfo[1].ver (ID = 162972)18:41:   linkpathlegal.txt (ID = 121849)18:41:   samplegroups2.xip (ID = 208933)18:41:   linkpathlegal[1].xip (ID = 121866)18:41:   linkpathlegal.xip (ID = 121866)18:41:   linkpathlegal.txt (ID = 121849)18:41:   d_icons_buttons_logos[1].xip (ID = 62284)18:41:   d_icons_buttons_logos.xip (ID = 62284)18:41:   d_icons_buttons_logos.res (ID = 62295)18:41:   d_icons_buttons_other[1].xip (ID = 62284)18:41:   d_icons_buttons_other.xip (ID = 62284)18:41:   d_icons_buttons_other.res (ID = 62295)18:41:   progress[1].xip (ID = 62368)18:41:   progress.xip (ID = 62368)18:41:   d_icons_buttons_bar[1].xip (ID = 62284)18:41:   d_icons_buttons_bar.xip (ID = 62284)18:41:   d_icons_buttons_bar.res (ID = 62295)18:41:   d_icons_buttons_bbar13[1].xip (ID = 114341)18:41:   d_icons_buttons_bbar13.xip (ID = 114341)18:41:   d_icons_buttons_bbar13.res (ID = 121829)18:41:   d_icons_buttons_bbar14[1].xip (ID = 114341)18:41:   d_icons_buttons_bbar14.xip (ID = 114341)18:41:   d_icons_buttons_bbar14.res (ID = 121829)18:41:   business_promo[1].xip (ID = 121856)18:41:   business_promo.xip (ID = 121856)18:41:   hotbar_promo[1].xip (ID = 114346)18:41:   hotbar_promo.xip (ID = 114346)18:41:   samplegroups2[1].xip (ID = 208933)18:41:   default_mails.mnu (ID = 121821)18:41:   email-def-511724-9595.mnu (ID = 121842)18:41:   email-def-511724-548964.mnu (ID = 121841)18:41:   ads[1].xip (ID = 121855)18:41:   ads.xip (ID = 121855)18:41:   ads.cdf (ID = 121815)18:41:   hotbar-premium[1].xip (ID = 114359)18:41:   hotbar-premium.xip (ID = 114359)18:41:   hotbar-premium.cdf (ID = 12184

Utilisateur anonyme · Answer

Re,Peux tu remettre un HijackThis?A+

Dovanz · Answer

STOP Regis g reussi a l'enlever si ca interesse quelqu'un avec NOD32 antivirus seul moyen. en mode analyse ca marche quand il le detecte surplace ca marche pas. si tu veux le mettre en tuto sur le site
a d'autres lieux et merci beaucoup de t'être derangé !!!

Logfile mode sans echec smitfraudfix

43 réponses

Votre réponse

Discussions similaires

Newsletters